Protected Fair Secret Sharing Based Bivariate Asymmetric Polynomials in Satellite Network

Yanyan Han,Jiangping Yu,Guangyu Hu,Chenglei Pan,Dingbang Xie,Chao Guo,6,＊and Abdul Waheed

1Department of Electronics and Communication Engineering,Beijing Electronics Science and Technology Institute,Beijing,100070,China

2State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an,710126,China

3Department of Cryptography and Technology,Beijing Electronics Science and Technology Institute,Beijing,100070,China

4Department of Cyberspace Security,Beijing Electronic Science and Technology Institute,Beijing,100070,China

5School of Communication Engineering,Xidian University,Xi’an,710126,China

6Institute of Information Engineering,Chinese Academy of Sciences,Beijing,100093,China

7University of Management Technology,Lahore-Pakistan,55300,Pakistan

Abstract: Verifiable secret sharing mainly solves the cheating behavior between malicious participants and the ground control center in the satellite network.The verification stage can verify the effectiveness of secret shares issued by the ground control center to each participant and verify the effectiveness of secret shares shown by participants.We use a lot of difficult assumptions based on mathematical problems in the verification stage, such as solving the difficult problem of the discrete logarithm,large integer prime factorization, and so on.Compared with other verifiable secret sharing schemes designed for difficult problems under the same security,the verifiable secret sharing scheme based on the Elliptic Curve Cryptography (ECC)system has the advantages of less computational overhead and shorter key.At present, the binary polynomial is a single secret scheme and cannot provide effective verification.Therefore,based on a Protected Verifiable Synchronous Multi Secret Sharing (PVS-MSS)scheme, this paper is designed based on bivariate asymmetric polynomials.The advanced verifiable attribute is introduced into the Protected Secret Sharing(PSS)scheme.This paper extends the protected synchronous multi-secret sharing scheme based on bivariate polynomial design.The ECC system constructs the security channel between the ground control center and participants and constructs the verification algorithm.Through the verification algorithm, any participant can verify the consistency and effectiveness of the secret shadow and secret share received from other participants or presented by the secret distribution center.Therefore, no additional key agreement protocol is required; participants do not need to negotiate the session key for encryption; the secret share polynomial can generate the session key between participants and speed up the secret reconstruction process.The verification stage has lower computational complexity than the verifiable scheme constructed by Rivest Shamir Adleman(RSA)and other encryption methods.Chinese Remainder Theorem (CRT)is used to update the secret shadow.The secret shadow does not need to be updated with the change of the scheme shared secret, and the public value update efficiency is higher.Reduce the complexity of sharing secret updates in a synchronous multi-secret sharing scheme.

Keywords: Multi-secret sharing; binary asymmetric; verifiable synchronization;protected;satellite network

1 Introduction

A Satellite network is a comprehensive information system composed of different types of satellites in different orbits, ground control centers, and user terminals.It has the characteristics of wide coverage and flexible networking and is widely used in military, resource survey, meteorology, and other fields.However, Li et al.proposed a resource allocation scheme [1].Md introduces a method to save satellite space [2].However, due to the available deployment of satellites, limited onboard resources,transmission data is easy to be intercepted,and other security threats,the secret protection in the process of satellite transmission has also become particularly important.

