Keywords

1 Introduction

Linear programming involving information inequalities has been extensively used in different kinds of information theoretic problems. An early instance is the verification of Shannon information inequalities [63], and we find more examples in secret sharing [15, 52], network coding [61, 64], and other topics [62].

In this work, we present a new improvement of the linear programming technique in the search for lower bounds on the information ratio of secret sharing schemes. Namely, instead of known non-Shannon information inequalities, we propose to use constraints based on the properties from which those inequalities are deduced.

Secret sharing, which was independently introduced by Shamir [58] and Blakley [9], is a very useful tool that appears as a component in many different kinds of cryptographic protocols. The reader is referred to [4] for a survey on secret sharing and its applications. In a secret sharing scheme, a secret value is distributed into shares among a set of participants in such a way that only the qualified sets of participants can recover the secret value. This work deals exclusively with unconditionally secure and perfect secret sharing schemes, in which the shares from any unqualified set do not provide any information on the secret value. In this case, the family of qualified sets of participants is called the access structure of the scheme.

In a linear secret sharing scheme, the secret and the shares are vectors over some finite field, and both the computation of the shares and the recovering of the secret are performed by linear maps. Because of their homomorphic properties, linear schemes are used in many applications of secret sharing. Moreover, most of the known constructions of secret sharing schemes yield linear schemes.

The information ratio of a secret sharing schemes is the ratio between the length of the shares and the length of the secret. The optimization of this parameter, both for linear and general secret sharing schemes, has attracted a lot of attention. This problem has been analyzed for several families of access structures. For example, access structures defined by graphs [5, 10, 12, 16, 18, 20, 30, 32], access structures on a small number of participants [20, 30,31,32, 37, 52, 59], bipartite access structures [25, 51], the ones having few minimal qualified sets [43, 45], or ports of non-representable matroids [7, 44, 48, 52].

That optimization problem is related to the search for asymptotic lower bounds on the length of the shares, which is one of the main open problems in secret sharing. The reader is referred to the survey by Beimel [4] for more information about this topic. For linear secret sharing schemes, building up on the superpolynomial lower bounds in [3, 6], exponential lower bounds have been proved recently [53, 55]. Nevertheless, for the general case, no proof for the existence of access structures requiring shares of superpolynomial size has been found. Moreover, the best of the known lower bounds is the one given by Csirmaz [14, 15], who presented a family of access structures on an arbitrary number n of participants whose optimal information ratio is \({\varOmega }(n/\log n)\).

Almost all known lower bounds on the optimal information ratio have been obtained by the same method, which is called here the linear programming (LP) technique. In particular, the asymptotic lower bound found by Csirmaz [14, 15] and most of the lower bounds for the aforementioned families of access structures. The LP-technique is based on the fact, pointed out by Karnin et al. [39], that a secret sharing scheme can be defined as a collection of random variables such that their joint entropies satisfy certain constraints derived from the access structure.

The technique was first used by Capocelli et al. [12]. In particular, they presented the first examples of access structures with optimal information ratio strictly greater than 1. Csirmaz [15] refined the method by introducing some abstraction revealing its combinatorial nature. This was achieved by using the connection between Shannon entropies and polymatroids discovered by Fujishige [26, 27]. The lower bounds on the optimal information ratio that can be obtained by using that connection between Shannon entropies and polymatroids or, equivalently, by using only Shannon information inequalities are called here Shannon-type lower bounds. The known exact values of the optimal information ratio have been determined by finding, for each of the corresponding access structures, both a Shannon-type lower bound and a linear secret sharing scheme whose information ratio equals that bound.

A further improvement, which was first applied in [7], consists in adding to the game constraints that cannot be derived from Shannon information inequalities. Specifically, the so-called non-Shannon information inequalities and non-Shannon rank inequalities. The former provide lower bounds for the general case, while the bounds derived from the latter apply to linear secret schemes. That addition made it possible to find several new lower bounds [7, 16, 48, 52] and also the first examples of access structures whose optimal information ratios are strictly greater than any Shannon-type lower bound [7], namely the ports of the Vamos matroid.

Finally, Metcalf-Burton [48] and Padró et al. [52] realized that the method consists of finding lower bounds on the solutions of certain linear programming problems, which can be solved if the number of participants is small. In particular, the best Shannon-type lower bound for any given access structure is the optimal value of a certain linear programming problem. Again, new lower bounds for a number of access structures [25, 45, 48, 52] were obtained as a consequence of that improvement.

Some limitations of the LP-technique in the search for asymptotic lower bounds have been found. Namely, the best lower bound that can be obtained by using all information inequalities that were known at the beginning of this decade is linear in the number of participants [8, 15], while at most polynomial lower bounds can be found by using all known or unknown inequalities on a bounded number of variables [46].

Summarizing, while the LP-technique has important limitations when trying to find asymptotic lower bounds, it has been very useful in the search for lower bounds for finite and infinite families of access structures, providing in many cases tight bounds. More details about the LP-technique and its application are discussed in Sect. 2.

Yet another improvement to the LP-technique is presented in this work. Instead of using the known non-Shannon information and rank inequalities, we use the properties from which most of them have been derived. Specifically, most of the known non-Shannon information inequalities are obtained by using the copy lemma [22, 66] or the Ahlswede-Körner lemma [1, 2, 38, 42]. These two techniques are proved to be equivalent in [38]. All known non-Shannon rank inequalities, which provide lower bounds on the information ratio of linear secret sharing schemes, are derived from the common information property [23]. We derive from these properties some constraints to be added to the linear programming problems that are used to find lower bounds.

We applied that improvement to several access structures on a small number of players and we find new lower bounds that could not be found before by using the known information and rank inequalities. Specifically, the access structures on five participants, the graph-based access structures on six participants, and some ports of non-representable matroids have been the testbeds for our improvement on the LP-technique.

Jackson and Martin [37] determined the optimal information ratios of most of the access structures on five participants. The use of computers to solve the corresponding linear programming problems provided better Shannon-type lower bounds for some of the unsolved cases [52]. In addition, constructions of linear secret sharing schemes were presented in [31] improving some upper bounds. After those developments, only eight cases remained unsolved. Moreover, the values of the optimal information ratios for all solved cases were determined by a linear secret sharing scheme matching a Shannon-type lower bound. The negative result in [52, Proposition 7.1] clearly indicated that some of the open cases could not be solved in that way. Nevertheless, adding non-Shannon information and rank inequalities to the linear programs did not produce any new lower bound [52]. In contrast, our enhanced LP-technique provides better lower bounds for those unsolved cases, which are tight for linear secret sharing schemes. In particular, the optimal information ratio of linear secret sharing schemes is now determined for every access structure on five participants. Even though we present new lower bounds, some values are still unknown for general schemes. So, we partially concluded the project initiated by Jackson and Martin in [37]. Moreover, we found the smallest examples of access structures for which the optimal information ratio does not coincide with the best Shannon-type lower bound.

A similar project was undertaken by van Dijk [20] for graph-based access structures on six participants, that is, access structures whose minimal qualified sets have exactly two participants. Most of the cases were solved in the initial work [20], and several advances were presented subsequently [13, 30, 32, 41, 52]. At this point, only nine cases remained unsolved. We have been able to find for them new lower bounds for linear schemes by using our enhanced LP-technique. Once our new lower bounds were made public, Gharahi and Khazaei [33] presented constructions of linear secret sharing schemes proving that they are tight. Therefore, our results made it possible to determine the optimal information rate of linear secret sharing schemes for all graph-based access structures on six participants.

In addition, we present new lower bounds for the ports of four non-representable matroids on eight points and, in particular, we determine the optimal information ratio of linear schemes for the ports of the Vamos matroid and the matroid \(Q_8\).

All the lower bounds that are presented in this paper have been found by solving linear programming problems with conveniently chosen additional constraints derived from the common information property and the Ahlswede-Körner lemma. Since the number of variables and constraints is exponential in the number of participants, this can be done only for access structures on small sets. However, several lower bounds for infinite families of access structures have been obtained by using the LP-technique without solving linear programming problems [10, 15, 17, 18, 51]. Nevertheless, a better understanding of those tools is needed to apply our improvement of the LP-technique in a similar way. Since the known limitations of the LP-technique do not imply the contrary, it may be even possible to improve Csirmaz’s [14, 15] asymptotic lower bound \({\varOmega }(n/\log n)\).

The paper is organized as follows. A detailed discussion on the LP-technique is given in Sect. 2. Our improvement on the method is described in Sect. 3. The new lower bounds that have been obtained by applying our technique are presented in Sect. 4. Constructions of linear secret sharing schemes that are used to prove the tightness of some of those bounds are given in Sect. 5. We conclude the paper in Sect. 6 with some open problems and suggestions for future work.

2 Lower Bounds in Secret Sharing from Linear Programming

We begin by introducing some notation. For a finite set Q, we use \({\mathcal {P}}(Q)\) to denote its power set, that is, the set of all subsets of Q. We use a compact notation for set unions, that is, we write XY for \(X \cup Y\) and Xy for \(X \cup \{y\}\). In addition, we write for the set difference and for .

2.1 Entropic and Linear Polymatroids

Only discrete random variables are considered in this paper. For a finite set Q, consider a random vector \((S_x)_{x \in Q}\). For every \(X \subseteq Q\), we use \(S_X\) to denote the subvector \((S_{x})_{x \in X}\), and \(H(S_X)\) will denote its Shannon entropy. Given three random variables \((S_i)_{i \in \{1,2,3\}}\), the entropy of \(S_1\) conditioned on \(S_2\) is

$$\begin{aligned} H(S_1|S_2) = H(S_{12}) - H(S_2), \end{aligned}$$

the mutual information of \(S_1\) and \(S_2\) is

and, finally, the conditional mutual information is defined by

A fundamental fact about Shannon entropy is that the conditional mutual information is always nonnegative, and this implies the following connection between Shannon entropy and polymatroids, which was first described by Fujishige [26, 27].

Definition 2.1

A polymatroid is a pair (Qf) formed by a finite set Q, the ground set, and a rank function \(f :{\mathcal {P}}(Q) \rightarrow {\mathbb {R}}\) satisfying the following properties.

 

(P1):

\(f(\emptyset ) = 0\).

(P2):

f is monotone increasing: if \(X \subseteq Y \subseteq Q\), then \(f(X) \le f(Y)\).

(P3):

f is submodular: \(f(X \cup Y) + f(X \cap Y) \le f(X) + f(Y)\) for every \(X, Y \subseteq Q\).

 

A polymatroid is called integer if its rank function is integer-valued. If \({\mathcal {S}}= (Q,f)\) is a polymatroid and \(\alpha \) is a positive real number, then \((Q, \alpha f)\) is a polymatroid too, which is called a multiple of \({\mathcal {S}}\).

Theorem 2.2

(Fujishige [26, 27]). Let \((S_x)_{x \in Q}\) be a random vector. Consider the mapping \(h :{\mathcal {P}}(Q) \rightarrow {\mathbb {R}}\) defined by \(h(\emptyset ) = 0\) and \(h(X) = H(S_X)\) if \(\emptyset \ne X \subseteq Q\). Then h is the rank function of a polymatroid with ground set Q.

Definition 2.3

The polymatroids that can be defined from a random vector as in Theorem 2.2 are called entropic. Consider a field \({\mathbb {K}}\), a vector space V with finite dimension over \({\mathbb {K}}\) and a collection \((V_x)_{x \in Q}\) of vector subspaces of V. It is clear from basic linear algebra that the map f defined by \(f(X) = \dim \sum _{x\in X} V_x\) for every \(X \subseteq Q\) is the rank function of a polymatroid. Every such polymatroid is said to be \({\mathbb {K}}\)-linear.

Because of the connection given in Theorem 2.2, if f is the rank function of a polymatroid, we use the notation \(f(A|B) = f(AB) - f(A)\) for every pair of subsets of the ground set.

We discuss in the following the well known connection between entropic and linear polymatroids, as described in [34]. Let \({\mathbb {K}}\) be a finite field and V a vector space with finite dimension over \({\mathbb {K}}\). Let S be the random variable determined by the uniform probability distribution on the dual space \(V^*\). For every vector subspace \(W \subseteq V\), the restriction of S to W determines a random variable \(S|_W\) that is uniformly distributed on its support \(W^*\), and hence \(H(S|_W) = \log |{\mathbb {K}}| \, \dim W^* = \log |{\mathbb {K}}| \dim W\). Let \((V_x)_{x \in Q}\) be a collection of subspaces of V. For every \(X \subseteq Q\), we notate \(V_X = \sum _{x\in X} V_x\). This collection of subspaces determines the \({\mathbb {K}}\)-linear random vector \((S_x)_{x \in Q} = (S|_{V_x})_{x \in Q}\). Observe that \(S_X = S|_{V_X}\) for every \(X \subseteq Q\), and hence

$$\begin{aligned} H(S_X) = \log |{\mathbb {K}}| \, \dim V_X = \log |{\mathbb {K}}| \,\dim \sum _{x\in X} V_x. \end{aligned}$$

This implies that the \({\mathbb {K}}\)-linear polymatroid determined by the collection of subspaces \((V_x)_{x \in Q}\) is a multiple of the entropic polymatroid defined by the \({\mathbb {K}}\)-linear random vector \((S_x)_{x \in Q} = (S|_{V_x})_{x \in Q}\). By taking also into account that every linear polymatroid admits a linear representation over some finite field [23, 54], from this discussion we can conclude the well known fact that every linear polymatroid is the multiple of an entropic polymatroid.

2.2 Secret Sharing

Definition 2.4

Let P be a set of participants. An access structure \({\varGamma }\) on P is a monotone increasing family of subsets of P, that is, if \(A \subseteq B \subseteq P\) and \(A \in {\varGamma }\), then \(B \in {\varGamma }\). The members of \({\varGamma }\) are the qualified sets of the structure. An access structure is determined by the family \(\min {\varGamma }\) of its minimal qualified sets. A participant is redundant in an access structure if it is not in any minimal qualified set. All access structures in this paper are assumed to have no redundant participants. The dual \({\varGamma }^*\) of an access structure \({\varGamma }\) on P is formed by the sets \(A \subseteq P\) such that its complement \(P \smallsetminus A\) is not in \({\varGamma }\).

Definition 2.5

Let \({\varGamma }\) be an access structure on a set of participants P. Consider a special participant \(p_o \notin P\), which is usually called dealer, and the set \(Q = P p_o\). A secret sharing scheme on P with access structure \({\varGamma }\) is a random vector \({\varSigma } = (S_x)_{x \in Q}\) such that the following properties are satisfied.

  1. 1.

    \(H(S_{p_o}) > 0\).

  2. 2.

    If \(A \in {\varGamma }\), then \(H(S_{p_o} | S_A) = 0\).

  3. 3.

    If \(A \notin {\varGamma }\), then \(H(S_{p_o} | S_A) = H(S_{p_o})\).

The random variable \(S_{p_o}\) corresponds to the secret value, while the shares received by the participants are given by the random variables \(S_x\) with \(x \in P\). Condition 2 implies that the shares from a qualified set determine the secret value while, by Condition 3, the shares from an unqualified set and the secret value are independent.

Definition 2.6

Let \({\mathbb {K}}\) be a finite field. A secret sharing scheme \({\varSigma } = (S_x)_{x \in Q}\) is \({\mathbb {K}}\)-linear if it is a is \({\mathbb {K}}\)-linear random vector.

Definition 2.7

The information ratio \(\sigma ({\varSigma })\) of the secret sharing scheme \({\varSigma }\) is

$$\begin{aligned} \sigma ({\varSigma }) = \max _{x \in P} \frac{H(S_{x}) }{H(S_{p_o})} \end{aligned}$$

and its average information ratio \({\widetilde{\sigma }}({\varSigma })\) is

$$\begin{aligned} {\widetilde{\sigma }}({\varSigma }) = \frac{1}{n}\sum _{x \in P} \frac{H(S_{x}) }{H(S_{p_o})}. \end{aligned}$$

Definition 2.8

The optimal information ratio \(\sigma ({\varGamma })\) of an access structure \({\varGamma }\) is the infimum of the information ratios of all secret sharing schemes for \({\varGamma }\). The optimal average information ratio \({\widetilde{\sigma }}({\varGamma })\) is defined analogously. The values \(\lambda ({\varGamma })\) and \({\widetilde{\lambda }}({\varGamma })\) are defined by restricting the optimization to linear secret sharing schemes.

2.3 Lower Bounds from Shannon Information Inequalities

We describe next how to find linear programming problems whose optimal values are lower bounds on those parameters. Let \({\varGamma }\) be an access structure on a set P and take, as usual, \(Q = P p_o\). Given a secret sharing scheme \({\varSigma } = (S_x)_{x\in Q}\) with access structure \({\varGamma }\), consider the entropic polymatroid (Qh) determined by the random vector \((S_x)_{x\in Q}\), that is, \(h(X) = H(S_X)\) for every \(X \subseteq Q\). Take \(\alpha = 1/h(p_o)\) and the polymatroid (Qf) with \(f = \alpha h\). The rank function f can be seen as a vector \((f(X))_{X \subseteq Q} \in {\mathbb {R}}^{{\mathcal {P}}(Q)}\) that satisfies the linear constraints  

(N)   :

\(f(p_o) = 1\),

(\({\varGamma }\)1):

\(f(X p_o) = f(X)\) for every \(X \subseteq P\) with \(X \in {\varGamma }\),

(\({\varGamma }\)2):

\(f(X p_o) = f(X) + 1\) for every \(X \subseteq P\) with \(X \notin {\varGamma }\),

  and also the polymatroid axioms (P1)–(P3) in Definition 2.1. Observe that constraints (\({\varGamma }\)1), (\({\varGamma }\)2) are derived from the chosen access structure \({\varGamma }\). Constraints (P1)–(P3) are equivalent to the so-called Shannon information inequalities, that is, the ones implied by the fact that the conditional mutual information is nonnegative. Therefore, the vector f is a feasible solution of Linear Programming Problem 2.9.

Linear Programming Problem 2.9

The optimal value of this linear programming problem is, by definition, \({\widetilde{\kappa }}({\varGamma })\):

$$\begin{aligned} \text {Minimize }\quad&(1/n)\sum _{x \in P} f(x) \\ \text {subject to}\quad&\mathrm {(N)}, ({\varGamma }1), ({\varGamma }2), \mathrm {(P1)},\, \mathrm {(P2)},\, \mathrm {(P3)} \end{aligned}$$

Since this applies to every secret sharing scheme \({\varSigma }\) with access structure \({\varGamma }\) and the objective function equals \({\widetilde{\sigma }}({\varSigma })\), the optimal value \({\widetilde{\kappa }}({\varGamma })\) of this linear programming problem is a lower bound on \({\widetilde{\sigma }}({\varGamma })\). Similarly, a lower bound on \(\sigma ({\varGamma })\) is provided by the optimal value \(\kappa ({\varGamma })\) of the Linear Programming Problem 2.10.

Linear Programming Problem 2.10

The optimal value of this linear programming problem is, by definition, \(\kappa ({\varGamma })\):

$$\begin{aligned} \text {Minimize }\quad&v \\ \text {subject to}\quad&v \ge f(x) \text { for every } x \in P\\&\mathrm {(N)}, ({\varGamma }1), ({\varGamma }2), \mathrm {(P1), (P2), (P3)} \end{aligned}$$

The parameters \(\kappa ({\varGamma })\) and \({\widetilde{\kappa }}({\varGamma })\) were first introduced in [44]. They are the best lower bounds on \(\sigma ({\varGamma })\) and, respectively, \({\widetilde{\sigma }}({\varGamma })\) that can be obtained by using only Shannon information inequalities, that is, they are the best possible Shannon-type lower bounds. If the number of participants is small, they can be computed by solving the corresponding linear programming problems. This approach has been used in [25, 45, 52]. In more general situations, lower bounds on \(\kappa ({\varGamma })\) and \({\widetilde{\kappa }}({\varGamma })\) can be derived from the constraints without solving the linear programming problems, as in [10, 12, 17, 18, 20, 37] and many other works. In particular, the result in the following theorem, which is the best of the known general asymptotic lower bounds, was found in this way.

Theorem 2.11

(Csirmaz [14, 15]). For every n, there exists an access structure \({\varGamma }_n\) on n participants such that \({\widetilde{\kappa }}({\varGamma }_n)\) is \({\varOmega }(n/\log n)\).

Since not all polymatroids are entropic, the lower bounds \(\kappa ({\varGamma })\) and \({\widetilde{\kappa }}({\varGamma })\) are not tight in general. Moreover, Csirmaz [15] proved that \(\kappa ({\varGamma }) \le n\) for every access structure \({\varGamma }\) on n participants, which indicates that those lower bounds may be very far from tight. That result was proved by showing feasible solutions of the linear programming problems with small values of the objective function.

Duality simplifies the search for bounds in secret sharing. Indeed, if \({\varGamma }^*\) is the dual of the access structure \({\varGamma }\), then \(\lambda ({\varGamma }^*) = \lambda ({\varGamma })\) and \({\widetilde{\lambda }}({\varGamma }^*) = {\widetilde{\lambda }}({\varGamma })\) [36], and also \(\kappa ({\varGamma }^*) = \kappa ({\varGamma })\) and \({\widetilde{\kappa }}({\varGamma }^*) = {\widetilde{\kappa }}({\varGamma })\) [44]. In contrast, it is not known whether the analogous relation applies to the parameters \(\sigma \) and \({\widetilde{\sigma }}\) or not.

2.4 Ideal Secret Sharing Schemes and Matroid Ports

The extreme case \(\kappa ({\varGamma }) = 1\) deserves some attention because it is related to ideal secret sharing schemes. Since we are assuming that there are no redundant participants, it is easy to prove that every feasible solution f of the Linear Programming Problems 2.9 and 2.10 satisfies \(f(x) \ge 1\) for every \(x \in P\). Therefore, \(1 \le {\widetilde{\kappa }}({\varGamma }) \le \kappa ({\varGamma })\) for every access structure \({\varGamma }\), and hence the average information ratio of every secret sharing scheme is at least 1.

Definition 2.12

A secret sharing scheme \({\varSigma } = (S_x)_{x \in Q}\) is ideal if its information ratio is equal to 1, which is best possible. Ideal access structures are those that admit an ideal secret sharing scheme.

Definition 2.13

A matroid \(M = (Q,r)\) is an integer polymatroid such that \(r(X) \le |X|\) for every \(X \subseteq Q\). The port of the matroid M at \(p_o \in Q\) is the access structure on whose qualified sets are the sets \(X \subseteq P\) satisfying \(r(X p_o) = r(X)\).

The following theorem is a consequence of the results by Brickell and Davenport [11], who discovered the connection between ideal secret sharing and matroids.

Theorem 2.14

Let \({\varSigma } = (S_x)_{x \in Q}\) be an ideal secret sharing scheme on P with access structure \({\varGamma }\). Then the mapping given by \(f(X) = H(S_X)/H(S_{p_o})\) for every \(X \subseteq Q\) is the rank function of a matroid M with ground set Q. Moreover, \({\varGamma }\) is the port of the matroid M at \(p_o\).

