# **Polynomials, Secret Sharing** 

We defined a **polynomial** in a single variable as an expression that has an associated function: 

$$p(x) = a_d x^d + a_{d-1}x^{d-1} + ... + a_1 x + a_0$$

The *degree* of a polynomial is the largest value for $d$

Two main properties: 

1) A non-zero polynomial of degree $d$ has at most $d$ roots 
    * A polynomial $p(x)$ with distinct roots $a_1, a_2, a_3, ... a_d$ can be written in the form of $(x - a_1) (x - a_2) (x - a_3) (x - a_4) … (x - a_d)$ 


2) Given $d + 1$ pairs $(x_1, y_1), ..., (x_{d+1}, y_{d+1})$ with all $x_i$ distinct, there is a unique polynomial $p(x)$ of degree (at most) $d$ such that $p(x_i) = y_i$ for $1 \leq i \leq d + 1$

The second property is essentially saying that given $d+1$ points, where each $x_i$ is distinct, there is a unique polynomial of degree at *most* $d$ which goes through each one of the points 




### **Polynomials in Modular Space**

Polynomials can be taken to a modulo as well. When this happens, and we have $p(x) \pmod{m}$ where $p(x)$ s a polynomial and $m$ is a prime number, we say that we're working in a **Galois Field** $GF(m)$.

When working in modular space, specifically modulo $m$ (denoted as $\text{mod}(m)$), the number of possible polynomials that can be formed to pass through a given set of points varies based on the number of points you have




Below is a table that summarizes the number of polynomials of degree $\leq d$ over the finite field $F_m$, for various numbers of points:

#### **Table: Number of Polynomials of Degree $\leq d$ over $F_m$**
$$
\begin{array}{|c|c|}
\hline
\textbf{Number of Points} & \textbf{Number of Polynomials} \\
\hline
d+1 & 1 \\
d & m \\
d-1 & m^2 \\
\vdots & \vdots \\
d-k & m^{k+1} \\
\vdots & \vdots \\
0 & m^{d+1} \\
\hline
\end{array}
$$

- **Explanation**: The number of polynomials increases as the number of points decreases. This is because fewer constraints (points) allow for more variations in polynomial coefficients that still satisfy the modular condition.

- **Notation**: $m^{k+1}$ represents the number of polynomials possible for $d-k$ points, where each additional degree of freedom allows multiplying the possibilities by $m$.


### **Polynomial Interpolation - Lagrange Interpolation**

Lagrange Interpolation is an algorithm for constructing a polynomial that passes through a set of given points. 

This method provides a solution for determining a polynomial $p(x) = a_d x^d + \dots + a_1 x + a_0$ based on the given points.


* Remember: Given $d+1$ points, say $(x_1,y_1), \ldots, (x_{d+1},y_{d+1})$, a unique polynomial $p(x)$ of degree $\leq d$ can be constructed that exactly fits these points.

#### **Method:**
1. **Construct Basis Polynomials**:
   Each basis polynomial $\Delta_i(x)$ is defined as:
   $$
   \Delta_i(x) = \prod_{j=1, j \neq i}^{d+1} \frac{x - x_j}{x_i - x_j}
   $$
   Here, $\Delta_i(x)$ is zero at all $x_j$ for $j \neq i$ and 1 at $x_i$.

2. **Form the Polynomial**:
   The polynomial $p(x)$ that interpolates the points is given by:
   $$
   p(x) = \sum_{i=1}^{d+1} y_i \Delta_i(x)
   $$
   where $y_i$ are the values corresponding to each $x_i$.

#### **Example:**
Consider three points: $(1,1)$, $(2,2)$, and $(3,4)$. We aim to construct a polynomial $p(x)$ of degree 2.