In 1979,Shamir and Blakley proposed(t,n)threshold secret sharing theory[3,4].Which will be a secretDintonshares, as long as there is greater than or equal totparticipants can reconstruct secretsD, and less thantparticipants cannot reconstruct secretD.However, the threshold theory can reconstruct secretDthrough Lagrange interpolation, but it can not ensure its effectiveness for malicious participants and ground control center fraud.There is no guarantee of its effectiveness.Ghodosi analyzed the schemes of Harn et al., which can not detect cheaters in a wide range in the threshold theory[5,6].Liu et al.proposed a quadratic polynomial algorithm to identify deception[7].Lin et al.solved the problem that secret reconstruction is not deceived by releasing secret shadows simultaneously[8].Han pointed out that Theorem 3 related to asynchronous network attack in secret sharing scheme in Tian et al.is incorrect[9,10].To solve the problem of dishonest participants releasing false secret shares during secret reconstruction, Harn et al.proposed a synchronous rational secret sharing scheme [11].Harn proposed a new verifiable multi-secret sharing scheme, while Gu made Harn’s scheme more flexible[12,13].Lin proposes a verifiable identity method[14].Jin et al.proposed a secret sharing scheme based on images, but it costs a lot [15].Javeed et al.proposed a method to implement ECC [16].Xue et al.proposed a group key protocol.They shared group key switching authentication between satellites based on secret sharing technology,but they can not verify the secret share and have a high overhead[17].

Many secret sharing technologies exist in satellite network secret sharing schemes, such as literature[18].We need to ensure the security of multiple nodes in the communication requirements of satellite networks.And the secret-sharing verification shall be distributed in the ground control center and each node satellite.We propose a verifiable secret sharing scheme based on binary asymmetric polynomials.At present, verifiable secret sharing schemes based on bivariate polynomial design are all single secret sharing schemes[19];Secondly,the primary purpose of the design is to construct an efficient verifiable secret sharing protocol in the presence of different numbers of cheaters.Research status of secret sharing scheme based on bivariate polynomial design: PSS scheme lacks various additional attributes to resist separate spoofing attacks and is suitable for different scenarios [20];Reference[21,22],a simple multi-secret sharing scheme,can’t resist the invasion of semi-honest people;The Verifiable Multi-Secret Sharing (VMSS)in reference [23] has no protected characteristics.The primary purpose of this scheme research is the verifiable attribute introduced into a secret sharing scheme with protected features like the PSS scheme.Secondly, it extends the similar design of [24]synchronous multi-secret sharing scheme to make it more widely used.The scheme has the following advantages:

■There is no need for a secure channel between that secret distribution center and the participant.

■No additional key agreement protocol is needed:Participants do not need to negotiate extra session keys for encryption.The secret share polynomial can generate session keys among participants,thus accelerating the process of secret reconstruction.

■Protected:The pairwise session key generated by a share polynomial can protect the information exchange between participants in the process of secret reconstruction and resist external attacks.

■ECC realizes verifiable attributes.The verification phase has lower computational complexity than verifiable schemes constructed by RSA and other encryption methods.

■Synchronous multi-secret sharing:the number of optional shared secrets in the secret distribution center is flexible.A single secret reconstruction process can reconstruct multiple shared secret values according to different situations.

Although literature [25] proposed placing some calculations below the ground or LEO, it does not introduce security issues.Therefore, to ensure security under the same premise, we achieve less computing cost, shorter key, and save system resources according to the characteristics of limited satellite resources and limited bandwidth.The ECC system constructs the safety channel between the ground control center and the node satellite.Using CRT to update the secret shadow,the ground control center only needs to publish part of the public value, which makes the public value update more efficient.

2 Preliminary Knowledge

2.1 Shamir Threshold Theory

2.1.1 Key Construction

LetPbe a prime number andkbe the keyk∈GF(P),and the key distribution centerDrandomly selects ant-1 order polynomialb(x)onGF(P),andk=b(0).The key distribution center calculateski=b(i),i=1,2,3,...,n,kidistributed to participants as secret sharesPi.

2.1.2 Key Reconstruction

When there aretparticipantsP1,P2,P3,...,Pt.We can reconstruct secretkby Lagrange interpolation,and the formula is:

2.2 CRT

Any two primen1,n2,...,ns,anya1,a2,...,asto make ?a∈Zcontent with

Set upMi=M/ni,ti=M-1imodni,then

3 The Project Design

3.1 System Model

Fig.1 describes the process of participants receiving secrets.Participants’environment is changeable, such as the ocean, wild, etc.Of course, there are various participants, such as individual participants on the ground,ground satellite stations,or satellites in orbit in the air.First,the ground control center distributes secret shares and sends broadcast parameters to Geostationary Earth Orbiting(GEO).Then,GEO sends it to each participant or Low Earth Orbiting(LEO)through the link to get the corresponding secret share.At this time,each participant will generate a unique session key and communicate with each other.The secret can be reconstructed under two different thresholds when ensuring that the participants are honest.

Figure 1:Satellite network secret sharing scheme model

3.2 System Initialization

Suppose there is a trusted ground control centerD,a set of actors{P1,P2,...,Pn}.Eis an elliptic curve defined on a finite fieldFq.Whereqis a large prime number that is not equal to 2 or 3.T∈E(Fq)is the base point of an elliptic curveEwith upper order?.Public information is {Fq,E,T}.Dselect primep0＜?,ndifferent positive integersp1,p2,...,pnmeet the following properties:

■p0＜p1,i=1,2,...,n.

■p1,p2,...,pnmutual prime.And greater than 1.

Perform the following steps betweenDandPi(i∈[1,n]) to transmit the master secret shadowp1,p2,...,pnto the participants(for the multi-purpose secret sharing scheme,this stage only needs to be performed once.):

■Step 1:Dselects integerdas its private key, satisfies 1＜|d|＜?, calculates, and disclosesG=dTas its public key.

■Step 2:Each participantPi,1 ≤i≤nrandomly selects an integernias its private key,satisfies 1＜|ni|＜?,calculatesTi=niTas its public key,and makes it public.IDiis the identity of participantPi,1 ≤i≤n.To ensure the inconsistency between different participantsTiandIDi,Dwill request to updateTiandIDiuntil wheni/=j,IDi/=IDjandTi/=Tjtake(Ti,IDi)public information forPi.

■Step 3:BothDandPican use their private keys and public information to calculate public keysGi=dniT=(xi,yi).

■Step 4:Dcalculates and broadcastsci=pixi,i∈[1,n],Gi=dniT=(xi,yi).

■Step 5:When any participantPireceivesci,it can use its private keynito getGi=dniT=(xi,yi)and then calculatepi=cii∈[1,n].

Finally,the ground control centerDand participantPigot the primary secret shadowpi.

3.3 The Secret to Distribute

SupposeDwants to shareksecretss0,s1,...,sk-1and perform secret distribution in the following two cases.

Case 1:When the number of secrets to be shared,kis less than or equal to the threshold valuet.

Step 1:Dconstructs the following binary asymmetric polynomials with the orderxast-1 and orderyash-1,h ＞t(t-1):

There arekcoefficients about thexterm inf(x,y) and {s0,s1,···,sk-1} is a shared secret set among them.

Step 2:Dselectnrandom integersp0≤yi ＜pi,i∈[1,n],so thatxigenerated byxi=yimodpiisnunequal integers.

Step 3:Dcalculate the secret sharef(xi,0)mod?,i∈[1,n],A0=s0T,A1=s1T,...,Ak-1=sk-1TandAk=a0,0T,Ak+1=a1,0T,...,At-1=at-k-1,0T.

Step 4:Dcalculates the unique integerXmodcalculates anyX≡yimodpiusing CRT and value set{y1,y2,...,yn}and value set{p1,p2,...,pn}.

Step 5:Dcalculates the secret polynomials(x) =f(x,IDi)mod?,(y) =f(IDi,y) mod?encrypts them with the participant’s public key and elliptic curve cryptography,and sends them to the participant{P1,...,Pn}.

Step 6:Open{X,f(x1,0),f(x2,0),...,f(xn,0),A0,A1,...,At-1}.

Case 2:The number of secrets to be sharedkis greater than the threshold valuet.

