Journal of Cryptology

, Volume 30, Issue 2, pp 444–469 | Cite as

Secret-Sharing for NP

  • Ilan KomargodskiEmail author
  • Moni Naor
  • Eylon Yogev


A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a “qualified” subset of parties can efficiently reconstruct the secret while any “unqualified” subset of parties cannot efficiently learn anything about the secret. The collection of “qualified” subsets is defined by a monotone Boolean function. It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing scheme. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in \({\mathsf {P}}\)). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in \({\mathsf {NP}}\): in order to reconstruct the secret a set of parties must be “qualified” and provide a witness attesting to this fact. Recently, Garg et al. (Symposium on theory of computing conference, STOC, pp 467–476, 2013) put forward the concept of witness encryption, where the goal is to encrypt a message relative to a statement \(x\in L\) for a language \(L\in {\mathsf {NP}}\) such that anyone holding a witness to the statement can decrypt the message; however, if \(x\notin L\), then it is computationally hard to decrypt. Garg et al. showed how to construct several cryptographic primitives from witness encryption and gave a candidate construction. One can show that computational secret-sharing implies witness encryption for the same language. Our main result is the converse: we give a construction of a computational secret-sharing scheme for any monotone function in \({\mathsf {NP}}\) assuming witness encryption for \({\mathsf {NP}}\) and one-way functions. As a consequence we get a completeness theorem for secret-sharing: computational secret-sharing scheme for any single monotone \({\mathsf {NP}}\)-complete function implies a computational secret-sharing scheme for every monotone function in \({\mathsf {NP}}\).


Secret-sharing Witness encryption Obfuscation 



We are grateful to Amit Sahai for suggesting to base our construction on witness encryption. We thank Zvika Brakerski for many helpful discussions and insightful ideas. The second author thanks Steven Rudich for sharing with him his ideas on secret-sharing beyond \({\mathsf {P}}\). We thank the anonymous referees for many helpful remarks.


