中文摘要：

密钥共享方案是现代密码学的一个重要分支,是信息安全和数据保密中的重要手段,在数字签名、安全多方计算、纠错码等领域也有着重要的应用.现有的很多方案都是利用拉格朗日插值多项式而构造,且各参与者的密钥份额由分发者选取并且只能使用一次,需要秘密信道传输信息,在秘密重构时不具有可验证性,一次只能共享一个密钥.针对这些问题,利用非齐次线性递归构造两个可验证门限多重密钥共享方案.在初始化阶段,参与者的密钥份额由自己选取;在分发阶段,根据密钥的重数k与门限值t的大小关系考虑方案的两种情形k?t、k?t,并将共享的多重密钥置于t阶非齐次线性递归的等式中;在验证阶段,改进Dehkordi-Mashhadi的验证算法,使得公开参数的个数从2n+k-t+4降低为n+k+5;在恢复阶段,参与者只须提供伪份额而不会暴露密钥份额,使得重复利用密钥份额成为安全.提出的方案具有可验证性、可以共享多重密钥、密钥份额可以多次使用、只需要公开信道、基于椭圆曲线密码学等特点,同时具有公开参数少、重构多项式次数小的优点,这使得方案更加高效实用.

英文摘要：

Secret sharing scheme is an important branch of modern cryptography. It is also an important tool for information security and data privacy, and has been widely used in digital signatures, secure multiparty computation schemes, error-correcting codes, and so on. In many existing schemes, the construction of secret sharing scheme is mostly based on the Lagrange interpolation polynomial, the secret share is selected and distributed by a dealer and can only be used once, hence a secret channel is needed to transmit the information, only one secret can be shared in one secret sharing process. In the recovery phase, the participants cannot check whether other participants provide the true secret shares. In this paper, two verifiable threshold multi-secret sharing schemes based on non-homogeneous linear recursions are proposed. In the initial phase, the secret share of each participant is selected by himself. In the distribution phase, each scheme can be divided into two cases according tok?tandk?t,and thek multiple secrets are put in the equations of non-homogeneous linear recursions of degreet. In the verification phase, an improved verification algorithm is proposed which improves the Dehkordi-Mashhadi schemes by reducing the number of public values from 2n+k-t+4 ton+k+5. In the recovery phase, each participant just needs to provide a pseudo share instead of the secret share, which makes the reuse of secret share to be secure. The proposed schemes have the following features: verifiable, can share multiple secrets, the reuse of secret shares is possible, only public channels are needed, based on elliptic curves, and have better performance than some other typical schemes, such as less public values and reconstruction polynomial with lower degree.This makes the schemes more efficient and useful in practical applications.