CRYPTO 2006: Advances in Cryptology - CRYPTO 2006 pp 521-536

# Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields

• Hao Chen
• Ronald Cramer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4117)

## Abstract

We introduce algebraic geometric techniques in secret sharing and in secure multi-party computation (MPC) in particular. The main result is a linear secret sharing scheme (LSSS) defined over a finite field $${\mathbb F}_q$$, with the following properties.

1. It is ideal. The number of players n can be as large as $$\#C({\mathbb F}_q)$$, where C is an algebraic curve C of genus g defined over $${\mathbb F}_q$$.

2. It is quasi-threshold: it is t-rejecting and t+1+2g-accepting, but not necessarily t+1-accepting. It is thus in particular a ramp scheme. High information rate can be achieved.

3. It has strong multiplication with respect to the t-threshold adversary structure, if $$t<\frac{1}{3}n-\frac{4}{3}g$$. This is a multi-linear algebraic property on an LSSS facilitating zero-error multi-party multiplication, unconditionally secure against corruption by an active t-adversary.

4. The finite field $${\mathbb F}_q$$ can be dramatically smaller than n. This is by using algebraic curves with many $${\mathbb F}_q$$-rational points. For example, for each small enough ε, there is a finite field $${\mathbb F}_q$$ such that for infinitely many n there is an LSSS over $${\mathbb F}_q$$ with strong multiplication satisfying $$(\frac{1}{3}- \epsilon) n\leq t < \frac{1}{3}n$$.

5. Shamir’s scheme, which requires n>q and which has strong multiplication for $$t<\frac{1}{3}n$$, is a special case by taking g=0.

Now consider the classical (“BGW”) scenario of MPC unconditionally secure (with zero error probability) against an active t-adversary with $$t<\frac{1}{3}n$$, in a synchronous n-player network with secure channels. By known results it now follows that there exist MPC protocols in this scenario, achieving the same communication complexities in terms of the number of field elements exchanged in the network compared with known Shamir-based solutions. However, in return for decreasing corruption tolerance by a small ε-fraction, q may be dramatically smaller than n. This tolerance decrease is unavoidable due to properties of MDS codes. The techniques extend to other models of MPC. Results on less specialized LSSS can be obtained from more general coding theory arguments.

## Keywords

Secret Sharing Access Structure Algebraic Curf Secret Sharing Scheme Strong Multiplication