  1. 1.
    N. Alon, J. Spencer, The Probabilistic Method (3rd ed.) (Wiley, 2008)Google Scholar
  2. 2.
    A. Beimel, Secret-sharing schemes: a survey, in 3rd International Workshop, IWCC (2011), pp. 11–46Google Scholar
  3. 3.
    B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs, in CRYPTO. Lecture Notes in Computer Science, vol. 2139 (Springer, 2001), pp. 1–18Google Scholar
  4. 4.
    B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012). Preliminary version appeared in CRYPTO 2001Google Scholar
  5. 5.
    B. Barak, S. Garg, Y. T. Kalai, O. Paneth, A. Sahai, Protecting obfuscation against algebraic attacks, in 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EYROCRYPTO (2014), pp. 221–238Google Scholar
  6. 6.
    A. Beimel, Y. Ishai, On the power of nonlinear secrect-sharing. SIAM J. Discrete Math. 19(1), 258–280 (2005)Google Scholar
  7. 7.
    J. C. Benaloh, J. Leichter, Generalized secret sharing and monotone functions, in 8th Annual International Cryptology Conference, CRYPTO (1988), pp. 27–35Google Scholar
  8. 8.
    G. R. Blakley, Safeguarding cryptographic keys. Proc. AFIPS Natl. Comput. Conf. 22, 313–317 (1979)Google Scholar
  9. 9.
    M. Bellare, P. Rogaway, Robust computational secret sharing and a unified account of classical secret-sharing goals, in ACM Conference on Computer and Communications Security (ACM, 2007), pp. 172–184Google Scholar
  10. 10.
    Z. Brakerski, G. N. Rothblum, Black-box obfuscation for \(d\)-CNFs, in Innovations in Theoretical Computer Science, ITCS (2014), pp. 235–250Google Scholar
  11. 11.
    Z. Brakerski, G. N. Rothblum, Virtual black-box obfuscation for all circuits via generic graded encoding, in 11th Theory of Cryptography Conference, TCC (2014), pp. 1–25Google Scholar
  12. 12.
    D. Boneh, M. Zhandry, Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation, in 34th Annual Cryptology Conference, CRYPTO (2014), pp. 480–499Google Scholar
  13. 13.
    C. Dwork, M. Naor, O. Reingold, L. J. Stockmeyer, Magic functions. J. ACM 50(6), 852–921 (2003)Google Scholar
  14. 14.
    S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS (2013), pp. 40–49Google Scholar
  15. 15.
    S. Garg, C. Gentry, A. Sahai, B. Waters, Witness encryption and its applications, in Symposium on Theory of Computing Conference, STOC (2013), pp. 467–476Google Scholar
  16. 16.
    C. Gentry, A. B. Lewko, A. Sahai, B. Waters, Indistinguishability obfuscation from the multilinear subgroup elimination assumption. IACR Cryptol. ePrint Arch. 2014, 309 (2014)Google Scholar
  17. 17.
    C. Gentry, A. B. Lewko, B. Waters, Witness encryption from instance independent assumptions, in 34th Annual Cryptology Conference, CRYPTO (2014), pp. 426–443Google Scholar
  18. 18.
    S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)Google Scholar
  19. 19.
    M. Grigni, M. Sipser, Monotone complexity, in LMS Workshop on Boolean Function Complexity (1992), pp. 57–75Google Scholar
  20. 20.
    J. Håstad, R. Impagliazzo, L. A. Levin, M. Luby, A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)Google Scholar
  21. 21.
    R. Impagliazzo, A personal view of average-case complexity, in 10th Annual Structure in Complexity Theory Conference (1995), pp. 134–147Google Scholar
  22. 22.
    M. Ito, A. Saito, T. Nishizeki, Multiple assignment scheme for sharing secret. J. Cryptol. 6(1), 15–20 (1993)Google Scholar
  23. 23.
    I. Komargodski, T. Moran, M. Naor, R. Pass, A. Rosen, E. Yogev, One-way functions and (im)perfect obfuscation, in 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS (2014), pp. 374–383Google Scholar
  24. 24.
    H. Krawczyk, Secret sharing made short, in 13th Annual International Cryptology Conference, CRYPTO (1993), pp. 136–146Google Scholar
  25. 25.
    M. Karchmer, A. Wigderson, On span programs, in 8th Annual Structure in Complexity Theory Conference (1993), pp. 102–111Google Scholar
  26. 26.
    I. Komargodski, M. Zhandry, Cutting-edge cryptography through the lens of secret sharing. IACR Cryptol. ePrint Arch.  2015, 735 (2015). To appear in TCC 2016-AGoogle Scholar
  27. 27.
    M. Naor, Bit commitment using pseudorandomness. J. Cryptol.  4(2), 151–158 (1991)Google Scholar
  28. 28.
    M. Naor, On cryptographic assumptions and challenges, in 23rd Annual International Cryptology Conference, CRYPTO (2003), pp. 96–109Google Scholar
  29. 29.
    M. Naor, Secret sharing for access structures beyond \({\sf P}\) (2006). Slides:
  30. 30.
    R. Pass, K. Seth, S. Telang, Indistinguishability obfuscation from semantically-secure multilinear encodings, in 34th Annual Cryptology Conference, CRYPTO (2014), pp. 500–517Google Scholar
  31. 31.
    A. A. Razborov, Lower bounds for the monotone complexity of some Boolean functions. Dokl. Ak. Nauk. SSSR  281, 798–801 (1985). English translation in: Soviet Math. Dokl.  31, 354–357 (1985)Google Scholar
  32. 32.
    A. Shamir, How to share a secret. Commun. ACM  22(11), 612–613 (1979)Google Scholar
  33. 33.
    A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in Symposium on Theory of Computing, STOC (2014), pp. 475–484Google Scholar
  34. 34.
    V. Vinod, A. Narayanan, K. Srinathan, C. P. Rangan, K. Kim, On the power of computational secret sharing, in 4th International Conference on Cryptology in India, INDOCRYPT (2003), pp. 162–176Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations