In cryptography, secret sharing refers to any method for distributing a secret among a group of participants, each of which is allocated one or more shares of the secret. The secret can only be reconstructed when a required number of shares are combined together; individual shares are of no use on their own.
A secure secret sharing scheme distributes shares so that anyone with fewer than the required shares has no extra information about the secret than someone with zero shares. Some secret sharing schemes allow the secret to be reconstructed by a subset of the total number of generated shares. Thus, a secret can be reconstructed even when some of the shares are lost or when some of the shareholders are absent.
Conventional secret sharing schemes generally are not resistant to intentionally forged bad secrets. An entity cannot easily verify the authenticity of a secret that is presumably reconstructed from distributed shares. Further, one conventional scheme for secret sharing is to evaluate a polynomial over GF(q) at given points. With this technique, the recipients need to know how many shares are necessary to reconstruct the secret, as the reconstructed secret has no internal structure. Thus, there is a need to develop a secret sharing technique that overcomes the above inherent limitation of the known techniques.