关键词: 访问控制, 身份锁, 欺骗检测, 密钥协商, 多秘密共享

Abstract: In order to avoid the disadvantage that different secrets has the same access control structure in the existing secret sharing schemes, a threshold multi-secret sharing scheme based on identity lock is proposed, which determines the authorized subset of the secret. Only the user  in the authorized subset can recover the secret. There are different identity locks for different secrets.H3：  preset that the system has a secure channel to transmit secret shares,Under the premise of keeping the sub-secrets reusable and detectable for deception, it does not increase the information interaction of any participants, and effectively solves the problem that the access control structure of different secrets is difficult to change. At the same time, based on the session key negotiation algorithm, the scheme does not need to use a secure channel to transmit the secret share in advance, so it has better security and practicability. The scheme is suitable for the scenarios of multi-secret threshold sharing based on identity access control, such as video conference and file distribution.

Key words: access control, identity lock, deception detection, key negotiation, multi-secret sharing ,