Received: 15 October 2016 Revised: 4 June 2017 Accepted: 16 July 2017 DOI: 10.1002/dac.3399 RESEARCH ARTICLE Efficient multisecret sharing scheme using new proposed computational security model Reza Ghasemi 1 Ali Safi 2 Massoud Hadian Dehkordi 2 1 Bu-Ali Sina University, Hamedan, Iran 2 Iran University of Science and Technology, Tehran, Iran Correspondence Massoud Hadian Dehkordi, Iran University of Science and Technology, Tehran, Iran. Email: mhadian@iust.ac.ir Summary A multisecret sharing (MSS) is a method for sharing a set of secrets among some participants. They can recover each of these secrets without endangering the other secrets. Two kinds of security models have been proposed for MSS schemes. These models are categorized into 2 types. The first security model is unconditional security. This approach decreases the efficiency of MSS schemes. Therefore, the second type of security, which is more relaxed, appeared. This approach is called computational security. In this paper, with 2 examples, we will show that the current definition of computational security does not satisfy all of our expectations from a secure MSS scheme. In fact, in these examples, recov- ering a secret leaks information to the other secrets while these schemes are considered secure in view of the computational security. After determining the shortcomings of the current security definition, we propose a new definition for computational security and present an MSS scheme that enjoys rigorous proof of security in terms of the new definition. In addition, a complete comparison in terms of share size, number of public values, and required operations for recovering a secret between our scheme and previous schemes indicates that the presented scheme is efficient. KEYWORDS computational security, multisecret sharing, 1-way function, secret sharing 1 INTRODUCTION There are some situations in which a sensitive informa- tion, say secret, should be protected against losing or dis- ruptive adversaries. In these situations, we cannot rely on 1 party. For example, suppose there is a database which is encrypted by a symmetric cryptosystem. In this case, the used key needs to be protected against malicious adver- saries. Moreover, losing the key makes decryption quietly infeasible. Hence, we need a method for storing sensitive data to guarantee security and decrease the probability of losing. A naive solution is to split the information and assign each of the pieces to a trusted party. This approach is not a proper solution because each of the participants has a piece of the secret that means he/she gains some infor- mation about the secret. Also, losing any piece by these trusted parties makes the data irretrievable. To mitigate these concerns, Shamir 1 and Blakeley 2 independently pro- posed secret sharing. In secret sharing schemes, a secret is distributed among many participants  ={P 1 , … , P n } by assigning each of them a share. This distribution is done in such a way that just predetermined subsets of the partici- pants can recover the secret using their shares. The set of all authorized subset of participants is called access struc- ture and is denoted by Γ. Therefore, unauthorized parties (eg, malicious adversaries or any unauthorized subset of participants) cannot gain any information about the secret. Moreover, it helps to protect the data because losing some Int J Commun Syst. 2017;e3399. wileyonlinelibrary.com/journal/dac Copyright © 2017 John Wiley & Sons, Ltd. 1 of 10 https://doi.org/10.1002/dac.3399