Non-malleable Secret Sharing for General Access Structures

  • Vipul Goyal
  • Ashutosh KumarEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10991)


Goyal and Kumar (STOC’18) recently introduced the notion of non-malleable secret sharing. Very roughly, the guarantee they seek is the following: the adversary may potentially tamper with all of the shares, and still, either the reconstruction procedure outputs the original secret, or, the original secret is “destroyed” and the reconstruction outputs a string which is completely “unrelated” to the original secret. Prior works on non-malleable codes in the 2 split-state model imply constructions which can be seen as 2-out-of-2 non-malleable secret sharing (NMSS) schemes. Goyal and Kumar proposed constructions of t-out-of-n NMSS schemes. These constructions have already been shown to have a number of applications in cryptography.

We continue this line of research and construct NMSS for more general access structures. We give a generic compiler that converts any statistical (resp. computational) secret sharing scheme realizing any access structure into another statistical (resp. computational) secret sharing scheme that not only realizes the same access structure but also ensures statistical non-malleability against a computationally unbounded adversary who tampers each of the shares arbitrarily and independently. Instantiating with known schemes we get unconditional NMMS schemes that realize any access structures generated by polynomial size monotone span programs. Similarly, we also obtain conditional NMMS schemes realizing access structure in \(\mathbf {monotone \;P}\) (resp. \(\mathbf {monotone \;NP}\)) assuming one-way functions (resp. witness encryption).

Towards considering more general tampering models, we also propose a construction of n-out-of-n NMSS. Our construction is secure even if the adversary could divide the shares into any two (possibly overlapping) subsets and then arbitrarily tamper the shares in each subset. Our construction is based on a property of inner product and an observation that the inner-product based construction of Aggarwal, Dodis and Lovett (STOC’14) is in fact secure against a tampering class that is stronger than 2 split-states. We also show applications of our construction to the problem of non-malleable message transmission.



We thank the anonymous reviewers, as their detailed and insightful reviews significantly helped in improving the presentation of this article.

The first author is supported by a grant from Northrop Grumman.

A part of this work was done while the second author was at Microsoft Research, India. Work done at UCLA is supported in part from NSF grant 1619348, NSF frontier award 1413955, US-Israel BSF grants 2012366, 2012378, and by the Defense Advanced Research Projects Agency (DAPRA) SAFEWARE program through the ARL under Contract W911NF-15-C-0205 and through a subcontract with Galois, inc. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government.


  1. [ADKO15]
    Dodis, Y., Nielsen, J.B. (eds.): TCC 2015. LNCS, vol. 9014. Springer, Heidelberg (2015). Scholar
  2. [ADL14]
    Aggarwal, D., Dodis, Y., Lovett, S.: Non-malleable codes from additive combinatorics. In: Proceedings of the 46th Annual ACM Symposium on Theory of Computing, pp. 774–783. ACM (2014)Google Scholar
  3. [Bei]
    Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis (1996)Google Scholar
  4. [Bei11]
    Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., et al. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011). Scholar
  5. [Bla79]
    Blakley, G.R.: Safeguarding cryptographic keys. In: AFIPS National Computer Conference (NCC 1979), pp. 313–317. IEEE Computer Society, Los Alamitos (1979)Google Scholar
  6. [BOGW88]
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM (1988)Google Scholar
  7. [CDF+08]
    Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008). Scholar
  8. [CDTV16]
    Coretti, S., Dodis, Y., Tackmann, B., Venturi, D.: Non-malleable encryption: simpler, shorter, stronger. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 306–335. Springer, Heidelberg (2016). Scholar
  9. [CGL16]
    Chattopadhyay, E., Goyal, V., Li, X.: Non-malleable extractors and codes, with their many tampered extensions. In: STOC (2016)Google Scholar
  10. [DKO13]
    Dziembowski, S., Kazana, T., Obremski, M.: Non-malleable codes from two-source extractors. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 239–257. Springer, Heidelberg (2013). Scholar
  11. [DPW10]
    Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: Innovations in Computer Science - ICS 2010, Tsinghua University, Beijing, China, 5–7 January 2010, Proceedings, pp. 434–452 (2010)Google Scholar
  12. [GGSW13]
    Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 467–476. ACM (2013)Google Scholar
  13. [GJK15]
    Goyal, V., Jain, A., Khurana, D.: Non-malleable multi-prover interactive proofs and witness signatures. Cryptology ePrint Archive, Report 2015/1095 (2015).
  14. [GK18]
    Goyal, V., Kumar, A.: Non-malleable secret sharing. In: Proceedings of the Fiftieth ACM STOC. ACM (2018, to appear)Google Scholar
  15. [Gol07]
    Goldreich, O.: Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press, Cambridge (2007)zbMATHGoogle Scholar
  16. [GPR16]
    Goyal, V., Pandey, O., Richelson, S.: Textbook non-malleable commitments. In: Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, 18–21 June 2016, pp. 1128–1141 (2016)Google Scholar
  17. [ISN89]
    Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. Electron. Commun. Jpn. (Part III Fundam. Electron. Sci.) 72(9), 56–64 (1989)MathSciNetCrossRefGoogle Scholar
  18. [KGH83]
    Karnin, E., Greene, J., Hellman, M.: On secret sharing systems. IEEE Trans. Inf. Theory 29(1), 35–41 (1983)MathSciNetCrossRefGoogle Scholar
  19. [KNY14]
    Komargodski, I., Naor, M., Yogev, E.: Secret-sharing for NP. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 254–273. Springer, Heidelberg (2014). Scholar
  20. [KW93]
    Karchmer, M., Wigderson, A.: On span programs. In: 1993, Proceedings of the Eighth Annual Structure in Complexity Theory Conference, pp. 102–111. IEEE (1993)Google Scholar
  21. [Li17]
    Li, X.: Improved non-malleable extractors, non-malleable codes and independent source extractors. In: STOC. ACM (2017)Google Scholar
  22. [LL12]
    Liu, F.-H., Lysyanskaya, A.: Tamper and leakage resilience in the split-state model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 517–532. Springer, Heidelberg (2012). Scholar
  23. [MS81]
    McEliece, R.J., Sarwate, D.V.: On sharing secrets and Reed-Solomon codes. Commun. ACM 24(9), 583–584 (1981)MathSciNetCrossRefGoogle Scholar
  24. [RBO89]
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: STOC 1989, pp. 73–85. ACM, New York (1989)Google Scholar
  25. [Sha79]
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.CMUMount PleasantUSA
  2. 2.UCLALos AngelesUSA

Personalised recommendations