How to Share a Secret, Infinitely

Conference paper

DOI: 10.1007/978-3-662-53644-5_19

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9986)
Cite this paper as:
Komargodski I., Naor M., Yogev E. (2016) How to Share a Secret, Infinitely. In: Hirt M., Smith A. (eds) Theory of Cryptography. TCC 2016. Lecture Notes in Computer Science, vol 9986. Springer, Berlin, Heidelberg


Secret sharing schemes allow a dealer to distribute a secret piece of information among several parties such that only qualified subsets of parties can reconstruct the secret. The collection of qualified subsets is called an access structure. The best known example is the k-threshold access structure, where the qualified subsets are those of size at least k. When \(k=2\) and there are n parties, there are schemes where the size of the share each party gets is roughly \(\log n\) bits, and this is tight even for secrets of 1 bit. In these schemes, the number of parties n must be given in advance to the dealer.

In this work we consider the case where the set of parties is not known in advance and could potentially be infinite. Our goal is to give the \({t}^{th}\) party arriving the smallest possible share as a function of t. Our main result is such a scheme for the k-threshold access structure where the share size of party t is \((k-1)\cdot \log t + \mathsf {poly}(k)\cdot o(\log t)\). For \(k=2\) we observe an equivalence to prefix codes and present matching upper and lower bounds of the form \(\log t + \log \log t + \log \log \log t + O(1)\). Finally, we show that for any access structure there exists such a secret sharing scheme with shares of size \(2^{t-1}\).

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations