Abstract
Despite active research on secret-sharing schemes for arbitrary access structures for more than 35 years, we do not understand their share size – the best known upper bound for an arbitrary n-party access structure is \(2^{O(n)}\), while the best known lower bound is \(\varOmega (n/\log (n))\). Consistent with our knowledge, the share size can be anywhere between these bounds. To better understand this question, one can study specific families of secret-sharing schemes. For example, linear secret-sharing schemes, in which the sharing and reconstruction functions are linear mappings, have been studied in many papers, e.g., it is known that they require shares of size at least \(2^{0.5n}\). Secret-sharing schemes in which the sharing and/or reconstruction are computed by low-degree polynomials have been recently studied by Paskin-Cherniavsky and Radune [ITC 2020] and by Beimel, Othman, and Peter [CRYPTO 2021]. It was shown that secret-sharing schemes with sharing and reconstruction computed by polynomials of degree 2 are more efficient than linear schemes (i.e., schemes in which the sharing and reconstruction are computed by polynomials of degree one).
Prior to our work, it was not known if using polynomials of higher degree can reduce the share size. We show that this is indeed the case, i.e., we construct secret-sharing schemes for arbitrary access structures with reconstruction by degree-d polynomials, where as the reconstruction degree d increases, the share size decreases. As a step in our construction, we construct conditional disclosure of secrets (CDS) protocols. For example, we construct 2-server CDS protocols for functions \(f:[N]\times [N] \rightarrow {\{}0,1{\}}\) with reconstruction computed by degree-d polynomials with message size \(N^{O(\log \log d/\log d)}\). Combining our results with a lower bound of Beimel et al. [CRYPTO 2021], we show that increasing the degree of the reconstruction function in CDS protocols provably reduces the message size. To construct our schemes, we define sparse matching vectors, show constructions of such vectors, and design CDS protocols and secret-sharing schemes with degree-d reconstruction from sparse matching vectors.
The full version of this work is available at [11].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The notation \(O_m(\cdot )\) allows the constant in the O notation to depend on m.
- 2.
In [22], they also have a construction that uses a \(\mathbb {Z}_6\setminus {\{}0{\}}\)-matching vectors family over \(\mathbb {Z}_6\). It is unclear how to use this construction to improve the communication complexity of PIR and CDS protocols.
- 3.
For linear and multi-linear schemes, there is a tight linear upper bound on the randomness complexity.
References
Aigner, M., Ziegler, G.M.: Bertrand’s postulate. In: Proofs from THE BOOK, pp. 7–12. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-00856-6_2
Applebaum, B., Arkis, B., Raykov, P., Vasudevan, P.N.: Conditional disclosure of secrets: amplification, closure, amortization, lower-bounds, and separations. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 727–757. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_24
Applebaum, B., Beimel, A., Farràs, O., Nir, O., Peter, N.: Secret-sharing schemes for general and uniform access structures. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 441–471. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_15
Applebaum, B., Beimel, A., Nir, O., Peter, N.: Better secret sharing via robust conditional disclosure of secrets. In: 52nd STOC, pp. 280–293 (2020)
Applebaum, B., Holenstein, T., Mishra, M., Shayevitz, O.: The communication complexity of private simultaneous messages, revisited. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 261–286. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_9
Applebaum, B., Nir, O.: Upslices, downslices, and secret-sharing with complexity of \(1.5^n\). In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 627–655. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_21
Applebaum, B., Vasudevan, P.N.: Placing conditional disclosure of secrets in the communication complexity universe. In: 10th ITCS, pp. 4:1–4:14 (2019)
Babai, L., Gál, A., Wigderson, A.: Superpolynomial lower bounds for monotone span programs. Combinatorica 19(3), 301–319 (1999)
Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., et al. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20901-7_2
Beimel, A., Farràs, O.: The share size of secret-sharing schemes for almost all access structures and graphs. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 499–529. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_18
Beimel, A., Farràs, O., Lasri, O.: Improved polynomial secret-sharing schemes (2023). https://eprint.iacr.org/2023/1158
Beimel, A., Farràs, O., Mintz, Y., Peter, N.: Linear secret-sharing schemes for forbidden graph access structures. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 394–423. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_13
Beimel, A., Ishai, Y., Kumaresan, R., Kushilevitz, E.: On the cryptographic complexity of the worst functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 317–342. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_14
Beimel, A., Ishai, Y., Kushilevitz, E.: General constructions for information-theoretic private information retrieval. J. Comput. Syst. Sci. 71(2), 213–247 (2005)
Beimel, A., Othman, H., Peter, N.: Quadratic secret sharing and conditional disclosure of secrets. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 748–778. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_25
Beimel, A., Peter, N.: Optimal linear multiparty conditional disclosure of secrets protocols. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 332–362. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_13
Bertilsson, M., Ingemarsson, I.: A construction of practical secret sharing schemes using linear block codes. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 67–79. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57220-1_53
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, volume 48, pages 313–317 (1979)
Csirmaz, L.: The dealer’s random bits in perfect secret sharing schemes. Studia Sci. Math. Hungar. 32(3–4), 429–437 (1996)
Csirmaz, L.: The size of a share must be large. J. Cryptol. 10(4), 223–231 (1997)
Dvir, Z., Gopalan, P., Yekhanin, S.: Matching vector codes. SIAM J. Comput. 40(4), 1154–1178 (2011)
Dvir, Z., Gopi, S.: 2-server PIR with sub-polynomial communication. In: 47th STOC, pp. 577–584 (2015)
Efremenko, K.: 3-query locally decodable codes of subexponential length. In: STOC 2009, pp. 39–44 (2009)
Efremenko, K.: 3-query locally decodable codes of subexponential length. SIAM J. Comput. 41(6), 1694–1703 (2012)
Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation. In: 26th STOC, pp. 554–563 (1994)
Frankl, P.: Constructing finite sets with given intersections. In: Combinatorial Mathematics, Proceedings of the International Colloquium on Graph Theory and Combinatorics 1981, vol. 17 of Annals of Discrete Mathematics, pp. 289–291 (1983)
Frankl, P., Wilson, R.M.: Intersection theorems with geometric consequences. Combinatorica 1(4), 357–368 (1981)
Gay, R., Kerenidis, I., Wee, H.: Communication complexity of conditional disclosure of secrets and attribute-based encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 485–502. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_24
Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: Proceedings of the 30th ACM Symposium on the Theory of Computing, pp. 151–160 (1998). Journal version: J. of Computer and System Sciences, 60(3), 592–629, 2000
Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. JCSS 60(3), 592–629 (2000)
Grolmusz, V.: Superpolynomial size set-systems with restricted intersections mod 6 and explicit Ramsey graphs. Combinatorica 20, 71–86 (2000)
Ishai, Y., Kushilevitz, E.: Improved upper bounds on information theoretic private information retrieval. In: Proceedings of the 31st ACM Symposium on the Theory of Computing, pp. 79–88 (1999). Journal version in [14]
Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Automata, Languages and Programming, 29th International Colloquium, ICALP 2002, pp. 244–256 (2002)
Ito, M., Saito, A., Nishizeki, T.: Secret sharing schemes realizing general access structure. In: Globecom 87, pp. 99–102 (1987). Journal version: Multiple assignment scheme for sharing secret. J. of Cryptology, 6(1), 15–20, 1993
Karchmer, M., Wigderson, A.: On span programs. In: 8th Structure in Complexity Theory, pp. 102–111 (1993)
Kutin, S.: Constructing large set systems with given intersection sizes modulo composite numbers. Combinatorics, Probability Computing (2002)
Liu, T., Vaikuntanatha, V.: Breaking the circuit-size barrier in secret sharing. In: 50th STOC, pp. 699–708 (2018)
Liu, T., Vaikuntanathan, V., Wee, H.: Conditional disclosure of secrets via non-linear reconstruction. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 758–790. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_25
Liu, T., Vaikuntanathan, V., Wee, H.: Towards breaking the exponential barrier for general secret sharing. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 567–596. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_21
Paskin-Cherniavsky, A., Radune, A.: On polynomial secret sharing schemes. In: ITC 2020, vol. 163 of LIPIcs, pp. 12:1–12:21 (2020)
Pitassi, T., Robere, R.: Lifting Nullstellensatz to monotone span programs over any field. In: 50th STOC, pp. 1207–1219 (2018)
Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)
Sun, H.-M., Shieh, S.-P.: Secret sharing in graph-based prohibited structures. In: INFOCOM 1997, pp. 718–724. IEEE (1997)
Xylouris, T.: On the least prime in an arithmetic progression and estimates for the zeros of Dirichlet l-functions. Acta Arith 150(1), 65–91 (2011)
Acknowledgement
The first and the third authors are supported by the ISF grant 391/21. The first author is also supported by the ERC grant 742754 (project NTSC). The second author is supported by the grant 2021SGR 00115 from the Government of Catalonia, the project ACITHEC PID2021-124928NB-I00 from the Government of Spain, and the project HERMES, funded by INCIBE and NGEU/PRTR.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Beimel, A., Farràs, O., Lasri, O. (2023). Improved Polynomial Secret-Sharing Schemes. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023. Lecture Notes in Computer Science, vol 14370. Springer, Cham. https://doi.org/10.1007/978-3-031-48618-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-48618-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-48617-3
Online ISBN: 978-3-031-48618-0
eBook Packages: Computer ScienceComputer Science (R0)