As a consequence, every ideal access structure is a matroid port. The first counterexample for the converse, the ports of the Vamos matroid, was presented by Seymour [57]. Additional results on matroid ports and ideal secret sharing schemes were proved in [44] by using the forbidden minor characterization of matroid ports by Seymour [56].

Theorem 2.15

([44]). Let \({\varGamma }\) be an access structure. Then \({\varGamma }\) is a matroid port if and only if \(\kappa ({\varGamma }) = 1\). Moreover, \(\kappa ({\varGamma }) \ge 3/2\) if \({\varGamma }\) is not a matroid port.

In particular, there is a gap in the values of the parameter \(\kappa \). Namely, there is no access structure \({\varGamma }\) with \(1< \kappa ({\varGamma }) < 3/2\). Therefore, the optimal information ratio of an access structure that is not a matroid port is at least 3/2.

2.5 Lower Bounds from Non-Shannon Information and Rank Inequalities

Better lower bounds can be obtained by adding to the Linear Programming Problems 2.9 and 2.10 new constraints derived from non-Shannon information inequalities, which are satisfied by every entropic polymatroid but are not derived from the basic Shannon information inequalities. Zhang and Yeung [66] presented such an inequality for the first time, and many others have been found subsequently [22, 24, 47, 65]. This approach was first applied in [7] to prove that the optimal information ratio of the ports of the Vamos matroid is larger than 1, the first known examples of matroid ports with that property. They are as well the first known examples of access structures with \(\kappa ({\varGamma }) < \sigma ({\varGamma })\), and also the first known examples with \(1< \sigma ({\varGamma }) < 3/2\). Other lower bounds for the ports of the Vamos matroid and other non-linear matroids have been presented [48, 52].

When searching for bounds for linear secret sharing schemes, that is, bounds on \(\lambda ({\varGamma })\) and \({\widetilde{\lambda }}({\varGamma })\), one can improve the linear program by using rank inequalities, which apply to configurations of vector subspaces or, equivalently, to the joint entropies of linear random vectors. It is well-known that every information inequality is also a rank inequality. The first known rank inequality that cannot be derived from the Shannon inequalities was found by Ingleton [35]. Other such rank inequalities have been presented afterwards [23, 40]. Better lower bounds on the information ratio of linear secret sharing schemes have been found for some families of access structures by using non-Shannon rank inequalities [7, 16, 52].

On the negative side, Beimel and Orlov [8] proved that the best lower bound that can be obtained by using all information inequalities on four and five variables, together with all inequalities on more than five variables that were known by then, is at most linear on the number of participants. Specifically, they proved that every linear programming problem that is obtained by using these inequalities admits a feasible solution with a small value of the objective function. That solution is related to the one used by Csirmaz [15] to prove that \(\kappa ({\varGamma })\) is at most the number of participants. Another negative result about the power of information inequalities to provide asymptotic lower bounds was presented in [46]. Namely, every lower bound that is obtained by using rank inequalities on at most r variables is \(O(n^{r-2})\), and hence polynomial on the number n of participants. Since all information inequalities are rank inequalities, this negative result applies to the search for asymptotic lower bounds for both linear and general secret sharing schemes.

3 Improved Linear Programming Technique

Our improvements on the LP-technique are presented in this section. Instead of adding non-Shannon information and rank inequalities to the linear programming problems, which is the strategy described in Sect. 2.5, we add constraints that are obtained by using some properties from which those inequalities are derived.

3.1 Common Information

According to [23], all known non-Shannon rank inequalities are derived from the so-called common information property. We say that a random variable \(S_3\) conveys the common information of the random variables \(S_1\) and \(S_2\) if \(H(S_3 | S_2) = H(S_3 | S_1) = 0\) and . In general, given two random variables, it is not possible to find a third one satisfying those conditions [28]. Nevertheless, this is possible for every pair of \({\mathbb {K}}\)-linear random variables. Indeed, if \(S_1 = S|_{V_1}\) and \(S_2 = S|_{V_2}\) for some vector subspaces \(V_1,V_2\) of a \({\mathbb {K}}\)-vector space V, then \(S_3 = S|_{V_1 \cap V_2}\) conveys the common information of \(S_1\) and \(S_2\). The following definition is motivated by the concept of common information of a pair of random variables.

Definition 3.1

Consider a polymatroid (Qf) and two sets \(A, B \subseteq Q\). Then every subset \(X_o \subseteq Q\) such that

  • \(f(X_o | A) = f(X_o | B) = 0\), and

  • \(f(X_o) = f(A) + f(B) - f(A B)\)

is called a common information for the pair (AB). If \(X_o = \{x_o\}\), then the element \(x_o\) is also called a common information for the pair (AB).

Definition 3.2

An extension of a polymatroid (Qf) is any polymatroid \((Q',f')\) with \(Q \subseteq Q'\) and \(f'(X) = f(X)\) for every \(X \subseteq Q\). Usually, we are going to use the same symbol for the rank function of a polymatroid and that of an extension of it.

Definition 3.3

A polymatroid (Qf) satisfies the common information property if, for every pair \((A_{0},A_{1})\) of subsets of Q, there exists an extension \((Q x_o, f)\) of it such that \(x_o\) is a common information for the pair \((A_{0},A_{1})\).

Proposition 3.4

Every linear polymatroid satisfies the common information property. Moreover, given a linear polymatroid (Qf) and a pair \((A_{0},A_{1})\) of subsets of Q, it can be extended to a linear polymatroid \((Q x_o, f)\) such that \(x_o\) is a common information for the pair \((A_{0},A_{1})\). In particular, the extension also satisfies the common information property.

Proof

Let \((V_x)_{x \in Q}\) be a collection of vector subspaces representing a \({\mathbb {K}}\)-linear polymatroid (Qf), and consider two subsets \(A_0, A_1 \subseteq Q\). By taking \(V_{x_o} = V_{A_0} \cap V_{A_1}\), an extension of our polymatroid to \(Q x_o\) is obtained in which \(x_o\) is a common information for \((A_0, A_1)\). Obviously, this new polymatroid is \({\mathbb {K}}\)-linear too.

We describe next how to modify the Linear Programming Problems 2.9 and 2.10 by using the common information property in order to obtain better lower bounds on the information ratio of linear secret sharing schemes. Let \({\varGamma }\) be an access structure on a set P and \({\varSigma } = (S_x)_{x\in Q}\) a linear secret sharing scheme for \({\varGamma }\). As usual, associated to \({\varSigma }\) consider the polymatroid (Qf) defined by \(f(X) = H(S_X)/H(S_{p_o})\) for every \(X \subseteq Q\). Since the scheme \({\varSigma }\) is linear, (Qf) is the multiple of a linear polymatroid, and hence it satisfies the common information property. Therefore, given any two sets \(A_0, A_1 \subseteq Q\), we can find a polymatroid \((Q x_o,f)\), an extension of (Qf), such that \(x_o\) is a common information for the pair \((A_0, A_1)\). Clearly, the vector \((f(X))_{X \subseteq Q x_o} \in {\mathbb {R}}^{{\mathcal {P}}(Q x_o)}\) is a feasible solution of the Linear Programming Problem 3.5.

Linear Programming Problem 3.5

The optimal value of this linear programming problem is a lower bound on \({\widetilde{\lambda }}({\varGamma })\):

$$\begin{aligned} \text {Minimize }\quad&(1/n)\sum _{x \in P} f(x)\\ \text {subject to}\quad&\mathrm {(N)}, ({\varGamma }1), ({\varGamma }2)\\&f(x_o | A_0) = f(x_o | A_1) = 0\\&f(x_o) = f(A_0) + f(A_1) - f(A_0 \, A_1)\\&\mathrm {(P1), (P2), (P3)} \text { on the set } Q x_o \\ \end{aligned}$$

Since this applies to every linear secret sharing scheme with access structure \({\varGamma }\), the optimal value of that linear programming problem is a lower bound on \({\widetilde{\lambda }}({\varGamma })\). Of course, we can use the common information for more than one pair of sets. Specifically, given k pairs \((A_{i0},A_{i1})_{i \in [k]}\) of subsets of Q, the optimal value of the Linear Programming Problem 3.6 is a lower bound on \({\widetilde{\lambda }}({\varGamma })\). Obviously, analogous modifications on Linear Programming Problem 2.10 provide lower bounds on \(\lambda ({\varGamma })\).

Linear Programming Problem 3.6

The optimal value of this linear programming problem is a lower bound on \({\widetilde{\lambda }}({\varGamma })\):

$$\begin{aligned} \text {Minimize }\quad&(1/n)\sum _{x \in P} f(x) \\ \text {subject to}\quad&\mathrm {(N)}, ({\varGamma }1), ({\varGamma }2) \\&f(x_i | A_{i0}) = f(x_i | A_{i1}) = 0,\\&f(x_i) = f(A_{i0}) + f(A_{i1}) - f(A_{i0}\, A_{i1}) \text { for every } i = 1, \ldots , k\\&\mathrm {(P1), (P2), (P3)} \text { on the set } Q x_1 \ldots x_k\\ \end{aligned}$$

Remark 3.7

One can also find the common information of a pair of random variables defined from abelian groups. Specifically, given a finite abelian group G and a subgroup \(H \subseteq G\), consider the random variables S, uniformly distributed on G, and \(S_{/H}\) determined from S by the projection on the quotient group G/H. Given two such random variables \(S_1 = S_{/H_1}\) and \(S_2 = S_{/H_2}\), the random variable \(S_3 = S_{/(H_1+H_2)}\) conveys the common information of \(S_1\) and \(S_2\). Therefore, the lower bounds obtained from the linear programming problems introduced in this section apply also to secret sharing schemes defined from abelian groups.

3.2 Ahlswede and Körner’s Information

In Sect. 3.1, the common information property was used to improve lower bounds on the information ratio of linear secret sharing schemes and, more generally, schemes that are defined from abelian groups. For the general case, we are going to use a similar property motivated by the works of Ahlswede and Körner.

The known non-Shannon-type inequalities can be derived by using two techniques, the so-called Copy lemma [66] and the Ahlswede-Körner lemma as used in [42]. It turns out that the power of these two lemmas is equivalent [38]. In particular, both constructions can be used to derive the same non-Shannon inequalities. Hereafter, we choose to use a version of the Ahlswede and Körner (AK) lemma, as it makes the LP program slightly easier to formulate because the constraints needed for the construction of additional variables are shorter to write down. The original result by Ahlswede and Körner [1, 2, 19] is a statement about the achievable rate region of a certain communication problem. Here, we use the AK lemma as presented in [38, Lemma 2], a statement that in its part can be derived from the proof of [42, Lemma 5]. That result deals with sequences of random variables, and hence with almost entropic polymatroids.

Definition 3.8

We say that a polymatroid is almost entropic if it is the limit of a sequence of entropic polymatroids.

We introduce next the AK-information property, which will play the same role in the general case as the common information for linear schemes.

Definition 3.9

Consider a polymatroid (Qf), and subsets \(U,V,Z \subseteq Q\). Then every subset \(Z_o \subseteq Q\) such that

  • \(f(Z_o|UV) = 0\),

  • \(f(U|Z_o) = f(U|Z)\),

  • \(f(V|Z_o) = f(V|Z)\),

  • \(f(UV|Z_o) = f(UV|Z)\)

is called an AK-information for the triple (UVZ). Moreover, we say that a polymatroid (Qf) satisfies the AK-information property, if, for every triple (UVZ) of subsets of Q, there exists an extension \((Q z_o, f)\) such that \(z_o\) is an AK-information for the triple (UVZ).

The following version of the AK lemma is a straightforward consequence of [38, Lemma 2].

Proposition 3.10

(Ahlswede and Körner lemma). Let (Qf) be an entropic polymatroid and consider \(U,V,Z \subseteq Q\). Then there exists a sequence \((Q z_o, f_N)_{N > 0}\) of entropic polymatroids satisfying the following properties.

  • The sequence \((Q z_o, (1/N)f_N)_{N > 0}\) converges to a polymatroid \((Q z_o,f')\) that is an extension of (Qf).

  • The element \(z_o\) in \((Q z_o,f')\) is an AK-information for the triple (UVZ).

Loosely speaking, the AK lemma says that given any triple of random variables, we can always construct a new random variable that is as close as we want to their AK-information. The following result is a consequence of Proposition 3.10 and the fact that every multiple of an entropic polymatroid is almost entropic [63].

Proposition 3.11

Every almost entropic polymatroid satisfies the AK-information property. More specifically, for every almost entropic polymatroid (Qf) and sets \(U,V,Z \subseteq Q\), there exists an almost entropic extension \((Q z_o,f)\) such that \(z_o\) is an AK-information for the triple (UVZ).

Of course, this proposition can be repeatedly applied to construct the AK-informations of various triples of subsets. Moreover, entropic polymatroids are trivially almost entropic, therefore we can add any AK-information constraint to the Linear Programming Problems 2.9 and 2.10 in order to obtain lower bounds on \({\widetilde{\sigma }}({\varGamma })\) and \(\sigma ({\varGamma })\). For instance, suppose we want to use k such AK-informations, then for \(i\in \{1,\ldots ,k\}\), let \(U_i,V_i,Z_i\subseteq Q\), and let \(z_{i}\) be an AK-information for the triple \((U_i,V_i,Z_i)\). Then the optimal value of the Linear Programming Problem 3.12 is a lower bound on \({\widetilde{\sigma }}({\varGamma })\). An analogous modification on the Linear Programming Problem 2.9 provides lower bounds on \(\sigma ({\varGamma })\).

Linear Programming Problem 3.12

The optimal value of this linear programming problem is a lower bound on \({\widetilde{\sigma }}({\varGamma })\):

$$\begin{aligned} \text {Minimize }\quad&(1/n)\sum _{x \in P} f(x)\\ \text {subject to}\quad&\mathrm {(N)}, ({\varGamma }1), ({\varGamma }2), \\&f(z_{i}|U_iV_i) = 0, \\&f(U_i|z_{i}) = f(U_i|Z_i), \\&f(V_i|z_{i}) = f(V_i|Z_i), \\&f(U_iV_i|z_{i}) = f(U_iV_i|Z_i) \text { for every } i= 1,\ldots ,k\\&\mathrm {(P1), (P2), (P3)} \text { on the set } Q z_1 \ldots z_k \end{aligned}$$

4 New Lower Bounds

We present here the new lower bounds on the optimal information ratio that were obtained by using our improvement on the LP-technique. All of them deal with access structures on small sets of participants and were computed by solving the linear programming problems introduced in Sect. 3.

4.1 Access Structures on Five Participants

Jackson and Martin [37] determined the optimal information ratios of most access structures on five participants. The case of four participants had been previously solved by Stinson [59]. After some additional contributions [21, 31, 52], both \(\sigma ({\varGamma })\) and \({\widetilde{\sigma }}({\varGamma })\) were determined for 172 of the 180 access structures on five participants. All these results were obtained by finding the exact values or lower bounds on \(\kappa ({\varGamma })\) and \({\widetilde{\kappa }}({\varGamma })\), and then constructing linear secret sharing schemes whose (average) information ratios equaled the lower bounds. Therefore, \(\kappa ({\varGamma }) = \sigma ({\varGamma }) = \lambda ({\varGamma })\) and \({\widetilde{\kappa }}({\varGamma }) = {\widetilde{\sigma }}({\varGamma }) = {\widetilde{\lambda }}({\varGamma })\) for each of those 172 access structures. The unsolved cases correspond to the access structures \({\varGamma }_{30}\), \({\varGamma }_{40}\), \({\varGamma }_{53}\), and \({\varGamma }_{73}\) (we use the same notation as in [37]) and their duals \({\varGamma }_{153}\), \({\varGamma }_{150}\), \({\varGamma }_{152}\), and \({\varGamma }_{151}\), respectively. Following [37], we take these access structures on the set \(\{a,b,c,d,e\}\). The minimal qualified sets of the first four are given in the following.

  • \(\min {\varGamma }_{30} = \{ab, ac, bc, ad, bd, ae, cde\}\).

  • \(\min {\varGamma }_{40} = \{ab, ac, bc, ad, be, cde\}\).

  • \(\min {\varGamma }_{53} = \{ab, ac, ad, bcd, be, ce\}\).

  • \(\min {\varGamma }_{73} = \{ab, ac, bd, ce, ade\}\).

We list in the following what is known for them. These results apply also to the corresponding dual access structures.

  • \({\widetilde{\kappa }}({\varGamma }) = {\widetilde{\sigma }}({\varGamma }) = {\widetilde{\lambda }}({\varGamma }) = 7/5\) for \({\varGamma }_{30}\) and \({\varGamma }_{40}\).

  • \({\widetilde{\kappa }}({\varGamma }) = {\widetilde{\sigma }}({\varGamma }) = {\widetilde{\lambda }}({\varGamma }) = 3/2\) for \({\varGamma }_{53}\).

  • \(3/2 = {\widetilde{\kappa }}({\varGamma }) \le {\widetilde{\sigma }}({\varGamma }) \le {\widetilde{\lambda }}({\varGamma }) \le 8/5\) for \({\varGamma }_{73}\).

  • \(3/2 = \kappa ({\varGamma }) \le \sigma ({\varGamma }) \le \lambda ({\varGamma }) \le 5/3\) for \({\varGamma }_{30}\), \({\varGamma }_{53}\) and \({\varGamma }_{73}\).

  • \(3/2 = \kappa ({\varGamma }) \le \sigma ({\varGamma }) \le \lambda ({\varGamma }) \le 12/7\) for \({\varGamma }_{40}\).

The values of \(\kappa ({\varGamma })\) and \({\widetilde{\kappa }}({\varGamma })\), which coincide with the lower bounds given in [21, 37], were determined in [52] by solving the Linear Programming Problems 2.9 and 2.10. The upper bounds were given in [37], except the one on \({\widetilde{\lambda }}({\varGamma }_{53})\), which was proved in [31].

By [52, Proposition 7.1], there is no linear scheme for \({\varGamma }_{53}\) or \({\varGamma }_{73}\) with information ratio equal to 3/2, and there is no linear scheme for \({\varGamma }_{73}\) with average information ratio equal to 3/2. Therefore, it appears that a new technique is required to solve these cases. Our improvement of the LP-technique provided new lower bounds. Namely, by solving problems as the Linear Programming Problems 3.5 and 3.12 with the specified settings, we obtain the bounds in Tables 1 and 2, respectively.

Table 1. Results on five participants using common information.
Full size table

The values of \(\lambda ({\varGamma })\) and \({\widetilde{\lambda }}({\varGamma })\) can be now determined for all access structures on 5 participants by combining the lower bounds in Table 1 with the existing upper bounds and the ones derived from the constructions in Sect. 5. Observe that \({\varGamma }_{30}\), \({\varGamma }_{40}\), \({\varGamma }_{53}\), \({\varGamma }_{73}\) and their duals are precisely the access structures on least participants satisfying \(\kappa ({\varGamma }) < \lambda ({\varGamma })\).

Table 2. Results on five participants using AK information for the subsets (ZUV).
Full size table

From the bounds in Table 2, we see that \({\varGamma }_{30}\), \({\varGamma }_{40}\), \({\varGamma }_{53}\), \({\varGamma }_{73}\) are among the smallest access structures with \(\kappa ({\varGamma }) < \sigma ({\varGamma })\). Unfortunately, all our attempts to obtain lower bounds on \(\sigma ({\varGamma })\) for their duals by using AK-informations have been unsuccessful.

4.2 Graph-Based Access Structures on Six Participants

If all minimal qualified sets of an access structure have two participants, it can be represented by a graph whose vertices and edges correspond to the participants and the minimal qualified sets, respectively. Van Dijk [20] determined the optimal information ratio of most graph-based access structures on 6 participants and provided lower and upper bounds for the remaining cases. After several other authors improved those results [13, 30, 32, 41, 52], only nine cases remained unsolved. Since the known values of \(\sigma ({\varGamma })\) have been determined by finding lower bounds on \(\kappa ({\varGamma })\) and upper bounds on \(\lambda ({\varGamma })\), we have \(\kappa ({\varGamma }) = \sigma ({\varGamma }) = \lambda ({\varGamma })\) in the solved cases. The unsolved cases correspond to the following graph-based access structures on \(P = \{1,2,3,4,5,6\}\).

  • \(\min {\varGamma }_{55}=\{12,23,34,45,56,61,26,25\}\)

  • \(\min {\varGamma }_{59}=\{12,23,34,45,56,61,24,13\}\)

  • \(\min {\varGamma }_{70}=\{12,23,34,45,56,61,24,25,26\}\)

  • \(\min {\varGamma }_{71}=\{12,23,34,45,56,61,26,35,36\}\)

  • \(\min {\varGamma }_{75}=\{12,23,34,45,56,61,26,46,14\}\)

  • \(\min {\varGamma }_{77}=\{12,23,34,45,56,61,26,35,13\}\)

  • \(\min {\varGamma }_{84}=\{12,23,34,45,56,61,13,15,35,25\}\)

  • \(\min {\varGamma }_{91}=\{12,23,34,45,56,61,15,25,35,46\}\)

  • \(\min {\varGamma }_{93}=\{12,23,34,45,56,61,15,35,46,24\}\)

The known lower and upper bounds for those access structures are

  • \(3/2 = \kappa ({\varGamma }) \le \sigma ({\varGamma }) \le \lambda ({\varGamma }) \le 8/5\) for \({\varGamma }= {\varGamma }_{91}\) and \({\varGamma }= {\varGamma }_{93}\), and

  • \(3/2 = \kappa ({\varGamma }) \le \sigma ({\varGamma }) \le \lambda ({\varGamma }) \le 5/3\) for the other seven access structures.

The values of \(\kappa \) were determined by solving the corresponding linear programming problems, and they are equal to the lower bounds in [20]. All upper bounds were presented in [20], except the one for \({\varGamma }_{93}\), which was given in [41].

By using the common information property with the settings specified in Table 3, we found the new lower bound \(\lambda ({\varGamma }) \ge 8/5\) for all those access structures, which is tight for \({\varGamma }_{91}\) and \({\varGamma }_{93}\). In particular, those nine graph-based access structures satisfy \(\kappa ({\varGamma }) < \lambda ({\varGamma })\). We have to mention here that all our attempts to improve the known lower bounds on \(\sigma ({\varGamma })\) for those graph-based access structures by using linear programming problems with AK-informations did not give any result.

Table 3. New bounds for graph-based access structures on six participants using common information.
Full size table

After a preprint of this work was in circulation, Gharahi and Khazaei [33] proved that all lower bounds on \(\lambda ({\varGamma })\) in Table 3 are tight by presenting constructions of linear secret sharing schemes for the corresponding graph-based access structures. Therefore, the exact value of \(\lambda ({\varGamma })\) is now determined for all graph-based access structures on six participants.

