Abstract
There is a huge gap between the upper and lower bounds on the share size of secret-sharing schemes for arbitrary n-party access structures, and consistent with our current knowledge the optimal share size can be anywhere between polynomial in n and exponential in n. For linear secret-sharing schemes, we know that the share size for almost all n-party access structures must be exponential in n. Furthermore, most constructions of efficient secret-sharing schemes are linear. We would like to study larger classes of secret-sharing schemes with two goals. On one hand, we want to prove lower bounds for larger classes of secret-sharing schemes, possibly shedding some light on the share size of general secret-sharing schemes. On the other hand, we want to construct efficient secret-sharing schemes for access structures that do not have efficient linear secret-sharing schemes. Given this motivation, Paskin-Cherniavsky and Radune (ITC’20) defined and studied a new class of secret-sharing schemes in which the shares are generated by applying degree-d polynomials to the secret and some random field elements. The special case \(d=1\) corresponds to linear and multi-linear secret-sharing schemes.
We define and study two additional classes of polynomial secret-sharing schemes: (1) schemes in which for every authorized set the reconstruction of the secret is done using polynomials and (2) schemes in which both sharing and reconstruction are done by polynomials. For linear secret-sharing schemes, schemes with linear sharing and schemes with linear reconstruction are equivalent. We give evidence that for polynomial secret-sharing schemes, schemes with polynomial sharing are probably stronger than schemes with polynomial reconstruction. We also prove lower bounds on the share size for schemes with polynomial reconstruction. On the positive side, we provide constructions of secret-sharing schemes and conditional disclosure of secrets (CDS) protocols with quadratic sharing and reconstruction. We extend a construction of Liu et al. (CRYPTO’17) and construct optimal quadratic k-server CDS protocols for functions with message size \(O(N^{(k-1)/3})\). We show how to transform our quadratic k-server CDS protocol to a robust CDS protocol, and use the robust CDS protocol to construct quadratic secret-sharing schemes for arbitrary access structures with share size \(O(2^{0.705n})\); this is better than the best known share size of \(O(2^{0.7576n})\) for linear secret-sharing schemes and worse than the best known share size of \(O(2^{0.585n})\) for general secret-sharing schemes.
The work of the authors was partially supported by Israel Science Foundation grant no. 152/17 and a grant from the Cyber Security Research Center at Ben-Gurion University. Part of this work was done while the first author was visiting Georgetown University, supported by NSF grant no. 1565387, TWC: Large: Collaborative: Computing Over Distributed Sensitive Data.
A. Beimel—supported by ERC grant 742754 (project NTSC).
H. Othman—supported by a scholarship from the Israeli Council For Higher Education.
N. Peter—supported by the European Union’s Horizon 2020 Programme (ERC-StG-2014-2020) under grant agreement no. 639813 ERC-CLC, and by the Rector’s Office at Tel-Aviv University.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In [44] they construct efficient secret-sharing schemes for access structures that correspond to languages that have statistical zero-knowledge proofs with log-space verifiers and simulators.
- 2.
We present it as a CDS protocol for the quadratic non-residuosity function. Using known equivalence, this implies a secret-sharing scheme, as in [16].
- 3.
For clarity of the presentation (especially when using CDS protocols to construct secret-sharing schemes) we denote the entities in a CDS protocol by servers and the entities in a secret-sharing scheme by parties.
- 4.
We add 1 to the input to avoid the input 0, which is neither a quadratic residue nor a quadratic non residue.
- 5.
If there is more than one element of some party in the monomial, the dealer can share the monomial among the parties that have elements in it, or give to such a party the sum of the shares that corresponding to its elements.
- 6.
We include \(i_1,\dots ,i_k\) in the output of \(f_\mathrm{XOR}\) to be consistent with PSM protocols, in which the referee does not know the input.
- 7.
in [5], they do not deal with restrictions of the domain of inputs since it does not improve the asymptotic message size of their protocols.
References
Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_8
Applebaum, B., Arkis, B.: On the power of amortization in secret sharing: d-uniform secret sharing and CDS with constant information rate. ACM Trans. Comput. Theor. 12(4), 24:1–24:21 (2020)
Applebaum, B., Arkis, B., Raykov, P., Vasudevan, P.N.: Conditional disclosure of secrets: amplification, closure, amortization, lower-bounds, and separations. SIAM J. Comput. 50(1), 32–67 (2021)
Applebaum, B., Beimel, A., Farràs, O., Nir, O., Peter, N.: Secret-sharing schemes for general and uniform access structures. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 441–471. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_15
Applebaum, B., Beimel, A., Nir, O., Peter, N.: Better secret sharing via robust conditional disclosure of secrets. STOC 2020, 280–293 (2020)
Applebaum, B., Beimel, A., Nir, O., Peter, N.: Better secret sharing via robust conditional disclosure of secrets. Cryptology ePrint Archive, Report 2020/080 (2020)
Applebaum, B., Holenstein, T., Mishra, M., Shayevitz, O.: The communication complexity of private simultaneous messages, revisited. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 261–286. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_9
Applebaum, B., Nir, O.: Upslices, downslices, and secret-sharing with complexity of 1.5\(^{\text{n}}\). IACR Cryptol. ePrint Arch. 2021, 470 (2021). https://eprint.iacr.org/2021/470. To appear in CRYPTO 2021
Applebaum, B., Vasudevan, P.N.: Placing conditional disclosure of secrets in the communication complexity universe. In: 10th ITCS, pp. 4:1–4:14 (2019)
Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_31
Babai, L., Gál, A., Wigderson, A.: Superpolynomial lower bounds for monotone span programs. Combinatorica 19(3), 301–319 (1999)
Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion (1996). www.cs.bgu.ac.il/~beimel/pub.html
Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., et al. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20901-7_2
Beimel, A., Farràs, O.: The share size of secret-sharing schemes for almost all access structures and graphs. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 499–529. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_18
Beimel, A., Gál, A., Paterson, M.: Lower bounds for monotone span programs. Comput. Complex. 6(1), 29–45 (1997)
Beimel, A., Ishai, Y.: On the power of nonlinear secret-sharing. SIAM J. Discrete Math. 19(1), 258–280 (2005)
Beimel, A., Othman, H., Peter, N.: Quadratic secret sharing and conditional disclosure of secrets. Cryptology ePrint Archive, Report 2021/285 (2021). https://eprint.iacr.org/2021/285
Beimel, A., Peter, N.: Optimal linear multiparty conditional disclosure of secrets protocols. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 332–362. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_13
Benaloh, J., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_3
Bertilsson, M., Ingemarsson, I.: A construction of practical secret sharing schemes using linear block codes. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 67–79. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57220-1_53
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, vol. 48, pp. 313–317 (1979)
Brickell, E.F.: Some ideal secret sharing schemes. J. Combin. Math. Combin. Comput. 6, 105–113 (1989)
Csirmaz, L.: The dealer’s random bits in perfect secret sharing schemes. Studia Sci. Math. Hungar. 32(3–4), 429–437 (1996)
Csirmaz, L.: The size of a share must be large. J. Cryptol. 10(4), 223–231 (1997)
Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation. In: 26th STOC, pp. 554–563 (1994)
Gál, A.: A characterization of span program size and improved lower bounds for monotone span programs. Comput. Complex. 10(4), 277–296 (2002)
Gál, A., Pudlák, P.: Monotone complexity and the rank of matrices. Inf. Process. Lett. 87, 321–326 (2003)
Gay, R., Kerenidis, I., Wee, H.: Communication complexity of conditional disclosure of secrets and attribute-based encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 485–502. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_24
Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. JCSS 60(3), 592–629 (2000)
Ishai, Y., Kushilevitz, E.: Private simultaneous messages protocols with applications. In: 5th Israel Symposium on Theory of Computing and Systems, pp. 174–183 (1997)
Ito, M., Saito, A., Nishizeki, T.: Secret sharing schemes realizing general access structure. In: Globecom, vol. 87, pp. 99–102 (1987). Journal version: Multiple assignment scheme for sharing secret. J. Cryptol. 6(1), 15–20 (1993)
Karchmer, M., Wigderson, A.: On span programs. In: 8th Structure in Complexity Theory, pp. 102–111 (1993)
Korshunov, A.D.: On the number of monotone Boolean functions. Probl. Kibern 38, 5–108 (1981)
Larsen, K.G., Simkin, M.: Secret sharing lower bound: either reconstruction is hard or shares are long. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 566–578. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57990-6_28
Liu, T., Vaikuntanathan, V.: Breaking the circuit-size barrier in secret sharing. In: 50th STOC, pp. 699–708 (2018)
Liu, T., Vaikuntanathan, V., Wee, H.: Conditional disclosure of secrets via non-linear reconstruction. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 758–790. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_25
Liu, T., Vaikuntanathan, V., Wee, H.: Towards breaking the exponential barrier for general secret sharing. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 567–596. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_21
Paskin-Cherniavsky, A., Radune, A.: On polynomial secret sharing schemes. In: ITC 2020. LIPIcs, vol. 163, pp. 12:1–12:21 (2020)
Peter, N.: Secret-sharing schemes and conditional disclosure of secrets protocols. Thesis at Ben-Gurion Universiy (2020). https://aranne5.bgu.ac.il/others/PeterNaty19903.pdf
Pitassi, T., Robere, R.: Strongly exponential lower bounds for monotone computation. In: 49th STOC, pp. 1246–1255 (2017)
Pitassi, T., Robere, R.: Lifting Nullstellensatz to monotone span programs over any field. In: 50th STOC, pp. 1207–1219 (2018)
Robere, R., Pitassi, T., Rossman, B., Cook, S.A.: Exponential lower bounds for monotone span programs. In: 57th FOCS, pp. 406–415 (2016)
Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)
Vaikuntanathan, V., Vasudevan, P.N.: Secret sharing and statistical zero knowledge. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 656–680. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_27
Wee, H.: Dual system encryption via predicate encodings. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_26
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Beimel, A., Othman, H., Peter, N. (2021). Quadratic Secret Sharing and Conditional Disclosure of Secrets. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12827. Springer, Cham. https://doi.org/10.1007/978-3-030-84252-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-84252-9_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84251-2
Online ISBN: 978-3-030-84252-9
eBook Packages: Computer ScienceComputer Science (R0)