Threshold Secret Sharing Requires a Linear Size Alphabet

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9986)


We prove that for every n and \(1< t < n\) any t-out-of-n threshold secret sharing scheme for one-bit secrets requires share size \(\log (t + 1)\). Our bound is tight when \(t = n - 1\) and n is a prime power. In 1990 Kilian and Nisan proved the incomparable bound \(\log (n - t + 2)\). Taken together, the two bounds imply that the share size of Shamir’s secret sharing scheme (Comm. ACM ’79) is optimal up to an additive constant even for one-bit secrets for the whole range of parameters \(1< t < n\).

More generally, we show that for all \(1< s< r < n\), any ramp secret sharing scheme with secrecy threshold s and reconstruction threshold r requires share size \(\log ((r + 1)/(r - s))\).

As part of our analysis we formulate a simple game-theoretic relaxation of secret sharing for arbitrary access structures. We prove the optimality of our analysis for threshold secret sharing with respect to this method and point out a general limitation.





We thank Moni Naor for telling us about the work of Kilian and Nisan. We thank the anonymous reviewers for their useful advice.


  1. 1.
    Babai, L., Gál, A., Wigderson, A.: Superpolynomial lower bounds for monotone span programs. Combinatorica 19(3), 301–319 (1999)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion - Israel Institute of Technology (1996)Google Scholar
  3. 3.
    Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Beimel, A., Chor, B.: Universally ideal secret-sharing schemes. IEEE Trans. Inf. Theor. 40(3), 786–794 (1994)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Beimel, A., Franklin, M.K.: Weakly-private secret sharing schemes. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 253–272. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Beimel, A., Gál, A., Paterson, M.: Lower bounds for monotone span programs. Comput. Complex. 6(1), 29–45 (1997)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Beimel, A., Ishai, Y.: On the power of nonlinear secrect-sharing. In: 16th Annual IEEE Conference on Computational Complexity, CCC, pp. 188–202 (2001)Google Scholar
  8. 8.
    Beimel, A., Orlov, I.: Secret sharing and non-shannon information inequalities. IEEE Trans. Inf. Theor. 57(9), 5634–5649 (2011)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  10. 10.
    Blakley, G.R., Meadows, C.: Security of ramp schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 242–268. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  11. 11.
    Blakley, G.R.: Safeguarding cryptographic keys. Proc. AFIPS Natl. Comput. Conf. 22, 313–317 (1979)Google Scholar
  12. 12.
    Bogdanov, A., Ishai, Y., Viola, E., Williamson, C.: Bounded indistinguishability and the complexity of recovering secrets. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 593–618. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53015-3_21 CrossRefGoogle Scholar
  13. 13.
    Capocelli, R.M., Santis, A.D., Gargano, L., Vaccaro, U.: On the size of shares for secret sharing schemes. J. Cryptol. 6(3), 157–167 (1993)CrossRefMATHGoogle Scholar
  14. 14.
    Cascudo Pueyo, I., Cramer, R., Xing, C.: Bounds on the threshold gap in secret sharing and its applications. IEEE Trans. Inf. Theor. 59(9), 5600–5612 (2013)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Chen, H., Cramer, R.: Algebraic geometric secret sharing schemes and secure multi-party computations over small fields. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 521–536. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Cook, S.A., Pitassi, T., Robere, R., Rossman, B.: Exponential lower bounds for monotone span programs. Electron. Colloq. Comput. Complex. 23, 64 (2016)Google Scholar
  17. 17.
    Cramer, R., Damgård, I., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)CrossRefMATHGoogle Scholar
  18. 18.
    Cramer, R., Fehr, S., Stam, M.: Black-box secret sharing from primitive sets in algebraic number fields. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 344–360. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Csirmaz, L.: The size of a share must be large. J. Cryptol. 10(4), 223–231 (1997)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Farràs, O., Hansen, T., Kaced, T., Padró, C.: Optimal non-perfect uniform secret sharing schemes. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 217–234. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  21. 21.
    Farràs, O., Molleví, S.M., Padró, C.: A note on non-perfect secret sharing. IACR Cryptology ePrint Archive, p. 348 (2016)Google Scholar
  22. 22.
    Gál, A.: A characterization of span program size and improved lower bounds for monotone span programs. Comput. Complex. 10(4), 277–296 (2001)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Ito, M., Saito, A., Nishizeki, T.: Multiple assignment scheme for sharing secret. J. Cryptol. 6(1), 15–20 (1993)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Karchmer, M., Wigderson, A.: On span programs. In: 8th Annual Structure in Complexity Theory Conference, pp. 102–111 (1993)Google Scholar
  25. 25.
    Kilian, J., Nisan, N.: Unpublished (1990). Referenced in [4,2,5,14]Google Scholar
  26. 26.
    Komargodski, I., Naor, M., Yogev, E.: How to share a secret, infinitely. IACR Cryptology ePrint Archive 2016, 194 (2016)Google Scholar
  27. 27.
    Martin, K.M., Paterson, M.B., Stinson, D.R.: Error decodable secret sharing and one-round perfectly secure message transmission for general adversary structures. Crypt. Commun. 3, 65–86 (2011)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Molleví, S.M., Padró, C., Yang, A.: Secret sharing, rank inequalities, and information inequalities. IEEE Trans. Inf. Theor. 62(1), 599–609 (2016)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Paterson, M.B., Stinson, D.R.: A simple combinatorial treatment of constructions and threshold gaps of ramp schemes. Crypt. Commun. 5, 229–240 (2013)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefMATHGoogle Scholar
  31. 31.
    Stinson, D.R., Wei, R.: An application of ramp schemes to broadcast encryption. Inf. Process. Lett. 69, 131–135 (1999)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Chinese University of Hong KongHong KongChina
  2. 2.New York UniversityNew YorkUSA
  3. 3.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations