On Feb 23, 2009, at 1:05 PM, s...@acw.com wrote:

Is it possible that the amount of information that the knowledge of a
sub-threshold number of Shamir fragments leaks in finite precision setting
depends on the finite precision implementation?

For example, if you know 2 of a 3 of 5 splitting and you also know that
the finite precision setting in which the fragments will be used is IEEE
32-bit floating point or GNU bignum can you narrow down the search for the
key relative to knowing no fragments and nothing about the finite
precision implementation?

I'm not sure what is the motivation for all this. Shamir's scheme is supposed to be done over a finite field (or else, as was previously pointed out, there are issues with sampling a uniform element of the field). Since we have fields of size 2^k for all k, any bit-string can be encoded nicely in a finite field of appropriate size. (And very long strings can be broken into shorter chunks, each chunk being shared on its own.)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to