# Secret Sharing and Statistical Zero Knowledge

## Abstract

*Characterizations:*We obtain an almost-characterization of access structures for which there are secret-sharing schemes with an efficient sharing algorithm (but not necessarily efficient reconstruction). In particular, we show that for every language \(L \in {{\mathbf {SZK}}_{\mathbf {L}}}\) (the class of languages that have statistical zero knowledge proofs with log-space verifiers and simulators), a (monotonized) access structure associated with*L*has such a secret-sharing scheme. Conversely, we show that such secret-sharing schemes can only exist for languages in \({\mathbf {SZK}}\).*Constructions:*We show new constructions of secret-sharing schemes with both efficient sharing and efficient reconstruction for access structures associated with languages that are in \({\mathbf {P}}\), but are not known to be in \({\mathbf {NC}}\), namely Bounded-Degree Graph Isomorphism and constant-dimensional lattice problems. In particular, this gives us the first combinatorial access structure that is conjectured to be outside \({\mathbf {NC}}\) but has an efficient secret-sharing scheme. Previous such constructions (Beimel and Ishai; CCC 2001) were algebraic and number-theoretic in nature.*Limitations:*We also show that*universally-efficient*secret-sharing schemes, where the complexity of computing the shares is a polynomial independent of the complexity of deciding the access structure, cannot exist for all (monotone languages in) \(\mathbf {P}\), unless there is a polynomial*q*such that \({\mathbf {P}} \subseteq {\mathbf {DSPACE}}(q(n))\).

### Keywords

Statistical zero knowledge Secret sharing## Notes

### Acknowledgments

We thank an anonymous ASIACRYPT reviewer for comments that helped improve the presentation of this paper.

### References

- 1.Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in \(nc^{0}\). SIAM J. Comput.
**36**(4), 845–888 (2006)MathSciNetCrossRefMATHGoogle Scholar - 2.Arvind, V., Torán, J.: Isomorphism testing: perspective and open problems. Bull. EATCS
**86**, 66–84 (2005)MathSciNetMATHGoogle Scholar - 3.Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. J. ACM
**59**(2), 6 (2012)MathSciNetCrossRefMATHGoogle Scholar - 4.Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011) CrossRefGoogle Scholar
- 5.Beimel, A., Ishai, Y.: On the power of nonlinear secret-sharing. IACR Cryptol. ePrint Arch.
**2001**, 30 (2001)MATHGoogle Scholar - 6.Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990) Google Scholar
- 7.Bitansky, N., Garg, S., Telang, S.: Succinct randomized encodings and their applications. IACR Cryptol. ePrint Arch.
**2014**, 771 (2014)MATHGoogle Scholar - 8.Blakley, G.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, vol. 48, pp. 313–317 (1979)Google Scholar
- 9.Blundo, C., De Santis, A., De Simone, R., Vaccaro, U.: Tight bounds on the information rate of secret sharing schemes. Des. Codes Cryptography
**11**(2), 107–122 (1997)MathSciNetCrossRefMATHGoogle Scholar - 10.Canetti, R., Holmgren, J., Jain, A., Vaikuntanathan, V.: Indistinguishability obfuscation of iterated circuits and RAM programs. IACR Cryptology ePrint Archive
**2014**, 769 (2014)MATHGoogle Scholar - 11.Csirmaz, L.: The size of a share must be large. J. Cryptology
**10**(4), 223–231 (1997)MathSciNetCrossRefMATHGoogle Scholar - 12.Dvir, Z., Gutfreund, D., Rothblum, G. N., Vadhan, S.: On approximating the entropy of polynomial mappings. In: Proceedings of the 2nd Innovations in Computer Science Conference, pp. 460–475 (2011)Google Scholar
- 13.Fortnow, L., Lund, C.: Interactive proof systems and alternating time-space complexity. Theor. Comput. Sci.
**113**(1), 55–73 (1993)MathSciNetCrossRefMATHGoogle Scholar - 14.Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49 (2013)Google Scholar
- 15.Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, Toronto, Canada, 27–29 October 1986, pp. 174–187 (1986)Google Scholar
- 16.Greenlaw, R., Hoover, H.J., Ruzzo, W.L.: Limits to Parallel Computation: P-completeness Theory. Oxford University Press Inc, New York (1995)MATHGoogle Scholar
- 17.Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: FOCS, pp. 294–304 (2000)Google Scholar
- 18.Ishai, Y., Wee, H.: Partial garbling schemes and their applications. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014) Google Scholar
- 19.Ito, M., Saio, A., Nishizeki, T.: Multiple assignment scheme for sharing secret. J. Cryptology
**6**(1), 15–20 (1993)MathSciNetCrossRefMATHGoogle Scholar - 20.Karchmer, M., Wigderson, A.: On span programs. In: Proceedings of the Eigth Annual Structure in Complexity Theory Conference, San Diego, CA, USA, May 18–21, 1993, pp. 102–111. IEEE Computer Society (1993)Google Scholar
- 21.Karnin, E.D., Greene, J.W., Hellman, M.E.: On secret sharing systems. IEEE Trans. Inf. Theor.
**29**(1), 35–41 (1983)MathSciNetCrossRefMATHGoogle Scholar - 22.Komargodski, I., Naor, M., Yogev, E.: Secret-sharing for \(\sf {NP}\). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 254–273. Springer, Heidelberg (2014) Google Scholar
- 23.Koppula, V., Lewko, A. B., Waters, B.: Indistinguishability obfuscation for turing machines with unbounded memory. IACR Cryptology ePrint Archive, 2014/925 (2014)Google Scholar
- 24.Lenstra Jr., A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann.
**261**(4), 515–534 (1982)MathSciNetCrossRefMATHGoogle Scholar - 25.Lin, H., Pass, R.: Succinct garbling schemes and applications. IACR Cryptology ePrint Archive
**2014**, 766 (2014)Google Scholar - 26.Luks, E.M.: Isomorphism of graphs of bounded valence can be tested in polynomial time. In: FOCS, pp. 42–49 (1980)Google Scholar
- 27.Razborov, A.A.: Lower bounds on the monotone complexity of some Boolean functions. Doklady Akademii Nauk SSSR
**285**, 798–801 (1985)MathSciNetMATHGoogle Scholar - 28.Sahai, A., Vadhan, S.P.: A complete problem for statistical zero knowledge. Electron. Colloquium on Comput. Complex. (ECCC) 7(84) (2000)Google Scholar
- 29.Shamir, A.: How to share a secret. Commun. ACM
**22**(11), 612–613 (1979)MathSciNetCrossRefMATHGoogle Scholar - 30.Tardos, É.: The gap between monotone and non-monotone circuit complexity is exponential. Combinatorica
**8**(1), 141–142 (1988)MathSciNetCrossRefMATHGoogle Scholar - 31.Vadhan, S.: A study of statistical zero-knowledge proofs. Ph.D. thesis, Massachusetts Institute of Technology (1999)Google Scholar
- 32.Vinod, V., Narayanan, A., Srinathan, K., Pandu Rangan, C., Kim, K.: On the power of computational secret sharing. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 162–176. Springer, Heidelberg (2003) CrossRefGoogle Scholar
- 33.Wegener, I.: The Complexity of Boolean Functions. Wiley, New York (1987) MATHGoogle Scholar
- 34.Yao, A.: Unpublished manuscript (1989). Presented at Oberwolfach and DIMACS WorkshopsGoogle Scholar