## References

1. 1.
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of STOC 1988, pp. 1–10. ACM Press, New York (1988)Google Scholar
2. 2.
Bierbrauer, J.: Universal Hashing and Geometric Codes. Designs, Codes and Cryptography 11, 207–221 (1997)
3. 3.
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of National Computer Conference 1979. AFIPS Proceedings, vol. 48, pp. 313–317 (1979)Google Scholar
4. 4.
Chaum, D., Crépeau, C., Damgaard, I.: Multi-party unconditionally secure protocols. In: Proceedings STOC 1988, pp. 11–19. ACM Press, New York (1988)Google Scholar
5. 5.
Chen, H.: Linear secret sharing from algebraic-geometric codes. Merged with [8]Google Scholar
6. 6.
Chen, H., Cramer, R., Ding, C., Xing, C.: Secret sharing and secure multi-party compuation from projective algebraic subsets. Work in progressGoogle Scholar
7. 7.
Chen, H., Cramer, R., Goldwasser, S., Vaikuntanathan, V., de Haan, R.: Threshold MPC in the Rabin-Ben Or broadcast model unconditionally secure against corrupt minorities based on general error correcting codes. Work in progressGoogle Scholar
8. 8.
Cramer, R.: Algebraic geometric secret sharing and secure computation over small fields. Merged with [5]Google Scholar
9. 9.
Cramer, R., Fehr, S., Stam, M.: Black-box secret sharing from primitive sets in algebraic number fields. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 344–360. Springer, Heidelberg (2005)Google Scholar
10. 10.
Cramer, R., Daza, V., Gracia, I., Urroz, J.J., Leander, G., Martí-Farré, J., Padró, C.: On codes, matroids and secure multi-party computation from linear secret sharing schemes. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 327–343. Springer, Heidelberg (2005)Google Scholar
11. 11.
Cramer, R., de Haan, R.: Atomic Secure Multi-Party Multiplication with Low Communication (manuscript, 2004)Google Scholar
12. 12.
Cramer, R., Fehr, S., Ishai, Y., Kushilevitz, E.: Efficient multi-party computation over rings. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 596–613. Springer, Heidelberg (2003)
13. 13.
Cramer, R., Fehr, S.: Optimal Black-Box Secret Sharing over Arbitrary Abelian Groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 272–287. Springer, Heidelberg (2002)
14. 14.
Cramer, R., Damgaard, I., Dziembowski, S.: On the complexity of verifiable secret sharing and multi-party computation. In: Proceedings of STOC 2000, pp. 325–334. ACM Press, New York (2000)Google Scholar
15. 15.
Cramer, R., Damgård, I.B., Maurer, U.M.: General secure multi-party computation from any linear secret-sharing scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 316–334. Springer, Heidelberg (2000)
16. 16.
Cramer, R., Damgård, I.B., Dziembowski, S., Hirt, M., Rabin, T.: Efficient multiparty computations secure against an adaptive adversary. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 311. Springer, Heidelberg (1999)Google Scholar
17. 17.
Desmedt, Y., Frankel, Y.: Homomorphic zero-knowledge threshold schemes over any finite abelian group. SIAM Journal of Discrete Mathematics 7, 667–679 (1994)
18. 18.
McEliece, R.J., Sarvate, D.V.: On sharing secrets and Reed-Solomon codes. Comm. of the ACM 22(11), 612–613 (1979)
19. 19.
Franklin, M., Yung, M.: Communication complexity of secure computation. In: Proceedings of STOC 1992. ACM Press, New York (1992)Google Scholar
20. 20.
21. 21.
García, A., Stichtenoth, H.: On the asymptotic behavior of some towers of function fields over finite fields. J. Number Theory 61, 248–273 (1996)
22. 22.
van der Geer, G., van der Vlugt, M.: Tables of curves with many points. Mathematics of Computation 69, 797–810 (2000), See also, www.science.uva.nl/~geer
23. 23.
Goppa, V.D.: Codes on algebraic curves. Soviet Math. Dokl. 24, 170–172 (1981)
24. 24.
Karchmer, M., Wigderson, A.: On span programs. In: Proceedings of the Eigth Annual Structure in Complexity Theory Conference, pp. 102–111. IEEE, Los Alamitos (1993)
25. 25.
Kumar, R., Rajagopalan, S., Sahai, A.: Coding constructions for blacklisting problems without computational assumptions. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 609–623. Springer, Heidelberg (1999)Google Scholar
26. 26.
Lam, K.Y., Wang, H.X., Xing, C.: Constructions of authentication codes from algebraic curves over finite fields. IEEE Transactions in Information Theory 46, 886–892 (2000)
27. 27.
28. 28.
van Lint, J.H.: Introduction to Coding Theory. GTM. Springer, HeidelbergGoogle Scholar
29. 29.
Massey, J.L.: Minimal codewords and secret sharing. In: Proceedings of the 6-th Joint Swedish-Russian Workshop on Information Theory, Molle, Sweden, August 1993, pp. 269–279 (1993)Google Scholar
30. 30.
Massey, J.L.: Some applications of coding theory in cryptography. In: Codes and Ciphers: Cryptography and Coding IV, pp. 33–47 (1995)Google Scholar
31. 31.
Niederreiter, H., Wang, H., Xing, C.: Function fields over finite fields and their application to cryptography. In: García, A., Stichtenoth, H. (eds.) Topics in geometry, coding theory and cryptography. Springer, Heidelberg (2006)Google Scholar
32. 32.
Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: Proc. ACM STOC 1989, pp. 73–85 (1989)Google Scholar
33. 33.
Shamir, A.: How to share a secret. Comm. of the ACM 22(11), 612–613 (1979)
34. 34.
Silverman, J.: The Arithmetic of Elliptic Curves. GTM. Springer, HeidelbergGoogle Scholar
35. 35.
Shum, K.W., Aleshnikov, I., Kumar, V.P., Stichtenoth, H., Deolaikar, V.: A low-complexity algorithm for the construction of algebraic-geometric codes better than the Gilbert-Varshamov bound. IEEE Trans. IT 47(6), 2225–2241 (2001)
36. 36.
Stichtenoth, H.: Algebraic function fields and codes. Springer, Heidelberg (1993)
37. 37.
38. 38.
Vladuts, S.: A note on authentication codes from algebraic geometry. IEEE Transactions in Information Theory 44(3), 1342–1345 (1998)
39. 39.
Xing, C.: Authentication codes and algebraic curves. In: Proceedings of the 3rd European Congress of Mathematics, Bikhauser, vol. 2, pp. 239–244 (2001)Google Scholar