Abstract
We investigate security properties of two secret-sharing protocols
proposed by Fine, Moldenhauer, and Rosenberger
in Sections 4 and 5 of [B. Fine, A. Moldenhauer and G. Rosenberger,
Cryptographic protocols based on Nielsen transformations,
J. Comput. Comm. 4 2016, 63–107]
(Protocols I and II resp.).
For both protocols, we consider a one missing share challenge.
We show that Protocol I can be reduced to a system of polynomial equations
and (for most randomly generated instances)
solved by the computer algebra system Singular.
Protocol II is approached using the technique of Stallings’ graphs.
We show that knowledge of
{m-1}
shares reduces the space of possible values
of a secret to a set of polynomial size.