Secret Sharing and Statistical Zero Knowledge
Abstract

Characterizations: We obtain an almostcharacterization of access structures for which there are secretsharing schemes with an efficient sharing algorithm (but not necessarily efficient reconstruction). In particular, we show that for every language \(L \in {{\mathbf {SZK}}_{\mathbf {L}}}\) (the class of languages that have statistical zero knowledge proofs with logspace verifiers and simulators), a (monotonized) access structure associated with L has such a secretsharing scheme. Conversely, we show that such secretsharing schemes can only exist for languages in \({\mathbf {SZK}}\).

Constructions: We show new constructions of secretsharing schemes with both efficient sharing and efficient reconstruction for access structures associated with languages that are in \({\mathbf {P}}\), but are not known to be in \({\mathbf {NC}}\), namely BoundedDegree Graph Isomorphism and constantdimensional lattice problems. In particular, this gives us the first combinatorial access structure that is conjectured to be outside \({\mathbf {NC}}\) but has an efficient secretsharing scheme. Previous such constructions (Beimel and Ishai; CCC 2001) were algebraic and numbertheoretic in nature.

Limitations: We also show that universallyefficient secretsharing schemes, where the complexity of computing the shares is a polynomial independent of the complexity of deciding the access structure, cannot exist for all (monotone languages in) \(\mathbf {P}\), unless there is a polynomial q such that \({\mathbf {P}} \subseteq {\mathbf {DSPACE}}(q(n))\).
Keywords
Statistical zero knowledge Secret sharingNotes
Acknowledgments
We thank an anonymous ASIACRYPT reviewer for comments that helped improve the presentation of this paper.
References
 1.Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in \(nc^{0}\). SIAM J. Comput. 36(4), 845–888 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
 2.Arvind, V., Torán, J.: Isomorphism testing: perspective and open problems. Bull. EATCS 86, 66–84 (2005)MathSciNetzbMATHGoogle Scholar
 3.Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
 4.Beimel, A.: Secretsharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011) CrossRefGoogle Scholar
 5.Beimel, A., Ishai, Y.: On the power of nonlinear secretsharing. IACR Cryptol. ePrint Arch. 2001, 30 (2001)zbMATHGoogle Scholar
 6.Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990) Google Scholar
 7.Bitansky, N., Garg, S., Telang, S.: Succinct randomized encodings and their applications. IACR Cryptol. ePrint Arch. 2014, 771 (2014)zbMATHGoogle Scholar
 8.Blakley, G.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, vol. 48, pp. 313–317 (1979)Google Scholar
 9.Blundo, C., De Santis, A., De Simone, R., Vaccaro, U.: Tight bounds on the information rate of secret sharing schemes. Des. Codes Cryptography 11(2), 107–122 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
 10.Canetti, R., Holmgren, J., Jain, A., Vaikuntanathan, V.: Indistinguishability obfuscation of iterated circuits and RAM programs. IACR Cryptology ePrint Archive 2014, 769 (2014)zbMATHGoogle Scholar
 11.Csirmaz, L.: The size of a share must be large. J. Cryptology 10(4), 223–231 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
 12.Dvir, Z., Gutfreund, D., Rothblum, G. N., Vadhan, S.: On approximating the entropy of polynomial mappings. In: Proceedings of the 2nd Innovations in Computer Science Conference, pp. 460–475 (2011)Google Scholar
 13.Fortnow, L., Lund, C.: Interactive proof systems and alternating timespace complexity. Theor. Comput. Sci. 113(1), 55–73 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
 14.Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49 (2013)Google Scholar
 15.Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, Toronto, Canada, 27–29 October 1986, pp. 174–187 (1986)Google Scholar
 16.Greenlaw, R., Hoover, H.J., Ruzzo, W.L.: Limits to Parallel Computation: Pcompleteness Theory. Oxford University Press Inc, New York (1995)zbMATHGoogle Scholar
 17.Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to roundefficient secure computation. In: FOCS, pp. 294–304 (2000)Google Scholar
 18.Ishai, Y., Wee, H.: Partial garbling schemes and their applications. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014) Google Scholar
 19.Ito, M., Saio, A., Nishizeki, T.: Multiple assignment scheme for sharing secret. J. Cryptology 6(1), 15–20 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
 20.Karchmer, M., Wigderson, A.: On span programs. In: Proceedings of the Eigth Annual Structure in Complexity Theory Conference, San Diego, CA, USA, May 18–21, 1993, pp. 102–111. IEEE Computer Society (1993)Google Scholar
 21.Karnin, E.D., Greene, J.W., Hellman, M.E.: On secret sharing systems. IEEE Trans. Inf. Theor. 29(1), 35–41 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
 22.Komargodski, I., Naor, M., Yogev, E.: Secretsharing for \(\sf {NP}\). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 254–273. Springer, Heidelberg (2014) Google Scholar
 23.Koppula, V., Lewko, A. B., Waters, B.: Indistinguishability obfuscation for turing machines with unbounded memory. IACR Cryptology ePrint Archive, 2014/925 (2014)Google Scholar
 24.Lenstra Jr., A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
 25.Lin, H., Pass, R.: Succinct garbling schemes and applications. IACR Cryptology ePrint Archive 2014, 766 (2014)Google Scholar
 26.Luks, E.M.: Isomorphism of graphs of bounded valence can be tested in polynomial time. In: FOCS, pp. 42–49 (1980)Google Scholar
 27.Razborov, A.A.: Lower bounds on the monotone complexity of some Boolean functions. Doklady Akademii Nauk SSSR 285, 798–801 (1985)MathSciNetzbMATHGoogle Scholar
 28.Sahai, A., Vadhan, S.P.: A complete problem for statistical zero knowledge. Electron. Colloquium on Comput. Complex. (ECCC) 7(84) (2000)Google Scholar
 29.Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
 30.Tardos, É.: The gap between monotone and nonmonotone circuit complexity is exponential. Combinatorica 8(1), 141–142 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
 31.Vadhan, S.: A study of statistical zeroknowledge proofs. Ph.D. thesis, Massachusetts Institute of Technology (1999)Google Scholar
 32.Vinod, V., Narayanan, A., Srinathan, K., Pandu Rangan, C., Kim, K.: On the power of computational secret sharing. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 162–176. Springer, Heidelberg (2003) CrossRefGoogle Scholar
 33.Wegener, I.: The Complexity of Boolean Functions. Wiley, New York (1987) zbMATHGoogle Scholar
 34.Yao, A.: Unpublished manuscript (1989). Presented at Oberwolfach and DIMACS WorkshopsGoogle Scholar