Dominik Farhan

xx1,x2,...x \rightarrow x^1, x^2, ...

xix^i should give no information on xx except length.

Simple example

When we need to share a secret among kk parties we create the first k1k-1 xxs randomly and the last one as xk:=xi=1k1xix^k := x \oplus_{i=1}^{k-1}x^i

Threshold schemes (k,l)(k,l)

Divides to kk parts. ll are enough to recover the secret.

We are always calculating in some huge finite field.

(k,2)(k,2)

f(t)=at+bf(t) = at + b f(0)=xf(0) = x f(1)=randomf(1) = \text{random}

generating xix^i:

xi=f(i)x^i = f(i)

(k,l)(k,l)

ff is a polynomial of degree less than ll over a finite field. f(0)=xf(0) = x f(1) up to f(l1) are randomf(1) \text{ up to } f(l-1) \text{ are random}

we share f(1) up to f(k).f(1) \text{ up to } f(k) .

The board from the 3rd lecture, by Martin Mareš, http://mj.ucw.cz/vyuka/2021/kry/.

Lemma I.

If x1,,xtx_1, \dots, x_t are all roots of nonzero polynomial pp then

p(x)=(xx1)(xx2)(xxt)q(x)p(x) = (x-x_1)(x-x_2) \dots (x-x_t) \cdot q(x), where q(x)q(x) is a polynomial with no roots in the field. Which implies that poly with degree dd has atmost the same number of roots.

Lemma II.

If polynomials with a degree less than dd agree in dd points then they are equal.

Proof

r:=pq,deg<d,x1,xd are roots of r    r=0    p=qr := p-q, \text{deg} < d, x_1,\dots x_d \text{ are roots of }r \implies r=0 \implies p =q

Lagrange theorem

For every x1,,xdx_1,\dots, x_d and y1,,ydy_1, \dots, y_d !p deg<d:i[d]:p(xi)=yi\exists ! p \text{ deg} < d: \forall i \in {\left[d\right]}: p(x_i) = y_i.

Lagrange interpolation is a way to find such polynomial.

The board from the 3rd lecture, by Martin Mareš, http://mj.ucw.cz/vyuka/2021/kry/.