Dynamic Threshold and Cheater Resistance for Shamir Secret Sharing Scheme Christophe Tartary 1 and Huaxiong Wang 2 1 Centre for Advanced Computing, Algorithms and Cryptography Department of Computing Macquarie University NSW 2109 Australia 2 Division of Mathematical Sciences School of Physical and Mathematical Sciences Nanyang Technological University Singapore {ctartary,hwang}@ics.mq.edu.au Abstract. In this paper, we investigate the problem of increasing the threshold parameter of the Shamir (t, n)-threshold scheme without interacting with the dealer. Our construction will reduce the problem of secret recovery to the poly- nomial reconstruction problem which can be solved using a recent algorithm by Guruswami and Sudan. In addition to be dealer-free, our protocol does not increase the communication cost between the dealer and the n participants when compared to the original (t, n)-threshold scheme. Despite an increase of the asymptotic time complexity at the combiner, we show that recovering the secret from the output of the previ- ous polynomial reconstruction algorithm is still realistic even for large values of t. Furthermore the scheme does not require every share to be authenticated be- fore being processed by the combiner. This will enable us to reduce the number of elements to be publicly known to recover the secret to one digest produced by a collision resistant hash function which is smaller than the requirements of most verifiable secret sharing schemes. Keywords: secret sharing scheme, polynomial reconstruction problem, threshold changeability, insecure network, cheater resistance. 1 Introduction A (t, n)-threshold secret sharing scheme enables an authority called dealer to distribute a secret s as shares amongst n participants in such a way that any group of minimum size t can recover s while no groups having at most t − 1 members can get any informa- tion about s. The recovery process is executed by an authority called combiner. When introduced in 1979 by Shamir [33] and Blakley [1], secret sharing was designed to faci- litate the distributed storage of a secret s in an unreliable environment. Nowadays secret sharing protocols play an important role in group-oriented cryptography [5]. In such a context it is likely to have an attacker trying to recover the secret value s. In addition