Step 1:Dconstructs the following binary asymmetric polynomials with the orderxast-1 and orderyash-1:

There arekcoefficients about thexterm inf(x,y), and {s0,s1,···,sk-1} is a shared secret set among them.

Step 2:Dselectnrandom integersp0≤yi ＜pi,i∈[1,n],so thatxigenerated byxi=yimodpiisnunequal integers.

Step 3:Dcalculate the secret sharef(xi,0)mod?,i∈[1,n],A0=s0T,A1=s1T,...,Ak-1=sk-1T.

Step 4:Dcalculates the unique integerXmod ∏ni=1pi, and calculates anyX≡yimodpiusing CRT and value set{y1,y2,...,yn}and value set{p1,p2,...,pn}.

Step 5:Dcalculates the secret polynomials(x) =f(x,IDi)mod?,(y) =f(IDi,y)mod?,encrypts them with the participant’s public key and elliptic curve cryptography,and sends them to the participant{P1,...,Pn}.

Step 6:Dcalculatesh1=f(1,0),h2=f(2,0),...,hk-t=f(k-t,0)and discloses it in[26,27].

Step 7:Open{X,f (x1,0),f (x2,0),...,f (xn,0),A0,A1,...,Ak-1}.

3.4 Secret Verification

Because the PVS-MSS scheme has protected properties,resistance to reconstruct phase external attacks,but internal attackers,will reduce the schema’s safety.Because internal attackers can be arbitrary tamper with the secret shadow,whether conspired with the collusion attack,internal attackers benefit maximization (the remaining honest refactoring can’t get the Shared secret).Therefore, the scheme of PVS-MSS has two different secret numbers.Takingk≤tas an example, we use elliptic curve addition structure to realize the following verification algorithm:

■Step 1: Any refactorPican verify whether the secret sharef (xi,0)mod?disclosed by the ground control centerDis correct by the following verification equation.

■Step 2: The PVS-MSS scheme does not lose generality.Any reconstructorPican verify the secret shadowxjsent by other participants through the following verification equation.

3.5 Secret Refactoring

In the secret reconstruction stage, if the set of reconstructors participating in the protocol is{P1,P2,...,Pm}.

Step 1: Any two reconstructorsPiandPjcan obtain the shared session key by combining the identity informationIDiandIDjcalculating their secret share polynomial:

Step 2: Any reconstructorPiuseski,jto calculateci,j=Encki,j(xi).ci,j=Encki,j(xi) will sendPjthrough the authenticated broadcast channel?.Encki,j(xi)represents symmetric encryption.Similarly,any reconstructorPjcalculatescj,i=Encki,j(xi) using the keyki,jand sends it toPithrough the authenticated broadcast channel?.

Step 3: When the reconstructorPireceives ciphertextcj,i,j∈ {1,2,...,u}{i},Pican decrypt ciphertextDecki,j(cki,j)=xjseparately,Decki,j(cj,i)represents the ciphertextcj,idecrypted withkj,i.

Step 4: Each refactorer is divided into the following two cases to reconstruct the shared secret value:

■Case 1:When the number of shared secretskis less than or equal to the threshold valuet:

■Case 2:When the number of shared secretskis greater than the threshold valuet:

The coefficient set{s0,s1,...,sk-1}inf(x,0)is the reconstructed secrets.

3.6 The Secret to Update

When the PVS-MSS scheme shares a secret update, the polynomial constructed by the synchronous multi-secret sharing scheme also needs to be updated, and the public value of the scheme also needs to be updated.YCH and other schemes adopt a bivariate univariate function to ensure that the ground control centerDdoes not need to re-issue secret shadow to each participant for the next new secret sharing [28].The master secret shadow of the scheme is also multi-purpose without initialization.Only the ground control centerDneeds to update some public values.In particular, the newXis very high.According to the CRT theorem in Section 2.2 of this paper,requirementMi≡ 1 modpionce the valueMiM′i,i= 1,2,...,nis calculated byD, can be saved and reused.Each secret update stage,Donly needs to select a newyiand useMiM′ito calculate a newXdisclosure.

