On the Size of Shares for Secret Sharing Schemes
A secret sharing scheme permits a secret to be shared among participants in such a way that only qualified subsets of partecipants can recover the secret, but any non-qualified subset has absolutely no information on the secret. The set of all qualified subsets defines the access structure to the secret. Sharing schemes are useful in the management of cryptographic keys and in multy-party secure protocols.
We analyze the relationships among the entropies of the sample spaces from which the shares and the secret are chosen. We show that there are access structures with 4 participants for which any secret sharing scheme must give to a participant a share at least 50% greater than the secret size. This is the first proof that there exist access structures for which the best achievable information rate (i.e., the ratio between the size of the secret and that of the largest share) is bounded away from 1. The bound is the best possible, as we construct a secret sharing scheme for the above access structures which meets the bound with equality.
KeywordsAccess Structure Secret Sharing Scheme Threshold Scheme Average Uncertainty Conditional Mutual Information
- [BeLe]J. C. Benaloh and J. Leichter, Generalized Secret Sharing and Monotone Functions, Crypto 88, pp. 27–35.Google Scholar
- [Bl]G. R. Blakley, Safeguarding Cryptographic Keys, Proceedings AFIPS 1979 National Computer Conference, pp. 313–317, June 1979.Google Scholar
- [BrDa]E. F. Brickell and D. M. Davenport, On the Classification of Ideal Secret Sharing Schemes, J. Cryptology, to appear.Google Scholar
- [BrSt]E. F. Brickell and D. R. Stinson, Some Improved Bounds on the Information Rate of Perfect Secret Sharing Schemes, Crypto 90 (Published also as Research Report #106, May 1990, University of Nebraska).Google Scholar
- [CsKo]I. Csiszár and J. Körner, Information Theory. Coding theorems for discrete memoryless systems, Academic Press, 1981.Google Scholar
- [De]D. Denning, Cryptography and Data Security, Addison-Wesley, Reading, MA, 1983.Google Scholar
- [Ga]R. G. Gallager, Information Theory and Reliable Communications, John Wiley & Sons, New York, NY, 1968.Google Scholar
- [GoMiWi]O. Goldreich, S. Micali, and A. Wigderson, How to Play Any Mental Game, Proceedings of the 19th Annual ACM Symposium on Theory of Computing, 1987, New York, pp. 218–229.Google Scholar
- [ItSaNi]M. Ito, A. Saito, and T. Nishizeki, Secret Sharing Scheme Realizing General Access Structure, Proc. IEEE Global Telecommunications Conf., Globecom 87, Tokyo, Japan, 1987, pp. 99–102.Google Scholar
- [Ko]S. C. Kothari, Generalized Linear Threshold Schemes, Crypto 84, pp. 231–241.Google Scholar