Has anyone combined polynomial secret sharing with public-key cryptography to create a public-key secret sharing system? For example, encrypt a file with a session key, SK. Use secret sharing to split SK into n parts, with m required for decryption. Encrypt each of the n parts with a different person's public key. Publish the encrypted file and public-key encrypted pieces of the key. To decrypt, m of the trustees use their secret keys to recover their shares of SK, combine them, and retrieve SK to decrypt the file. This has the advantage of requiring only one copy of the file, and requiring no pre-arrangement with the trustees. Is there a better way to do this (especially so the size of the file does not grow linearly with the number of trustees)? When is PGP 3.0 with the toolkit coming out? This should make it easy to implement these things, along with digicash and other projects. The MPI library and conventional crypto is fairly accessible, but the code which creates PGP-format packets is not easy to call from another program. --- MikeIngle@delphi.com