4 Project Analysis

4.1 Correctness Analysis

Theorem 4.1: The PVS-MSS scheme has any reconfigurable secret greater than or equal totreconfigurator.

Prove: Supposet≤m≤nreconstructor sets {P1,P2,...,Pm} to want reconstruct the shared secret,in which any refactorersPiandPjcontent ?i,j∈[1,m]andi/=j.When the number of shared secretskis less than or equal to the threshold valuet, the orderf(x,0) is known to bet- 1, and any reconstructorPiuseski,jencryption to calculateci,j=Encki,j(xi) and sends it toPjthrough the authenticated broadcast channel?.Similarly,any reconstructorPjcalculatescj,i=Encki,j(xi)using the keyki,jand sends it toPithrough the authenticated broadcast channel?.When the reconstructorPireceives the ciphertextcj,i,j∈{1,2,...,u}{i}.Pican decrypt the ciphertextDecki,j(cj,i)=xj.Separately because the polynomialf(x,0)containing the secret value is a univariate polynomial,Pigetsxj,j=1,2,...,m,j/=i,f(x1,0),f(x2,0),...,f(xm,0) disclosed by ground control center is exactlympairs of interpolation points onf(x,0).Using Lagrange interpolation polynomial, the uniquef(x,0) can be obtained from Eq.(9).Similarly,when the number of shared secretskis greater than the threshold valuet, it is known that orderf(x,0) isk-1, after any refactorerPiobtainsm-1xjthrough the secret refactoring phase.Combined with the public value of the ground control center, it is exactly them+k-tpairs of interpolation points onf(x,0).Using Lagrange interpolation formula and secret sharing homomorphism,get a uniquef(x,0)from Eq.(10).The coefficient set{s0,s1,...,sk-1}inf(x,0)is the reconstructed secrets.

4.2 Safety Analysis

Theorem 4.2:Whenk≤tork ＞t,When the scheme satisfies the conditionth ＞(t-1)(t+h)orkh ＞(t-1)(t+h)+(k-t),any access set composed of less thantrefactorers cannot be reconstructed.And no one can get any secret information.

Prove: The secret sharef(IDi,0)modpis generated by the secret polynomial.The secret share is used as the interaction value during reconstruction.The secret shadow is the public valueIDi;the secret share of the PVS-MSS scheme is the public valuef(xi,0)mod?, and the secret shadowxiis the interaction value during reconstruction.Under the two schemes,the information obtained by the internal conspirators is of the same nature and the same attack methods,and both are to reconstructf(x,0).Therefore,the proof process of this theorem is the same as that of Theorem 4.1 in Section 4.1 of this paper,so it will not repeat here.

Theorem 4.3:The main secret shadowp1,p2,...,pnin the scheme cannot calculate from the public parameterG,Ti,ci.

Prove: Suppose an attackerAwants to calculate the main secret shadowp1,p2,...,pnfrom the public parameterG=dT,Ti=niT,ci=pixdniT.UnlessAcan calculatedniT=(xdniT,ydniT) fromTi=niT,G=dT, which is equivalent to solving the computational Diffie-Hellman problem on elliptic curves or directly solvingTi=niT,G=dTis equivalent to solving the discrete logarithm problem of an elliptic curve (ECDLP).We can’t solve these problems under the current computing power..Therefore,only after the participantPiuses its private keynito calculateniG=nidT,can it obtain the corresponding master secret shadowpi.

Theorem 4.4:It is computationally difficult to calculate the secrets0,s1,...,sk-1from the public valueA0,A1,...,Ak-1.

Prove:Ai=siT,Ai∈＜T ＞is the public value used in the verification phase.If the attackerAwants to obtainsidirectly from the public valueAi=siT.In that case it is equivalent to solving the discrete logarithm problem on an elliptic curve (ECDLP).So it isn’t easy to calculate secretss0,s1,...,sk-1.

