On Feb 23, 2009, at 1:05 PM, s...@acw.com wrote:
Is it possible that the amount of information that the knowledge of a sub-threshold number of Shamir fragments leaks in finite precision setting depends on the finite precision implementation? For example, if you know 2 of a 3 of 5 splitting and you also know that the finite precision setting in which the fragments will be used is IEEE 32-bit floating point or GNU bignum can you narrow down the search for the key relative to knowing no fragments and nothing about the finite precision implementation?
I'm not sure what is the motivation for all this. Shamir's scheme is supposed to be done over a finite field (or else, as was previously pointed out, there are issues with sampling a uniform element of the field). Since we have fields of size 2^k for all k, any bit-string can be encoded nicely in a finite field of appropriate size. (And very long strings can be broken into shorter chunks, each chunk being shared on its own.)
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
