Secret Sharing Made Short
A well-known fact in the theory of secret sharing schemes is that shares must be of length at least as the secret itself. However, the proof of this lower bound uses the notion of information theoretic secrecy. A natural (and very practical) question is whether one can do better for secret sharing if the notion of secrecy is computational, namely, against resource bounded adversaries. In this note we observe that, indeed, one can do much better in the computational model (which is the one used in most applications).
We present an m-threshold scheme, where m shares recover the secret but m − 1 shares give no (computational) information on the secret, in which shares corresponding to a secret S are of size |S|/m plus a short piece of information whose length does not depend on the secret size but just in the security parameter. (The bound of |S|/m is clearly optimal if the secret is to be recovered from m shares). Therefore, for moderately large secrets (a confidential file, a long message, a large data base) the savings in space and communication over traditional schemes is remarkable. The scheme is very simple and combines in a natural way traditional (perfect) secret sharing schemes, encryption, and information dispersal. It is provable secure given a secure (e.g., private key) encryption function.
KeywordsSecret Sharing Access Structure Secret Sharing Scheme Encryption Function Erasure Code
- 1.Benaloh, J. and Leichter J., “Generalized secret sharing and monotone functions”, Proc. Crypto’ 88, pp. 27–35.Google Scholar
- 2.Blakley, G.R., “Safeguarding Cryptographic Keys”, Proc. AFIPS 1979 National Computer Conference, New York, Vol. 48, 1979, pp. 313–317.Google Scholar
- 3.Blakley, G.R., and Meadows C. “Security of Ramp Schemes”, in Lecture Notes in Computer Science 196; Advances in Cryptology: Proc. Crypto’ 84, Springer-Verlag, 1985, pp.242–268.Google Scholar
- 4.Brickel, E.F., and Stinson, D.R., “The Detection of Cheaters in Threshold Schemes”, in Lecture Notes in Computer Science 403; Advances in Cryptology: Proc. Crypto’ 88, Springer-Verlag, 1990, pp.564–577.Google Scholar
- 5.Chor, B., S. Goldwasser, S. Micali, and B. Awerbuch, “Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults”, Proc. 26th FOCS, 1985, pp. 383–395.Google Scholar
- 6.Dolev, D., Dwork, C., Waarts, O., and Yung, M., “Perfectly Secure Message Transmission”, Proc. 31st IEEE Symp. on Foundations of Computer Science, 1990, pp. 36–45.Google Scholar
- 9.Krawczyk, H., “Distributed Fingerprints and Secure Information Dispersal”, Proc. of 12th. PODC, pp. 207–218, 1993.Google Scholar
- 11.Micali, S., “Fair Public-Key Cryptosystems”, Crypto’ 92.Google Scholar
- 12.Naor, M., and Roth, R.M., “Optimal File Sharing in Distributed Networks”, Proc. 32nd IEEE Symp. on Foundations of Computer Science, 1991, pp. 515–525.Google Scholar
- 14.Rabin, M.O., “Randomized Byzantine Agreement”, 24th FOCS, pp. 403–409, 1983.Google Scholar