Theorem 4.5:The scheme resists internal and external attacks in the reconstruction process.

Prove:Suppose there is an internal attackerA,who has identity informationIDiand secret shadowxi.His attack method is to provide a false secret shadowx′ito the honest reconstructor in the process of secret reconstruction.The valuesf(xi,0),i=1,2,...,nandAk,k=1,2,...,t-1 used for verification in the verification phase of the scheme are both public.At this time,any reconstructorPicalculatesR=Akand checks whether the equationR=f(xi,0)Tis true.If inequalityR/=f(xi,0)Tholds,thenAis identifie as an internal attacker.

In the reconstruction process, The encryption of the session keyki,jprotects the interaction between any two reconstructorsPiandPj.The secret polynomial generates the session key.Therefore,the external enemy without any secret share polynomial information cannot participate in the reconstruction process to steal the secret.

5 Scheme Comparison and Performance Analysis

The PVS-MSS scheme’s main parameters, characteristics, and cost are compared with existing schemes.Compared with synchronous multi-secret sharing schemes such as[21,28-31],the PVS-MSS scheme introduces verifiability.There is no need to maintain an additional secure channel between the ground control center and participants.Compared with the verifiable multi-secret sharing schemes in [23,32-35], PVS-MSS scheme participants do not need additional key negotiation mechanisms,which reduces the actual operating cost of the scheme.In the PVS-MSS scheme, the security of the safety channel between the ground control center and participants is based on the Discrete Logarithm Problem of Elliptic Curve (ECDLP).In [32], security is based on the Discrete Logarithm Problem(DLP).Under the same security level, the required parameter bit length is smaller.The amount of calculation is smaller.For example,under the security of 256 bits of the symmetric key,the minimum bit length of the parameter?of the PVS-MSS scheme is 512,while under the same security level,the bit length of Rivest Shamir Adleman/Digital Signature Algorithm(RSA/DSA)module is at least 15360.When the key length is the same,there is little difference between ECC and RSA.Therefore,the PVSMSS scheme requires fewer resources and faster calculation speed based on the ECC initialization and verification stage.Compared with [23], whenk ＞t, ifkis close tot, the updated public value of PVS-MSS scheme is less.As shown in Tab.1,the main parameters and attributes of synchronous multi-secret sharing are compared in detail.The scheme in this paper has the characteristics of shadow update,verifiability,and less public values.

Table 1: Comparison of synchronous multi secret sharing schemes

Table 1:Continued

In the initialization stage of the PVS-MSS scheme, the ground control center and participant calculateGi,Ti,Gby elliptic curve scalar multiplication.Therefore,there are 3n+1 elliptic curve scalar multiplication operations.This calculation process is for the reusability of secret shadows and only needs to be performed once.In the secret distribution stage, the ground control center executes the algorithm in two different cases, including the secret polynomial calculation of each participant.At this time,only the main operations are considered.The two different cases aretandktimes elliptic curve scalar multiplication,respectively.In the secret verification phase,each participant needstelliptic curve scalar multiplication operations to verify a single secret shadow.It needst2elliptic curve scalar multiplication operations to verify its correctness and other secret shadows.In the secret reconstruction stage, the PVS-MSS scheme shares the secret on the coefficient off(x,0), so the calculation cost in the secret reconstruction stage is the same as that in the scheme [23,28,30,31,33,36], both of which are Lagrange interpolation calculations,and the worst is Lagrange interpolation ofkpoints.SupposeTMis the operation time of elliptic curve scalar multiplication.THis the operation time of bivariate one-way function.TL(t)is the operation time oftpoint interpolation.TEis the BP operation time on the elliptic curve.Teq(t)is the solution operation time oftlinear equations.TPis the modular power operation time.Tab.2 shows the comparison of computing overhead.We can find the running time required by the PVS-MSS scheme.The scheme calculates the overhead in the distribution phase;whenk≤t,it istTM;whenk ＞t,it iskTM.The scheme calculates the cost of the verification phase;whenk≤t,it ist2TM;whenk ＞t,it isk2TM.This scheme calculates the cost of the reconstruction phase;whenk≤t,it isTL(t);whenk ＞t,it isTL(k).

Table 2: Comparison of computing overhead

6 Parameter Analysis

6.1 Secret Share Leakage Probability of Satellite Nodes

Reference [38] shows that the probability of secret share leakage of a single satellite is an exponential function,expressed byf(x),and the function varying with timexis:

We can see from Fig.2 that the abscissa shown in the figure below is time, and the ordinate is leakage probability.With the increase of timeX,the leakage probability also increases,and the lower the leakage rateλat the initial time,the lower the leakage probability at the same time.

Figure 2:Secret failure rate

6.2 Satellite Network Security Quality

Reference [39] shows that the key of each satellite network node is different.Hence, the attack onasatellite nodes is aaBernoulli process,and the probability that the secret share obtained by the attacker is less thantin one cycle:

Whena=25,λ=0.015,Fig.3 shows the impact of the threshold valuet,and key cycleFupdate on satellite network security.Pincreases with the increase oft,and the threshold valuetalso increases with the increase of cycleF.

Figure 3:Satellite network security quality

7 Conclusion

It is advanced to propose a protected synchronous multi-secret sharing scheme based on binary asymmetric polynomials.It is very advanced to introduce verifiable attributes into the PSS scheme.This scheme extends the protected synchronous multi-secret sharing scheme based on binary polynomial design.This scheme is suitable for the secret sharing of satellite networks.The ECC system is used to interact with the main secret shadow safely, and a verification algorithm is constructed.Through the verification algorithm,any participant can verify the consistency and effectiveness of the secret shadow received from other participants or the secret share presented by the ground control center.We discuss the correctness of the algorithm in Section 4.1 of this paper.Whether the number of shared secrets is greater than or less than the threshold,we can get the unique polynomial from the Lagrange difference formula and the additive homomorphism of secret sharingf(x,0).We discussed security in Section 4.2 of this article.We discuss the security of the algorithm from four aspects.We use ECDLP to ensure that attackers cannot calculate secret shadows from public values;we prove the effectiveness of resisting internal and external attacks in the reconstruction process.In Section 4.3,we discuss the computational overhead of existing schemes.Our algorithm is based on ECDLP for protection,compared with RSA/DSA;when the key is the same at the same security level,the amount of calculation is not different.This scheme uses ECC in the initialization and verification phase,which requires fewer resources and faster computing speed.The Lagrange difference calculates the cost in the secret reconstruction phase,and the worst is the Lagrange difference ofkpoints.The system simulation and other compilation will be completed in further work.The ground control center does not directly issue the secret shadow but uses CRT to calculate the unique public valueX.Participants can calculate the required secret shadow through the main secret shadow andX.When the shared secret needs to be updated,the participant’s main secret shadow and private key do not need to be updated.The public valueXupdate is very efficient,reducing the complexity of sharing secret updates in a synchronous multi-secret sharing scheme, ensuring the security of secrets, and saving satellite network resources.Our scheme can send messages in satellite networks.We can also use it in key management, secure multi-party computing,image,and audio secret sharing.Our scheme is also very suitable for situations where specific participants are present simultaneously.The secret share polynomial can also generate the session key to protect the information exchange between participants.In this way,the participants can communicate without redistributing the key in the secret distribution center,which significantly improves the security of the session and reduces the time of generating the session key.

Acknowledgement:We gratefully acknowledge anonymous reviewers who read drafts and made many helpful suggestions.

Funding Statement:This work is supported by The State Key Laboratory of Integrated Services Networks,Xidian University(ISN22-13).

Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.