- **Basis Polynomials**:
  $$
  \Delta_1(x) = \frac{(x-2)(x-3)}{(1-2)(1-3)} = \frac{1}{2}x^2 - \frac{5}{2}x + 3
  $$
  $$
  \Delta_2(x) = \frac{(x-1)(x-3)}{(2-1)(2-3)} = -x^2 + 4x - 3
  $$
  $$
  \Delta_3(x) = \frac{(x-1)(x-2)}{(3-1)(3-2)} = \frac{1}{2}x^2 - \frac{3}{2}x + 1
  $$

- **Interpolating Polynomial**:
  $$
  p(x) = 1 \cdot \Delta_1(x) + 2 \cdot \Delta_2(x) + 4 \cdot \Delta_3(x)
  $$
  Simplifying, we get:
  $$
  p(x) = \frac{1}{2}x^2 - \frac{1}{2}x + 1
  $$

## **Secret Sharing and Polynomial Interpolation**

Secret sharing schemes are cryptographic methods for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can only be reconstructed when a sufficient number of shares are combined together.
* A polynomial-based secret sharing scheme is ideal for this purpose.

#### **Description**:
- We assume there are $n$ officials and the secret launch code is a number $s$.
- A prime number $q$, larger than both $n$ and $s$, is chosen, and calculations are performed in the finite field $GF(q)$.

#### **Polynomial Construction:**

1. **Generating a Random Polynomial**:
   - Choose a random polynomial $P(x)$ of degree $k-1$ such that $P(0) = s$.
   - Assign $P(1)$ to the first official, $P(2)$ to the second, and so forth up to $P(n)$.

2. **Reconstruction of the Secret**:
   - Any group of $k$ officials can reconstruct the polynomial and find $s$ using Lagrange interpolation.
   - Less than $k$ officials have no information about $s$, maintaining the security of the scheme.

#### Properties:
1. **Threshold Scheme**: Only groups with at least $k$ members can reconstruct the secret.
2. **Security**: Smaller groups cannot gain any information about the secret


### Example: Polynomial-Based Secret Sharing Scheme

Suppose we need to set up a secret sharing scheme using a polynomial. The goal is to distribute secret $s = 1$ to $n = 5$ participants such that any $k = 3$ or more participants can reconstruct the secret, but fewer cannot.

#### Setup:
- **Field**: Work over $GF(7)$ (since $7$ is prime and $7 > s$ and $7 > n$).
- **Polynomial**: Choose a random polynomial $P(x)$ of degree $k - 1 = 2$ , where our secret $s$, is $P(0) = s = 1$. We define our polynomial, then, as $P(x) = 3x^2 + 5x + 1$.

#### Distribution:
- Shares are computed as follows:
  - $P(1) = 2$ to the first official
  - $P(2) = 2$ to the second official
  - $P(3) = 1$ to the third official
  - $P(4) = 6$ to the fourth official
  - $P(5) = 3$ to the fifth official

Rememeber that for these distributions, we're working in a modulo $7$ space!

#### Basis Functions:

Let's now say that $3$, $4$, and $5$ get together in ordet to find the secret code. They can use Lagrange interpolation as follows:
- $\Delta_3(x) = \frac{(x-4)(x-5)}{(3-4)(3-5)} = 4(x-4)(x-5) \pmod{7}$
- $\Delta_4(x) = \frac{(x-3)(x-5)}{(4-3)(4-5)} = 6(x-3)(x-5) \pmod{7}$
- $\Delta_5(x) = \frac{(x-3)(x-4)}{(5-3)(5-4)} = 4(x-3)(x-4) \pmod{7}$

The polynomial $P(x)$ reconstructed by these participants is:
$$
P(x) = 1\Delta_3(x) + 6\Delta_4(x) + 3\Delta_5(x) = 3x^2 + 5x + 1 \pmod{7}
$$
This reconstructs the original polynomial, verifying that $P(0) = 1$, the secret.

#### Security Analysis:
If two participants, such as 1 and 5, attempt to reconstruct the polynomial, they end up with two equations:

They know that $P(x) = a_2 x^2 + a_1 x + s$
- $P(1) = a_2 + a_1 + s = 2$
- $P(5) = 4a_2 + 5a_2 + s = 3$
This system is underdetermined (two equations, three unknowns $a_2$, $a_1$, $s$), hence they cannot solve for $s$ uniquely.


