Threshold distributed access control with public verification: a practical application of PVSS

To avoid too strong a trust on any single user in sensitive applications, access control can be managed in a distributed way. Namely, an access right is distributed among multiple users such that the access is available if and only if certain subsets of the users cooperate. The most common condition for qualified subsets is the threshold condition, which requires that the number of cooperating users must be over a threshold. Access control based on such a condition is called TDAC (threshold distributed access control). In publicly verifiable applications, TDAC must provide public verification such that it is publicly verifiable that the multiple users share the correct access right and any qualified subset of them can obtain the access. Although the existing PVSS (publicly verifiable secret sharing) techniques can be employed to implement PVTDAC (publicly verifiable TDAC), they are not efficient enough for practical applications. In this paper, new sharing and proof techniques are proposed to design an efficient PVTDAC protocol, which is formally illustrated to be secure and publicly verifiable.