Threshold Secret Sharing Requires a Linear Size Alphabet

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9986)


We prove that for every n and \(1< t < n\) any t-out-of-n threshold secret sharing scheme for one-bit secrets requires share size \(\log (t + 1)\). Our bound is tight when \(t = n - 1\) and n is a prime power. In 1990 Kilian and Nisan proved the incomparable bound \(\log (n - t + 2)\). Taken together, the two bounds imply that the share size of Shamir’s secret sharing scheme (Comm. ACM ’79) is optimal up to an additive constant even for one-bit secrets for the whole range of parameters \(1< t < n\).

More generally, we show that for all \(1< s< r < n\), any ramp secret sharing scheme with secrecy threshold s and reconstruction threshold r requires share size \(\log ((r + 1)/(r - s))\).

As part of our analysis we formulate a simple game-theoretic relaxation of secret sharing for arbitrary access structures. We prove the optimality of our analysis for threshold secret sharing with respect to this method and point out a general limitation.


  1. 1.
    Babai, L., Gál, A., Wigderson, A.: Superpolynomial lower bounds for monotone span programs. Combinatorica 19(3), 301–319 (1999)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion - Israel Institute of Technology (1996)Google Scholar
  3. 3.
    Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Beimel, A., Chor, B.: Universally ideal secret-sharing schemes. IEEE Trans. Inf. Theor. 40(3), 786–794 (1994)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Beimel, A., Franklin, M.K.: Weakly-private secret sharing schemes. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 253–272. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Beimel, A., Gál, A., Paterson, M.: Lower bounds for monotone span programs. Comput. Complex. 6(1), 29–45 (1997)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Beimel, A., Ishai, Y.: On the power of nonlinear secrect-sharing. In: 16th Annual IEEE Conference on Computational Complexity, CCC, pp. 188–202 (2001)Google Scholar
  8. 8.
    Beimel, A., Orlov, I.: Secret sharing and non-shannon information inequalities. IEEE Trans. Inf. Theor. 57(9), 5634–5649 (2011)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  10. 10.
    Blakley, G.R., Meadows, C.: Security of ramp schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 242–268. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  11. 11.
    Blakley, G.R.: Safeguarding cryptographic keys. Proc. AFIPS Natl. Comput. Conf. 22, 313–317 (1979)Google Scholar
  12. 12.
    Bogdanov, A., Ishai, Y., Viola, E., Williamson, C.: Bounded indistinguishability and the complexity of recovering secrets. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 593–618. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53015-3_21 CrossRefGoogle Scholar
  13. 13.
    Capocelli, R.M., Santis, A.D., Gargano, L., Vaccaro, U.: On the size of shares for secret sharing schemes. J. Cryptol. 6(3), 157–167 (1993)CrossRefMATHGoogle Scholar
  14. 14.
    Cascudo Pueyo, I., Cramer, R., Xing, C.: Bounds on the threshold gap in secret sharing and its applications. IEEE Trans. Inf. Theor. 59(9), 5600–5612 (2013)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Chen, H., Cramer, R.: Algebraic geometric secret sharing schemes and secure multi-party computations over small fields. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 521–536. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Cook, S.A., Pitassi, T., Robere, R., Rossman, B.: Exponential lower bounds for monotone span programs. Electron. Colloq. Comput. Complex. 23, 64 (2016)Google Scholar
  17. 17.
    Cramer, R., Damgård, I., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)CrossRefMATHGoogle Scholar
  18. 18.
    Cramer, R., Fehr, S., Stam, M.: Black-box secret sharing from primitive sets in algebraic number fields. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 344–360. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Csirmaz, L.: The size of a share must be large. J. Cryptol. 10(4), 223–231 (1997)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Farràs, O., Hansen, T., Kaced, T., Padró, C.: Optimal non-perfect uniform secret sharing schemes. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 217–234. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  21. 21.
    Farràs, O., Molleví, S.M., Padró, C.: A note on non-perfect secret sharing. IACR Cryptology ePrint Archive, p. 348 (2016)Google Scholar
  22. 22.
    Gál, A.: A characterization of span program size and improved lower bounds for monotone span programs. Comput. Complex. 10(4), 277–296 (2001)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Ito, M., Saito, A., Nishizeki, T.: Multiple assignment scheme for sharing secret. J. Cryptol. 6(1), 15–20 (1993)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Karchmer, M., Wigderson, A.: On span programs. In: 8th Annual Structure in Complexity Theory Conference, pp. 102–111 (1993)Google Scholar
  25. 25.
    Kilian, J., Nisan, N.: Unpublished (1990). Referenced in [4,2,5,14]Google Scholar
  26. 26.
    Komargodski, I., Naor, M., Yogev, E.: How to share a secret, infinitely. IACR Cryptology ePrint Archive 2016, 194 (2016)Google Scholar
  27. 27.
    Martin, K.M., Paterson, M.B., Stinson, D.R.: Error decodable secret sharing and one-round perfectly secure message transmission for general adversary structures. Crypt. Commun. 3, 65–86 (2011)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Molleví, S.M., Padró, C., Yang, A.: Secret sharing, rank inequalities, and information inequalities. IEEE Trans. Inf. Theor. 62(1), 599–609 (2016)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Paterson, M.B., Stinson, D.R.: A simple combinatorial treatment of constructions and threshold gaps of ramp schemes. Crypt. Commun. 5, 229–240 (2013)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefMATHGoogle Scholar
  31. 31.
    Stinson, D.R., Wei, R.: An application of ramp schemes to broadcast encryption. Inf. Process. Lett. 69, 131–135 (1999)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Chinese University of Hong KongHong KongChina
  2. 2.New York UniversityNew YorkUSA
  3. 3.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations