Threshold Secret Sharing Requires a Linear Size Alphabet

  • Andrej BogdanovEmail author
  • Siyao Guo
  • Ilan Komargodski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9986)


We prove that for every n and \(1< t < n\) any t-out-of-n threshold secret sharing scheme for one-bit secrets requires share size \(\log (t + 1)\). Our bound is tight when \(t = n - 1\) and n is a prime power. In 1990 Kilian and Nisan proved the incomparable bound \(\log (n - t + 2)\). Taken together, the two bounds imply that the share size of Shamir’s secret sharing scheme (Comm. ACM ’79) is optimal up to an additive constant even for one-bit secrets for the whole range of parameters \(1< t < n\).

More generally, we show that for all \(1< s< r < n\), any ramp secret sharing scheme with secrecy threshold s and reconstruction threshold r requires share size \(\log ((r + 1)/(r - s))\).

As part of our analysis we formulate a simple game-theoretic relaxation of secret sharing for arbitrary access structures. We prove the optimality of our analysis for threshold secret sharing with respect to this method and point out a general limitation.


Secret Sharing Access Structure Winning Strategy Secret Sharing Scheme Threshold Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank Moni Naor for telling us about the work of Kilian and Nisan. We thank the anonymous reviewers for their useful advice.


  1. 1.
    Babai, L., Gál, A., Wigderson, A.: Superpolynomial lower bounds for monotone span programs. Combinatorica 19(3), 301–319 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion - Israel Institute of Technology (1996)Google Scholar
  3. 3.
    Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Beimel, A., Chor, B.: Universally ideal secret-sharing schemes. IEEE Trans. Inf. Theor. 40(3), 786–794 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Beimel, A., Franklin, M.K.: Weakly-private secret sharing schemes. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 253–272. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Beimel, A., Gál, A., Paterson, M.: Lower bounds for monotone span programs. Comput. Complex. 6(1), 29–45 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Beimel, A., Ishai, Y.: On the power of nonlinear secrect-sharing. In: 16th Annual IEEE Conference on Computational Complexity, CCC, pp. 188–202 (2001)Google Scholar
  8. 8.
    Beimel, A., Orlov, I.: Secret sharing and non-shannon information inequalities. IEEE Trans. Inf. Theor. 57(9), 5634–5649 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  10. 10.
    Blakley, G.R., Meadows, C.: Security of ramp schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 242–268. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  11. 11.
    Blakley, G.R.: Safeguarding cryptographic keys. Proc. AFIPS Natl. Comput. Conf. 22, 313–317 (1979)Google Scholar
  12. 12.
    Bogdanov, A., Ishai, Y., Viola, E., Williamson, C.: Bounded indistinguishability and the complexity of recovering secrets. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 593–618. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53015-3_21 CrossRefGoogle Scholar
  13. 13.
    Capocelli, R.M., Santis, A.D., Gargano, L., Vaccaro, U.: On the size of shares for secret sharing schemes. J. Cryptol. 6(3), 157–167 (1993)CrossRefzbMATHGoogle Scholar
  14. 14.
    Cascudo Pueyo, I., Cramer, R., Xing, C.: Bounds on the threshold gap in secret sharing and its applications. IEEE Trans. Inf. Theor. 59(9), 5600–5612 (2013)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Chen, H., Cramer, R.: Algebraic geometric secret sharing schemes and secure multi-party computations over small fields. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 521–536. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Cook, S.A., Pitassi, T., Robere, R., Rossman, B.: Exponential lower bounds for monotone span programs. Electron. Colloq. Comput. Complex. 23, 64 (2016)Google Scholar
  17. 17.
    Cramer, R., Damgård, I., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)CrossRefzbMATHGoogle Scholar
  18. 18.
    Cramer, R., Fehr, S., Stam, M.: Black-box secret sharing from primitive sets in algebraic number fields. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 344–360. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Csirmaz, L.: The size of a share must be large. J. Cryptol. 10(4), 223–231 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Farràs, O., Hansen, T., Kaced, T., Padró, C.: Optimal non-perfect uniform secret sharing schemes. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 217–234. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  21. 21.
    Farràs, O., Molleví, S.M., Padró, C.: A note on non-perfect secret sharing. IACR Cryptology ePrint Archive, p. 348 (2016)Google Scholar
  22. 22.
    Gál, A.: A characterization of span program size and improved lower bounds for monotone span programs. Comput. Complex. 10(4), 277–296 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Ito, M., Saito, A., Nishizeki, T.: Multiple assignment scheme for sharing secret. J. Cryptol. 6(1), 15–20 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Karchmer, M., Wigderson, A.: On span programs. In: 8th Annual Structure in Complexity Theory Conference, pp. 102–111 (1993)Google Scholar
  25. 25.
    Kilian, J., Nisan, N.: Unpublished (1990). Referenced in [4,2,5,14]Google Scholar
  26. 26.
    Komargodski, I., Naor, M., Yogev, E.: How to share a secret, infinitely. IACR Cryptology ePrint Archive 2016, 194 (2016)Google Scholar
  27. 27.
    Martin, K.M., Paterson, M.B., Stinson, D.R.: Error decodable secret sharing and one-round perfectly secure message transmission for general adversary structures. Crypt. Commun. 3, 65–86 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Molleví, S.M., Padró, C., Yang, A.: Secret sharing, rank inequalities, and information inequalities. IEEE Trans. Inf. Theor. 62(1), 599–609 (2016)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Paterson, M.B., Stinson, D.R.: A simple combinatorial treatment of constructions and threshold gaps of ramp schemes. Crypt. Commun. 5, 229–240 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Stinson, D.R., Wei, R.: An application of ramp schemes to broadcast encryption. Inf. Process. Lett. 69, 131–135 (1999)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Chinese University of Hong KongHong KongChina
  2. 2.New York UniversityNew YorkUSA
  3. 3.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations