Your search keyword '"Verifiable secret sharing"' showing total 21 results

1. Revisiting the Efficiency of Asynchronous MPC with Optimal Resilience Against General Adversaries.

Author

Appan, Ananya, Chandramouli, Anirudh, and Choudhury, Ashish

Abstract

In this paper, we design unconditionally secure multi-party computation (MPC) protocols in the asynchronous communication setting with optimal resilience. Our protocols are secure against a computationally unbounded malicious adversary characterized by an adversary structure Z , which enumerates all possible subsets of potentially corrupt parties. We present protocols with both perfect-security, as well as with statistical-security. While the protocols in the former class achieve all the security properties in an error-free fashion, the protocols belonging to the latter category achieve all the security properties except with a negligible error. Our perfectly secure protocol incurs an amortized communication of O (| Z | 2) bits per multiplication. This improves upon the protocol of Choudhury and Pappu (INDOCRYPT 2020) with the least known amortized communication complexity of O (| Z | 3) bits per multiplication. On the other hand, our statistically secure protocol incurs an amortized communication of O (| Z |) bits per multiplication. This is the first statistically secure asynchronous MPC protocol against general adversaries. Previously, perfectly secure and statistically secure MPC with an amortized communication cost of O (| Z | 2) and O (| Z |) bits, respectively, per multiplication was known only in the relatively simpler synchronous communication setting (Hirt and Tschudi in ASIACRYPT, Springer, 2013). [ABSTRACT FROM AUTHOR]

Published

2023

2. On the Communication Efficiency of Statistically Secure Asynchronous MPC with Optimal Resilience.

Author

Choudhury, Ashish and Patra, Arpita

Abstract

Secure multi-party computation (MPC) is a fundamental problem in secure distributed computing. An MPC protocol allows a set of n mutually distrusting parties with private inputs to securely compute any publicly known function of their inputs, by keeping their respective inputs as private as possible. While several works in the past have addressed the problem of designing communication-efficient MPC protocols in the synchronous communication setting, not much attention has been paid to the design of efficient MPC protocols in the asynchronous communication setting. In this work, we focus on the design of efficient asynchronous MPC (AMPC) protocol with statistical security, tolerating a computationally unbounded adversary, capable of corrupting up to t parties out of the n parties. The seminal work of Ben-Or, Kelmer and Rabin (PODC 1994) and later Abraham, Dolev and Stern (PODC 2020) showed that the optimal resilience for statistically secure AMPC is t < n / 3 . Unfortunately, the communication complexity of the protocol presented by Ben-Or et al. is significantly high, where the communication complexity per multiplication is Ω (n 13 κ 2 log n) bits (where κ is the statistical-security parameter). To the best of our knowledge, no work has addressed the problem of improving the communication complexity of the protocol of Ben-Or et al. In this work, our main contributions are the following. We present a new statistically secure AMPC protocol with the optimal resilience t < n / 3 , where the communication complexity is O (n 4 κ) bits per multiplication. Apart from improving upon the communication complexity of the protocol of Ben-Or et al., our protocol is relatively simpler and based on very few sub-protocols, unlike the protocol of Ben-Or et al. which involves several layers of sub-protocols. A central component of our AMPC protocol is a new and simple protocol for verifiable asynchronous complete secret-sharing (ACSS), which is of independent interest. As a side result, we give the security proof for our AMPC protocol in the standard universal composability (UC) framework of Canetti (FOCS 2001, JACM 2020), which is now the de facto standard for proving the security of cryptographic protocols. This is unlike the protocol of Ben-Or et al., which was missing the formal security proofs. [ABSTRACT FROM AUTHOR]

Published

2023

3. Efficient Perfectly Secure Computation with Optimal Resilience.

Author

Abraham, Ittai, Asharov, Gilad, and Yanai, Avishay

Abstract

Secure computation enables n mutually distrustful parties to compute a function over their private inputs jointly. In 1988, Ben-Or, Goldwasser, and Wigderson (BGW) proved that any function can be computed with perfect security in the presence of a malicious adversary corrupting at most t < n / 3 parties. After more than 30 years, protocols with perfect malicious security, and round complexity proportional to the circuit’s depth, still require (verifiably) sharing a total of O (n 2) values per multiplication. In contrast, only O(n) values need to be shared per multiplication to achieve semi-honest security. Sharing Ω (n) values for a single multiplication seems to be the natural barrier for polynomial secret-sharing-based multiplication. In this paper, we construct a new secure computation protocol with perfect, optimal resilience and malicious security that incurs (verifiably) sharing O(n) values per multiplication. Our protocol requires a constant number of rounds per multiplication. Like BGW, it has an overall round complexity that is proportional only to the multiplicative depth of the circuit. Our improvement is obtained by a novel construction for weak VSS for polynomials of degree 2t, which incurs the same communication and round complexities as the state-of-the-art constructions for VSS for polynomials of degree t. Our second contribution is a method for reducing the communication complexity for any depth 1 sub-circuit to be proportional only to the size of the input and output (rather than the size of the circuit). This implies protocols with sub-linear communication complexity (in the size of the circuit) for perfectly secure computation for important functions like matrix multiplication. [ABSTRACT FROM AUTHOR]

Published

2022

4. Compact Designated Verifier NIZKs from the CDH Assumption Without Pairings

Author

Shota Yamada, Shuichi Katsumata, Takashi Yamakawa, and Ryo Nishimaki

Subjects

Discrete mathematics, Soundness, Group (mathematics), Applied Mathematics, Open problem, Key (cryptography), Verifiable secret sharing, Type (model theory), Gas meter prover, Mathematical proof, Software, Computer Science Applications, Mathematics

Abstract

In a non-interactive zero-knowledge (NIZK) proof, a prover can non-interactively convince a verifier of a statement without revealing any additional information. A useful relaxation of NIZK is a designated verifier NIZK (DV-NIZK) proof, where proofs are verifiable only by a designated party in possession of a verification key. A crucial security requirement of DV-NIZKs is unbounded-soundness, which guarantees soundness even if the verification key is reused for multiple statements. Most known DV-NIZKs (except standard NIZKs) for $$\mathbf{NP} $$ do not have unbounded-soundness. Existing DV-NIZKs for $$\mathbf{NP} $$ satisfying unbounded-soundness are based on assumptions which are already known to imply standard NIZKs. In particular, it is an open problem to construct (DV-)NIZKs from weak paring-free group assumptions such as decisional Diffie–Hellman (DH). As a further matter, all constructions of (DV-)NIZKs from DH type assumptions (regardless of whether it is over a paring-free or paring group) require the proof size to have a multiplicative-overhead $$|C| \cdot \mathsf {poly}(\kappa )$$ , where |C| is the size of the circuit that computes the $$\mathbf{NP} $$ relation. In this work, we make progress of constructing DV-NIZKs from DH-type assumptions that are not known to imply standard NIZKs. Our results are summarized as follows

Published

2021

5. On Subversion-Resistant SNARKs

Author

Michał Zając, Janno Siim, Helger Lipmaa, and Behzad Abdolmaleki

Subjects

Soundness, Theoretical computer science, Computer science, Applied Mathematics, 0102 computer and information sciences, 01 natural sciences, Computer Science Applications, 03 medical and health sciences, 0302 clinical medicine, 010201 computation theory & mathematics, Argument, 030220 oncology & carcinogenesis, Verifiable secret sharing, Zero-knowledge proof, Subversion, Construct (philosophy), Software

Abstract

While NIZK arguments in the CRS model are widely studied, the question of what happens when the CRS is subverted has received little attention. In ASIACRYPT 2016, Bellare, Fuchsbauer, and Scafuro showed the first negative and positive results, proving also that it is impossible to achieve subversion soundness and (even non-subversion) zero knowledge at the same time. On the positive side, they constructed a sound and subversion-zero knowledge (Sub-ZK) non-succinct NIZK argument for NP. We consider the practically very relevant case of zk-SNARKs. We make Groth’s zk-SNARK for Circuit-SAT from EUROCRYPT 2016 computationally knowledge-sound and perfectly composable Sub-ZK with minimal changes. We only require the CRS trapdoor to be extractable and the CRS to be publicly verifiable. To achieve the latter, we add some new elements to the CRS and construct an efficient CRS verification algorithm. We also provide a definitional framework for knowledge-sound and Sub-ZK SNARKs.

Published

2021

6. Verifiable Random Functions from Non-interactive Witness-Indistinguishable Proofs

Author

Nir Bitansky

Subjects

Pseudorandom number generator, Discrete mathematics, Computer science, Applied Mathematics, Pseudorandomness, Context (language use), 0102 computer and information sciences, Mathematical proof, 01 natural sciences, RSA problem, Computer Science Applications, 03 medical and health sciences, Range (mathematics), 0302 clinical medicine, 010201 computation theory & mathematics, Simple (abstract algebra), 030220 oncology & carcinogenesis, Verifiable secret sharing, Software

Abstract

Verifiable random functions (VRFs) are pseudorandom functions where the owner of the seed, in addition to computing the function’s value y at any point x, can also generate a non-interactive proof $$\pi $$ that y is correct, without compromising pseudorandomness at other points. Being a natural primitive with a wide range of applications, considerable efforts have been directed toward the construction of such VRFs. While these efforts have resulted in a variety of algebraic constructions (from bilinear maps or the RSA problem), the relation between VRFs and other general primitives is still not well understood. We present new constructions of VRFs from general primitives, the main one being non-interactive witness-indistinguishable proofs (NIWIs). This includes: (1) a selectively secure VRF assuming NIWIs and non-interactive commitments. As usual, the VRF can be made adaptively secure assuming subexponential hardness of the underlying primitives. (2) An adaptively secure VRF assuming (polynomially hard) NIWIs, non-interactive commitments, and (single-key) constrained pseudorandom functions for a restricted class of constraints. The above primitives can be instantiated under various standard assumptions, which yields corresponding VRF instantiations, under different assumptions than were known so far. One notable example is a non-uniform construction of VRFs from subexponentially hard trapdoor permutations, or more generally, from verifiable pseudorandom generators (the construction can be made uniform under a standard derandomization assumption). This partially answers an open question by Dwork and Naor (FOCS ’00). The construction and its analysis are quite simple. Both draw from ideas commonly used in the context of indistinguishability obfuscation.

Published

2019

7. On the Impossibility of Structure-Preserving Deterministic Primitives

Author

Rafael Dowsley, Masayuki Abe, Jan Camenisch, and Maria Dubovitskaya

Subjects

Theoretical computer science, Computer science, Verifiable random functions, Structure (category theory), Unique signatures, 0102 computer and information sciences, Encryption, Mathematical proof, 01 natural sciences, 03 medical and health sciences, 0302 clinical medicine, Structure-preserving cryptography, Protocol (object-oriented programming), Computer Science::Cryptography and Security, business.industry, Applied Mathematics, Cryptographic protocol, Modular design, Computer Science Applications, 010201 computation theory & mathematics, Discrete logarithm, Groth–Sahai proofs, 030220 oncology & carcinogenesis, Verifiable secret sharing, business, Software

Abstract

In structure-preserving cryptography over bilinear groups, cryptographic schemes are restricted to exchange group elements only, and their correctness must be verifiable only by evaluating pairing product equations. Several primitives, such as structure-preserving signatures, commitments, and encryption schemes, have been proposed. Although deterministic primitives, such as verifiable pseudorandom functions or verifiable unpredictable functions, play an important role in the construction of cryptographic protocols, no structure-preserving realizations of them are known. This is not coincident: In this paper, we show that it is impossible to construct algebraic structure-preserving deterministic primitives that provide provability, uniqueness, and unpredictability. This includes verifiable random functions, unique signatures, and verifiable unpredictable functions as special cases. The restriction of structure-preserving primitives to be algebraic is natural, otherwise it would not be known how to verify correctness only by evaluating pairing product equations. We further extend our negative result to pseudorandom functions and deterministic public key encryption as well as non-strictly structure-preserving primitives, where target group elements are also allowed in their ranges and public keys.

Published

2018

8. Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs

Author

Carmit Hazay

Subjects

Polynomial, Theoretical computer science, Oblivious transfer, Keyword search, Applied Mathematics, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Computer Science Applications, 010201 computation theory & mathematics, Simple (abstract algebra), 0202 electrical engineering, electronic engineering, information engineering, Verifiable secret sharing, Point (geometry), Delegation (computing), Algebraic number, Software, Computer Science::Cryptography and Security, Mathematics

Abstract

In this paper, we study the two fundamental functionalities oblivious polynomial evaluation in the exponent and set-intersection and introduce a new technique for designing efficient secure protocols for these problems (and others). Our starting point is the technique (Benabbas et al. in CRYPTO, 2011) for verifiable delegation of polynomial evaluations, using algebraic PRFs. We use this tool, that is useful to achieve verifiability in the outsourced setting, in order to achieve privacy in the standard two-party setting. Our results imply new simple and efficient oblivious polynomial evaluation (OPE) protocols. We further show that our OPE protocols are readily used for secure set-intersection, implying much simpler protocols in the plain model. As a side result, we demonstrate the usefulness of algebraic PRFs for various search functionalities, such as keyword search and oblivious transfer with adaptive queries. Our protocols are secure under full simulation-based definitions in the presence of malicious adversaries.

Published

2017

9. A Verifiable Secret Shuffle of Homomorphic Encryptions

Author

Jens Groth

Subjects

Theoretical computer science, Correctness, business.industry, Applied Mathematics, Homomorphic encryption, Cryptography, Encryption, Computer Science Applications, Cryptosystem, Verifiable secret sharing, Commitment scheme, business, Software, ElGamal encryption, Computer Science::Cryptography and Security, Mathematics

Abstract

A shuffle consists of a permutation and re-encryption of a set of input ciphertexts. One application of shuffles is to build mix-nets. We suggest an honest verifier zero-knowledge argument for the correctness of a shuffle of homomorphic encryptions. Our scheme is more efficient than previous schemes both in terms of communication and computation. The honest verifier zero-knowledge argument has a size that is independent of the actual cryptosystem being used and will typically be smaller than the size of the shuffle itself. Moreover, our scheme is well suited for the use of multi-exponentiation and batch-verification techniques. Additionally, we suggest a more efficient honest verifier zero-knowledge argument for a commitment containing a permutation of a set of publicly known messages. We also suggest an honest verifier zero-knowledge argument for the correctness of a combined shuffle-and-decrypt operation that can be used in connection with decrypting mix-nets based on ElGamal encryption. All our honest verifier zero-knowledge arguments can be turned into honest verifier zero-knowledge proofs. We use homomorphic commitments as an essential part of our schemes. When the commitment scheme is statistically hiding we obtain statistical honest verifier zero-knowledge arguments; when the commitment scheme is statistically binding, we obtain computational honest verifier zero-knowledge proofs.

Published

2010

10. On d-Multiplicative Secret Sharing

Author

Yuval Ishai, Enav Weinreb, and Omer Barkol

Subjects

TheoryofComputation_MISCELLANEOUS, Homomorphic secret sharing, Theoretical computer science, Applied Mathematics, Context (language use), Secret sharing, Computer Science Applications, Shamir's Secret Sharing, Converse, Secure multi-party computation, Verifiable secret sharing, Communication complexity, Software, Mathematics

Abstract

A multiplicative secret sharing scheme allows players to multiply two secret-shared field elements by locally converting their shares of the two secrets into an additive sharing of their product. Multiplicative secret sharing serves as a central building block in protocols for secure multiparty computation (MPC). Motivated by open problems in the area of MPC, we introduce the more general notion of d-multiplicative secret sharing, allowing to locally multiply d shared secrets, and study the type of access structures for which such secret sharing schemes exist. While it is easy to show that d-multiplicative schemes exist if no d unauthorized sets of players cover the whole set of players, the converse direction is less obvious for d≥3. Our main result is a proof of this converse direction, namely that d-multiplicative schemes do not exist if the set of players is covered by d unauthorized sets. In particular, t-private d-multiplicative secret sharing among k players is possible if and only if k>dt. Our negative result holds for arbitrary (possibly inefficient or even nonlinear) secret sharing schemes and implies a limitation on the usefulness of secret sharing in the context of MPC. Its proof relies on a quantitative argument inspired by communication complexity lower bounds.

Published

2010

11. Hierarchical Threshold Secret Sharing

Author

Tamir Tassa

Subjects

Discrete mathematics, Polynomial, Homomorphic secret sharing, Theoretical computer science, Applied Mathematics, Birkhoff interpolation, Secret sharing, Computer Science Applications, Shamir's Secret Sharing, Secure multi-party computation, Verifiable secret sharing, Software, Mathematics, Access structure

Abstract

We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings, the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k0 0 members from the highest level, as well as at least k1 > k0 members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past, none of the existing solutions addresses the simple setting where, say, a bank transfer should be signed by three employees, at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that, unlike most secret sharing schemes that are suitable for hierarchical structures, is ideal. As in Shamir's scheme, the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently, our scheme uses Birkhoff interpolation, i.e., the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In addition, we devise an ideal and efficient secret sharing scheme for the closely related hierarchical threshold access structures that were studied by Simmons and Brickell.

Published

2007

12. RSA-Based Undeniable Signatures

Author

Hugo Krawczyk, Rosario Gennaro, and Tal Rabin

Subjects

Provable security, business.industry, Applied Mathematics, Cryptography, Computer security, computer.software_genre, Undeniable signature, Signature (logic), Computer Science Applications, Public-key cryptography, Discrete logarithm, Verifiable secret sharing, Zero-knowledge proof, business, computer, Software, Mathematics

Abstract

We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems. In contrast, our scheme uses regular RSA signatures to generate undeniable signatures. In this new setting, both the signature and verification exponents of RSA are kept secret by the signer, while the public key consists of a composite modulus and a sample RSA signature on a single public message. Our scheme possesses several attractive properties. First, provable security, as forging the undeniable signatures is as hard as forging regular RSA signatures. Second, both the confirmation and denial protocols are zero-knowledge. In addition, these protocols are efficient (particularly, the confirmation protocol involves only two rounds of communication and a small number of exponentiations). Furthermore, the RSA-based structure of our scheme provides with simple and elegant solutions to add several of the more advanced properties of undeniable signatures found in the literature, including convertibility of the undeniable signatures (into publicly verifiable ones), the possibility to delegate the ability to confirm and deny signatures to a third party without giving up the power to sign, and the existence of distributed (threshold) versions of the signing and confirmation operations. Due to the above properties and the fact that our undeniable nsignatures are identical in form to standard RSA signatures, the scheme we present becomes a very attractive candidate for practical implementations.

Published

2000

13. On Matroid Characterization of Ideal Secret Sharing Schemes

Author

Jovan Dj. Golic

Subjects

Discrete mathematics, Homomorphic secret sharing, Ideal (set theory), Applied Mathematics, Matroid, Secret sharing, Computer Science Applications, Combinatorics, Oriented matroid, Matroid partitioning, Verifiable secret sharing, Software, Mathematics, Access structure

Abstract

A characterization of ideal secret sharing schemes with an arbitrary number of keys is derived in terms of balanced maximum-order correlation immune functions. In particular, it is proved that a matroid is an associated matroid for a binary ideal secret sharing scheme if and only if it is representable over the binary field. Access structure characterization of connected binary ideal schemes is established and a general method for their construction is pointed out.

Published

1998

14. The Size of a Share Must Be Large

Author

László Csirmaz

Subjects

TheoryofComputation_MISCELLANEOUS, Discrete mathematics, Homomorphic secret sharing, Theoretical computer science, Applied Mathematics, Key distribution, Shared secret, Secret sharing, Computer Science Applications, Shamir's Secret Sharing, Secure multi-party computation, Verifiable secret sharing, Software, Mathematics, Access structure

Abstract

A secret sharing scheme permits a secret to be shared among participants of an n-element group in such a way that only qualified subsets of participants can recover the secret. If any nonqualified subset has absolutely no information on the secret, then the scheme is called perfect. The share in a scheme is the information that a participant must remember. In [3] it was proved that for a certain access structure any perfect secret sharing scheme must give some participant a share which is at least 50\percent larger than the secret size. We prove that for each n there exists an access structure on n participants so that any perfect sharing scheme must give some participant a share which is at least about $n/\log n$ times the secret size.^1 We also show that the best possible result achievable by the information-theoretic method used here is n times the secret size. ^1 All logarithms in this paper are of base 2.

Published

1997

15. Secret sharing over infinite domains

Author

Benny Chor and Eyal Kushilevitz

Subjects

TheoryofComputation_MISCELLANEOUS, Discrete mathematics, Homomorphic secret sharing, business.industry, Applied Mathematics, Cryptography, Encryption, Secret sharing, Computer Science Applications, Computer Science::Multimedia, Secrecy, Countable set, Verifiable secret sharing, Family of sets, business, Software, Computer Science::Cryptography and Security, Mathematics

Abstract

Let ? n be a monotone, nontrivial family of sets over {1, 2, ?,n}. An ? n perfect secret-sharing scheme is a probabilistic mapping of a secret ton shares, such that: Various secret-sharing schemes have been proposed, and applications in diverse contexts were found. In all these cases the set of secrets and the set of shares are finite. In this paper we study the possibility of secret-sharing schemes overinfinite domains. The major case of interest is when the secrets and the shares are taken from acountable set, for example all binary strings. We show that no ? n secret-sharing scheme over any countable domain exists (for anyn ? 2). One consequence of this impossibility result is that noperfect private-key encryption schemes, over the set of all strings, exist. Stated informally, this means that there is no way to encrypt all strings perfectly without revealing information about their length. These impossibility results are stated and proved not only for perfect secret-sharing and private-key encryption schemes, but also for wider classes--weak secret-sharing and private-key encryption schemes. We constrast these results with the case where both the secrets and the shares are real numbers. Simple perfect secret-sharing schemes (and perfect private-key encryption schemes) are presented. Thus, infinity alone does not rule out the possibility of secret sharing.

Published

1993

16. Multiple assignment scheme for sharing secret

Author

Mitsuru Ito, Takao Nishizeki, and Akira Saito

Subjects

Discrete mathematics, Homomorphic secret sharing, Theoretical computer science, business.industry, Applied Mathematics, Cryptography, Secret sharing, Computer Science Applications, Shamir's Secret Sharing, Simple (abstract algebra), Secure multi-party computation, Verifiable secret sharing, business, Software, Access structure, Mathematics

Abstract

In a secret sharing scheme, a datumd is broken into shadows which are shared by a set of trustees. The family {P?⊆P:P? can reconstructd} is called the access structure of the scheme. A (k, n)-threshold scheme is a secret sharing scheme having the access structure {P?⊆P: |P?|?k}. In this paper, by observing a simple set-theoretic property of an access structure, we propose its mathematical definition. Then we verify the definition by proving that every family satisfying the definition is realized by assigning two more shadows of a threshold scheme to trustees.

Published

1993

17. On the size of shares for secret sharing schemes

Author

Renato M. Capocelli, Ugo Vaccaro, Alfredo De Santis, and Luisa Gargano

Subjects

TheoryofComputation_MISCELLANEOUS, Homomorphic secret sharing, Theoretical computer science, Applied Mathematics, Key distribution, Shared secret, Computer security, computer.software_genre, Secret sharing, Computer Science Applications, Shamir's Secret Sharing, Secure multi-party computation, Verifiable secret sharing, computer, Software, Mathematics, Access structure

Abstract

A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of participants can recover the secret, but any nonqualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multiparty secure protocols. We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with four participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above access structures that meets the bound with equality.

Published

1993

18. Strongly ideal secret sharing schemes

Author

Nicholas C. K. Phillips and Steven J. Phillips

Subjects

Hierarchy, Homomorphic secret sharing, Theoretical computer science, Ideal (set theory), Mathematics::Commutative Algebra, business.industry, Applied Mathematics, Cryptography, Information theory, Secret sharing, Computer Science Applications, Secure multi-party computation, Verifiable secret sharing, business, Software, Computer Science::Cryptography and Security, Mathematics

Abstract

We define strongly ideal secret sharing schemes to be ideal secret sharing schemes in which certain natural requirements are placed on the decoder. We prove an information-theoretic characterization of perfect schemes, and use it to determine which access structures can be encoded by strongly ideal schemes. We also discuss a hierarchy of secret sharing schemes that are more powerful than strongly ideal schemes.

Published

1992

19. Some improved bounds on the information rate of perfect secret sharing schemes

Author

Ernest F. Brickell and Douglas R. Stinson

Subjects

Discrete mathematics, Theoretical computer science, Proactive secret sharing, business.industry, Applied Mathematics, Graph theory, Cryptography, Code rate, Secret sharing, Graph, Computer Science Applications, Secure multi-party computation, Verifiable secret sharing, business, Software, Mathematics

Abstract

In this paper we study secret sharing schemes for access structures based on graphs. A secret sharing scheme enables a secret key to be shared among a set of participants by distributing partial information called shares. Suppose we desire that some specified pairs of participants be able to compute the key. This gives rise in a natural way to a graphG which contains these specified pairs as its edges. The secret sharing scheme is calledperfect if a pair of participants corresponding to a nonedge ofG can obtain no information regarding the key. Such a perfect secret sharing scheme can be constructed for any graph. In this paper we study the information rate of these schemes, which measures how much information is being distributed as shares compared with the size of the secret key. We give several constructions for secret sharing schemes that have a higher information rate than previously known schemes. We prove the general result that, for any graphG having maximum degreed, there is a perfect secret sharing scheme realizingG in which the information rate is at least 2/(d+3). This improves the best previous general bound by a factor of almost two.

Published

1992

20. On the classification of ideal secret sharing schemes

Author

Daniel M. Davenport and Ernest F. Brickell

Subjects

TheoryofComputation_MISCELLANEOUS, Homomorphic secret sharing, Theoretical computer science, Ideal (set theory), Applied Mathematics, Shared secret, Secret sharing, Computer Science Applications, Shamir's Secret Sharing, Secure multi-party computation, Verifiable secret sharing, Software, Mathematics, Access structure

Abstract

In a secret sharing scheme a dealer has a secret key. There is a finite set P of participants and a set ? of subsets of P. A secret sharing scheme with ? as the access structure is a method which the dealer can use to distribute shares to each participant so that a subset of participants can determine the key if and only if that subset is in ?. The share of a participant is the information sent by the dealer in private to the participant. A secret sharing scheme is ideal if any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key, and if the set of possible shares is the same as the set of possible keys. In this paper we show a relationship between ideal secret sharing schemes and matroids.

Published

1991

21. Ideal Secret Sharing Schemes with Multiple Secrets

Author

Keith M. Martin, Christine M. O'Keefe, and Wen-Ai Jackson

Subjects

TheoryofComputation_MISCELLANEOUS, Homomorphic secret sharing, Theoretical computer science, Applied Mathematics, Key distribution, Shared secret, Computer security, computer.software_genre, Secret sharing, Computer Science Applications, Shamir's Secret Sharing, Secure multi-party computation, Verifiable secret sharing, computer, Software, Mathematics, Access structure

Abstract

We consider secret sharing schemes which, through an initial issuing of shares to a group of participants, permit a number of different secrets to be protected. Each secret is associated with a (potentially different) access structure and a particular secret can be reconstructed by any group of participants from its associated access structure without the need for further broadcast information. We consider ideal secret sharing schemes in this more general environment. In particular, we classify the collections of access structures that can be combined in such an ideal secret sharing scheme and we provide a general method of construction for such schemes. We also explore the extent to which the results that connect ideal secret sharing schemes to matroids can be appropriately generalized.

Published

1996