4.3 Ports of Non-representable Matroids

Recall from Sect. 2.4 that \({\varGamma }\) is a matroid port if and only if \(\kappa ({\varGamma }) = 1\). Moreover, \(\kappa ({\varGamma }) = \sigma ({\varGamma }) = \lambda ({\varGamma }) = 1\) if \({\varGamma }\) is the port of a linear matroid. In this section, we apply our techniques to find new lower bounds on the optimal information ratio of some ports of non-linear matroids on eight points, which are access structures on seven participants. All matroids on seven points are linear. Hence, the matroids we consider here are amongst the smallest non-linear matroids.

We describe next several matroids (Qr) on eight points with \(r(Q) = 4\) that admit convenient geometric representations on a cube. All of them satisfy that

  • \(r(X) = |X|\) for every \(X \subseteq Q\) with \(|X| \le 3\),

  • \(r(X) = 4\) for every \(X \subseteq Q\) with \(|X| \ge 5\), and

  • \(3 \le r(X) \le 4\) for every \(X \subseteq Q\) with \(|X| = 4\).

In particular, they are paving matroids (see [49]). Observe that such a matroid can be described by giving the subsets \(X \subseteq Q\) with \(|X| = 4\) and \(r(X) = 3\), that is, by giving its 4-points planes.

Consider the 3-dimensional cube with vertices on the points \((x,y,z) \in \{0,1\}^3\). By using the binary representation, identify each of those vertices to an integer in \(\{0,1, \ldots , 7\}\). For instance, (0, 1, 0) is identified to 2 and (1, 1, 0) to 6. Consider the following 14 sets of vertices.

  • The six faces of the cube: 0123, 0145, 0246, 1357, 2367, 4567,

  • the six diagonal planes: 0167, 0257, 0347, 1256, 1346, 2345, and

  • the two twisted planes: 0356, 1247.

The matroid whose 4-points planes are those fourteen sets is the binary affine cube AG(3, 2). This matroid is \({\mathbb {K}}\)-linear if and only if the field \({\mathbb {K}}\) has characteristic 2 [49].

All matroids that are obtained from AG(3, 2) by relaxing one of the 4-points planes (that is, by changing the value of its rank to 4) are isomorphic to the matroid \(AG(3,2)'\) [49]. We consider here the one obtained by the relaxation of one of the twisted planes, say 1247. The matroid \(AG(3,2)'\) is a smallest non-linear matroid [49]. The port of \(AG(3,2)'\) at \(p_o = 0\) is the access structure \({\mathcal {A}}\) on the set \(\{1,\ldots , 7\}\) with minimal qualified sets

$$\begin{aligned} \min {\mathcal {A}} = \{ 123,145,167,246,257,347,356,1247 \} \end{aligned}$$

Every port of \(AG(3,2)'\) is either isomorphic to \({\mathcal {A}}\) or to its dual \({\mathcal {A}}^*\), which has minimal qualified sets

$$\begin{aligned} \min {\mathcal {A}}^* = \{ 123,145,167,246,257,347,1356,2356,3456,3567 \} \end{aligned}$$

By relaxing the other twisted plane 0356 we obtain from \(AG(3,2)'\) the matroid \(R_8\), the real affine cube. The 4-points planes of this matroid are the six faces and the six diagonal planes. It is \({\mathbb {K}}\)-linear if and only if \({\mathbb {K}}\) has characteristic different from 2 [49].

If, instead, the 4-points set 1256 is relaxed in \(AG(3,2)'\), one obtains the smallest non-linear matroid \(F_8\) [49]. The port of \(F_8\) at \(p_o = 0\) is the access structure \({\mathcal {F}}\) on \(\{1,\ldots ,7\}\) with minimal qualified sets

$$\begin{aligned} \min {\mathcal {F}} = \{ 123,145,167,246,257,347,356,1247,1256 \} \end{aligned}$$

The port of \(F_8\) at \(p_o = 3\) is isomorphic to \({\mathcal {F}}\). The ports of \(F_8\) at \(p_o = 1\) and \(p_o = 2\) are both isomorphic to \({\mathcal {F}}^*\), whose minimal qualified sets are

$$\begin{aligned} \min {\mathcal {F}}^* = \{ 123,145,167,246,257,1356,2356,3456,3567, 1347,2347,3457,3467 \} \end{aligned}$$

All the other ports of \(F_8\) are isomorphic to the port of \(F_8\) at \(p_o = 4\), and hence isomorphic to the access structure \(\widehat{{\mathcal {F}}}\) on \(\{1,\ldots ,7\}\) with minimal qualified sets

$$\begin{aligned} \min \widehat{{\mathcal {F}}} = \{ 123,145,246,167,257,347,1256,1356,2356,3456,3567 \} \end{aligned}$$

Observe that \(\widehat{{\mathcal {F}}}\) is isomorphic to its dual access structure \(\widehat{{\mathcal {F}}}^*\).

The relaxation of one of the diagonal planes of the real affine cube \(R_8\), say 1256, produces the matroid \(Q_8\), again a smallest non-linear matroid [49]. Let \({\mathcal {Q}}\) be the port of \(Q_8\) at \(p_o = 0\). Its minimal qualified sets are

$$\begin{aligned} \min {\mathcal {Q}} = \{ 123,145,246,167,257,347,1256,1247,1356,2356,3456,3567 \} \end{aligned}$$

All ports of \(Q_8\) are isomorphic to \({\mathcal {Q}}\) or to its dual \({\mathcal {Q}}^*\). The access structure \({\mathcal {Q}}^*\) has minimal qualified sets

$$\begin{aligned} \{ 123,145,246,167,257,1247,1347,1356,2347, 2356,3456,3457,3467,3567 \} \end{aligned}$$

Finally, the Vamos matroid \(V_8\) is another smallest non-linear matroid [49]. Its 4-points planes are 0123, 0145, 2345, 2367, and 4567. The minimal qualified sets of the port \({\mathcal {V}}\) of the Vamos matroid \(V_8\) at \(p_o = 0\) are the 3-sets 123, 145 and all 4-sets not containing them, except 2345, 2367, 4567. Every port of \(V_8\) is isomorphic either to \({\mathcal {V}}\) or to \({\mathcal {V}}^*\). The minimal qualified sets of \({\mathcal {V}}^*\) are the 3-sets 123, 145, 167 and all 4-sets not containing them, except 2367, 4567. The known bounds on the optimal information ratio of the ports of those non-linear matroids are summarized as follows.

  • \(67/59 \le \sigma ({\mathcal {V}}) \le 4/3\).

  • \(9/8 \le \sigma ({\mathcal {V}}^*) \le 4/3\).

  • \(5/4 \le \lambda ({\mathcal {V}}) = \lambda ({\mathcal {V}}^*) \le 4/3\).

  • \(19/17\le \sigma ({\varGamma })\) if \({\varGamma }= {\mathcal {A}}\) or \({\varGamma }= {\mathcal {Q}}\).

  • \(9/8 \le \sigma ({\varGamma })\) if \({\varGamma }= {\mathcal {A}}^*\) or \({\varGamma }= {\mathcal {Q}}^*\).

  • \(5/4 \le \lambda ({\varGamma })\) if \({\varGamma }\) is one of the structures \({\mathcal {A}}\), \({\mathcal {A}}^*\), \({\mathcal {Q}}\), \({\mathcal {Q}}^*\).

The lower bounds were obtained in [7, 29, 48, 52] by using the LP-technique enhanced with the Ingleton inequality or with several non-Shannon information inequalities. The upper bounds for the ports of the Vamos matroid were presented in [44].

By solving the LP Problems 3.6 and 3.12 for those access structures with the given choices, the lower bounds in Tables 4 and 5 are obtained. Except for \(\sigma ({\mathcal {V}}^*)\), they improve all existing lower bounds. In particular, we have determined the exact value of \(\lambda ({\mathcal {V}}) = \lambda ({\mathcal {V}}^*) = 4/3\). Moreover, the construction we present in Sect. 5 implies \(\lambda ({\mathcal {Q}}) = \lambda ({\mathcal {Q}}^*) = 4/3\).

Table 4. Results on matroid ports using common information.
Full size table
Table 5. Results on matroid ports using AK information for the subsets \((Z_1, U_1, V_1)\) and \((Z_2,U_2,V_2)\).
Full size table

5 Constructions

We present here linear secret sharing schemes for the access structures \({\varGamma }_{40}\) and \({\varGamma }_{73}\) on five participants and also for the matroid port \({\mathcal {Q}}\). These constructions and the lower bounds for linear schemes that have been obtained with our enhancement of the LP-technique determine the exact values of \(\lambda ({\varGamma }_{40})\), \({\widetilde{\lambda }}({\varGamma }_{73})\), and \(\lambda ({\mathcal {Q}})\). As a consequence, the exact values of \(\lambda ({\varGamma })\) and \({\widetilde{\lambda }}({\varGamma })\) are now determined for all access structures on five participants.

We present first a linear scheme with information ratio 5/3 for the access structure \({\varGamma }_{40}\) on five participants. For a finite field \({\mathbb {K}}\) with characteristic larger than 5, consider the \({\mathbb {K}}\)-linear secret sharing scheme that is determined by the \({\mathbb {K}}\)-linear code with generator matrix

Namely, every codeword corresponds to a distribution of shares. The vertical bars indicate which positions of the codeword correspond to the secret and to every participant. In this case, a codeword

$$\begin{aligned} (s_{p_o}\,|\, s_{a1},s_{a2}\,|\,s_{b1},s_{b2}\,|\,s_c \,|\,s_d \,|\, s_e) \in {\mathbb {K}}^8 \end{aligned}$$

corresponds to a distribution of shares in which the secret value is \(s_{p_o} \in {\mathbb {K}}\), the share for a is \((s_{a1},s_{a2}) \in {\mathbb {K}}^2\), and so on. The access structure of this linear scheme is \({\varGamma }_{40}\). Another \({\mathbb {K}}\)-linear secret sharing scheme for \({\varGamma }_{40}\) is given by the \({\mathbb {K}}\)-linear code with generator matrix

By concatenating these two schemes, we obtain a scheme for \({\varGamma }_{40}\) with information ratio 5/3.

If \({\mathbb {K}}\) is a field with characteristic 2, the \({\mathbb {K}}\)-linear code with generator matrix

defines a \({\mathbb {K}}\)-linear secret sharing scheme with access structure \({\varGamma }_{73}\). Its average information ratio is equal to 23/15.

Finally, we present a construction of a linear secret sharing scheme with information ratio 4/3 for the access structure \({\mathcal {Q}}\). It is obtained by combining four ideal secret sharing schemes in a \(\lambda \)-decomposition with \(\lambda = 3\). The reader is referred to [50, 60] for more information about \(\lambda \)-decompositions. Let \({\mathbb {K}}\) be a finite field with characteristic different from 2. The first scheme is the one given by the \({\mathbb {K}}\)-linear code with generator matrix

$$\begin{aligned}\left( \begin{array}{cccccccc} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 \\ 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 \\ 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 \\ 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 \end{array} \right) \end{aligned}$$

Its access structure \({\mathcal {R}}\) is the port at \(p_o = 0\) of the matroid \(R_8\), the real affine cube. One can see that all minimal qualified sets of \({\mathcal {Q}}\) except 1256 are also qualified sets of \({\mathcal {R}}\). On the other hand, the unqualified sets of \({\mathcal {Q}}\) are also unqualified sets of \({\mathcal {R}}\). The second and third pieces in the decomposition are ideal schemes given by \({\mathbb {K}}\)-linear codes with generator matrices of the form

$$\begin{aligned} \left( \begin{array}{cccccccc} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 \\ 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 \\ 0 &{} 1 &{} z_2 &{} 1 &{} z_4 &{} 1 &{} z_6 &{} 1 \\ 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 \end{array} \right) \end{aligned}$$

If \(z_2 = 0\) and \(z_4 = z_6 = -1\), that linear code represents the matroid that is obtained from \(R_8\) by relaxing the 4-points planes 0347 and 1256. Therefore, we obtain a secret sharing scheme in which 347 is not qualified. If, instead, we take \(z_2 = - 1\) and \(z_4 = z_6 = 0\), the matroid represented by that \({\mathbb {K}}\)-linear code is obtained from \(R_8\) by relaxing the 4-point planes 1256, 0246, and 0257. In the corresponding secret sharing scheme, the sets 246 and 257 are unqualified. The fourth scheme is given by the \({\mathbb {K}}\)-linear code with generator matrix

$$\begin{aligned}\left( \begin{array}{cccccccc} 0 &{} 0 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 \\ 0 &{} -1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 \\ 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 \\ 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 \end{array} \right) \end{aligned}$$

which represents the matroid that is obtained from \(R_8\) by relaxing the 4-points planes 1256, 0145, and 0167. The sets 145 and 167 are not qualified in the corresponding scheme. Observe that every minimal qualified set of \({\mathcal {Q}}\) appears in at least 3 of those 4 ideal linear secret sharing schemes. Therefore, we get a linear secret sharing scheme for \({\mathcal {Q}}\) with information ratio 4/3.

6 Open Problems

The first line of future work worth mentioning is to fully conclude the projects initiated by Jackson and Martin [37] and van Dijk [20] by determining the values of \(\sigma ({\varGamma })\), \({\widetilde{\sigma }}({\varGamma })\), \(\lambda ({\varGamma })\), and \({\widetilde{\lambda }}({\varGamma })\) for all access structures on five participants and all graph-based access structures on six participants. By Remark 3.7, our bounds on \(\lambda ({\varGamma })\), and \({\widetilde{\lambda }}({\varGamma })\) apply also to schemes defined by abelian groups.

Many examples of access structures with \(\kappa ({\varGamma }) = \sigma ({\varGamma }) = \lambda ({\varGamma })\) are known, and also examples with \(\kappa ({\varGamma }) < \sigma ({\varGamma })\) and \(\kappa ({\varGamma }) < \lambda ({\varGamma })\). An open problem is to find the smallest examples with \(\sigma ({\varGamma }) < \lambda ({\varGamma })\), and also examples in each of the following situations: \(\kappa ({\varGamma }) = \sigma ({\varGamma }) < \lambda ({\varGamma })\), \(\kappa ({\varGamma }) < \sigma ({\varGamma }) = \lambda ({\varGamma })\), and \(\kappa ({\varGamma })< \sigma ({\varGamma }) < \lambda ({\varGamma })\). Another interesting problem is to find matroid ports such that \(\sigma ({\varGamma })\) or \(\lambda ({\varGamma })\) are greater than 3/2 or even arbitrarily large.

It is worth noticing that, even though we used the common information property to derive lower bounds for linear secret sharing schemes, we could not determine whether that property have a good behavior with respect to duality or not. This may be due to the fact that, by Remark 3.7, those bounds apply to a more general class of schemes. Therefore, when searching for bounds by using common informations, it is worth to apply the method both to an access structure and its dual.

The main direction for future research is to obtain a better understanding of the techniques introduced here in order to improve, if possible, the known asymptotic lower bounds on \(\sigma ({\varGamma })\). Notice that it is not necessary to solve the corresponding linear programming problem to determine a lower bound. Instead, any feasible solution of the dual linear programming problem provides a lower bound. This strategy, which was suggested by one of the reviewers of this work, has been used, not explicitly, by the authors that have derived lower bounds from the constraints without solving the linear programming problem.