Suppose implement the Shamir secret sharing as following: we select a degree d p
ID: 648130 • Letter: S
Question
Suppose implement the Shamir secret sharing as following: we select a degree d polynomial P with a zero coefficient of 0, and all other coefficents selected randomly from Zp; and to this polynomial P, we add the secret as a constant term Q=P+secret. If we use Q as the polynomial in our Secret Sharing scheme, this is precisely equivalent to Shamir's scheme.
Now my question is : what if we multiply instead of add? That is, what if we select P as above, except with a random 0th coefficient as well, and compute Q=P
Explanation / Answer
For security in Shamir secret sharing we need that the coefficients of the polynomial are independent and uniformly random in the field. Multiplying the polynomial by a constant from the field does not change this, so yes, you can do it and still be secure.
In fact, in multiparty computation, something akin to this is done when we want to privately multiply a secret shared value by a known, public constant. We multiply each share by that constant. The effect of this is multiplying the polynomial by the constant.
Obviously there are some corner cases to consider. The secret cannot be 0. If the constant term of the polynomial is 0, you might also run into problems (depending on the application).
It is important that the secret you multiply by is in fact a single element from the field and not a polynomial itself. If it is a polynomial, then two problems occur. The coefficients are no longer independent and the degree of the polynomial changes.
Without knowing your application, however, it it hard to say whether or not this is useful. Can you still recover the original secret? Only if you know the constant term of the original polynomial, right?