Unconditionally-Secure Robust Secret Sharing with Compact Shares

  • Alfonso Cevallos
  • Serge Fehr
  • Rafail Ostrovsky
  • Yuval Rabani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7237)


We consider the problem of reconstructing a shared secret in the presence of faulty shares, with unconditional security. We require that any t shares give no information on the shared secret, and reconstruction is possible even if up to t out of the n shares are incorrect. The interesting setting is n/3 ≤ t < n/2, where reconstruction of a shared secret in the presence of faulty shares is possible, but only with an increase in the share size, and only if one admits a small failure probability. The goal of this work is to minimize this overhead in the share size. Known schemes either have a Ω(κn)-overhead in share size, where κ is the security parameter, or they have a close-to-optimal overhead of order O(κ + n) but have an exponential running time (in n).

In this paper, we propose a new scheme that has a close-to-optimal overhead in the share size of order \(\tilde{O}(\kappa+n)\), and a polynomial running time. Interestingly, the shares in our new scheme are prepared in the very same way as in the well-known scheme by Rabin and Ben-Or, which relies on message authentication, but we use a message authentication code with short tags and keys and with correspondingly weak security. The short tags and keys give us the required saving in the share size. Surprisingly, we can compensate for the weakened security of the authentication and achieve an exponentially small (in κ) failure probability by means of a more sophisticated reconstruction procedure.


Secret Sharing Secret Sharing Scheme Message Authentication Code Share Size Honest Player 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Berlekamp, E.R., Welch, L.R.: Error correction of algebraic block codes. U.S. Patent Number 4.633.470 (1986)Google Scholar
  2. 2.
    Blakley, G.R.: Safeguarding cryptographic keys. In: National Computer Conference, vol. 48, pp. 313–317. AFIPS Press (1979)Google Scholar
  3. 3.
    Cabello, S., Padró, C., Sáez, G.: Secret Sharing Schemes with Detection of Cheaters for a General Access Structure. In: Ciobanu, G., Păun, G. (eds.) FCT 1999. LNCS, vol. 1684, pp. 185–194. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: 26th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 383–395 (1985)Google Scholar
  5. 5.
    Cramer, R., Damgård, I., Fehr, S.: On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 503–523. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    den Boer, B.: A simple and key-economical unconditional authentication scheme. Journal of Computer Security 2, 65–72 (1993)Google Scholar
  8. 8.
    Dolev, D., Dwork, C., Waarts, O., Yung, M.: Perfectly secure message transmission. In: 31st Annual IEEE Symposium on Foundations of Computer Science (FOCS), vol. I, pp. 36–45 (1990)Google Scholar
  9. 9.
    Garay, J., Givens, C., Ostrovsky, R.: Secure Message Transmission with Small Public Discussion. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 177–196. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Garay, J., Givens, C., Ostrovsky, R.: Secure Message Transmission by Public Discussion: A Brief Survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 126–141. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Gemmell, P., Sudan, M.: Highly resilient correctors for polynomials. Information Processing Letters 43(4), 169–174 (1992)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Ishai, Y., Ostrovsky, R., Seyalioglu, H.: Identifying Cheaters without an Honest Majority. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 21–38. Springer, Heidelberg (2012)Google Scholar
  13. 13.
    Johansson, T., Kabatianskii, G., Smeets, B.: On the Relation between A-Codes and Codes Correcting Independent Errors. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 1–11. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Kurosawa, K., Suzuki, K.: Almost secure (1-round, n -channel) message transmission scheme. IEICE Transactions 92-A(1) (2009)Google Scholar
  15. 15.
    Ogata, W., Kurosawa, K., Stinson, D.R.: Optimum secret sharing scheme secure against cheating. SIAM Journal on Discrete Mathematics 20(1), 79–95 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Pedersen, T.P.: Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  17. 17.
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: 21st Annual ACM Symposium on Theory of Computing (STOC), pp. 73–85 (1989)Google Scholar
  18. 18.
    Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)MathSciNetzbMATHCrossRefGoogle Scholar
  19. 19.
    Taylor, R.: An Integrity Check Value Algorithm for Stream Ciphers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 40–48. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Tompa, M., Woll, H.: How to Share a Secret with Cheaters. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 261–265. Springer, Heidelberg (1987)Google Scholar
  21. 21.
    Wegman, M.N., Lawrence Carter, J.: New classes and applications of hash functions. In: 20th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 175–182 (1979)Google Scholar
  22. 22.
    Wegman, M.N., Lawrence Carter, J.: New hash functions and their use in authentication and set equality. Journal of Computer and System Science 22(3), 265–279 (1981)zbMATHCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Alfonso Cevallos
    • 1
  • Serge Fehr
    • 2
  • Rafail Ostrovsky
    • 3
  • Yuval Rabani
    • 4
  1. 1.Mathematical InstituteLeiden UniversityThe Netherlands
  2. 2.Centrum Wiskunde & Informatica (CWI)AmsterdamThe Netherlands
  3. 3.Department of Computer Science, Department of MathematicsUCLAUSA
  4. 4.The Rachel and Selim Benin School of Computer Science and EngineeringThe Hebrew University of JerusalemJerusalemIsrael

Personalised recommendations