Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2012: Advances in Cryptology – EUROCRYPT 2012 pp 195-208

Unconditionally-Secure Robust Secret Sharing with Compact Shares

  • Alfonso Cevallos
  • Serge Fehr
  • Rafail Ostrovsky
  • Yuval Rabani
Conference paper

DOI: 10.1007/978-3-642-29011-4_13

Volume 7237 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Cevallos A., Fehr S., Ostrovsky R., Rabani Y. (2012) Unconditionally-Secure Robust Secret Sharing with Compact Shares. In: Pointcheval D., Johansson T. (eds) Advances in Cryptology – EUROCRYPT 2012. EUROCRYPT 2012. Lecture Notes in Computer Science, vol 7237. Springer, Berlin, Heidelberg


We consider the problem of reconstructing a shared secret in the presence of faulty shares, with unconditional security. We require that any t shares give no information on the shared secret, and reconstruction is possible even if up to t out of the n shares are incorrect. The interesting setting is n/3 ≤ t < n/2, where reconstruction of a shared secret in the presence of faulty shares is possible, but only with an increase in the share size, and only if one admits a small failure probability. The goal of this work is to minimize this overhead in the share size. Known schemes either have a Ω(κn)-overhead in share size, where κ is the security parameter, or they have a close-to-optimal overhead of order O(κ + n) but have an exponential running time (in n).

In this paper, we propose a new scheme that has a close-to-optimal overhead in the share size of order \(\tilde{O}(\kappa+n)\), and a polynomial running time. Interestingly, the shares in our new scheme are prepared in the very same way as in the well-known scheme by Rabin and Ben-Or, which relies on message authentication, but we use a message authentication code with short tags and keys and with correspondingly weak security. The short tags and keys give us the required saving in the share size. Surprisingly, we can compensate for the weakened security of the authentication and achieve an exponentially small (in κ) failure probability by means of a more sophisticated reconstruction procedure.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Alfonso Cevallos
    • 1
  • Serge Fehr
    • 2
  • Rafail Ostrovsky
    • 3
  • Yuval Rabani
    • 4
  1. 1.Mathematical InstituteLeiden UniversityThe Netherlands
  2. 2.Centrum Wiskunde & Informatica (CWI)AmsterdamThe Netherlands
  3. 3.Department of Computer Science, Department of MathematicsUCLAUSA
  4. 4.The Rachel and Selim Benin School of Computer Science and EngineeringThe Hebrew University of JerusalemJerusalemIsrael