Verifiable Secret Redistribution for Threshold Sharing Schemes (CMU-CS-02-114)

We present a new protocol for verifiably redistributing secrets from an (m,n) threshold sharing scheme to an (m',n') scheme. Our protocol guards against dynamic adversaries. We observe that existing protocols either cannot be readily extended to allow redistribution between different threshold schemes, or have vulnerabilities that allow faulty old shareholders to distribute invalid shares to new shareholders. Our primary contribution is that in our protocol, new shareholders can verify the validity of their shares after redistribution between different threshold schemes.