Modern Cryptography Through the Lens of Secret Sharing

Secret sharing is a mechanism by which a trusted dealer holding a secret “splits” the secret into many “shares” and distributes the shares to a collections of parties. Associated with the sharing is a monotone access structure, that specifies which parties are “qualified” and which are not: any qualified subset of parties can (efficiently) reconstruct the secret, but no unqualified subset can learn anything about the secret. In the most general form of secret sharing, the access structure can be any monotone NP language. In this work, we consider two very natural extensions of secret sharing. In the first, which we call distributed secret sharing, there is no trusted dealer at all, and instead the role of the dealer is distributed amongst the parties themselves. Distributed secret sharing can be thought of as combining the features of multiparty non-interactive key exchange and standard secret sharing, and may be useful in settings where the secret is so sensitive that no one individual dealer can be trusted with the secret. Our second notion is called functional secret sharing, which incorporates some of the features of functional encryption into secret sharing by providing more fine-grained access to the secret. Qualified subsets of parties do not learn the secret, but instead learn some function applied to the secret, with each set of parties potentially learning a different function. Our main result is that both of the extensions above are equivalent to several recent cuttingedge primitives. In particular, general-purpose distributed secret sharing is equivalent to witness PRFs, and general-purpose functional secret sharing is equivalent to indistinguishability obfuscation. Thus, our work shows that it is possible to view some of the recent developments in cryptography through a secret sharing lens, yielding new insights about both these cutting-edge primitives and secret sharing. ∗Weizmann Institute of Science, Israel. Email: ilan.komargodski@weizmann.ac.il. Supported in part by a grant from the I-CORE Program of the Planning and Budgeting Committee, the Israel Science Foundation, BSF and the Israeli Ministry of Science and Technology. †Stanford University and MIT. Email: mzhandry@gmail.com. Supported by the DARPA PROCEED program.

[1]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[2]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[3]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[4]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[5]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[6]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[7]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[8]  Zvika Brakerski,et al.  Obfuscating Circuits via Composite-Order Graded Encoding , 2015, TCC.

[9]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[10]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[11]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[12]  M. Sipser,et al.  Monotone complexity , 1992 .

[13]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[14]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[15]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[16]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[17]  Mark Zhandry,et al.  How to Avoid Obfuscation Using Witness PRFs , 2016, TCC.

[18]  Rafael Pass,et al.  Indistinguishability Obfuscation from Semantically-Secure Multilinear Encodings , 2014, CRYPTO.

[19]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[20]  Jean-Sébastien Coron,et al.  New Multilinear Maps Over the Integers , 2015, CRYPTO.

[21]  Moni Naor,et al.  Secret-Sharing for NP , 2014, Journal of Cryptology.

[22]  Eyal Kushilevitz,et al.  Computing Functions of a Shared Secret , 2000, SIAM J. Discret. Math..

[23]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[24]  Allison Bishop,et al.  Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[25]  Brent Waters,et al.  Constrained Pseudorandom Functions and Their Applications , 2013, ASIACRYPT.

[26]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[27]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[28]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[29]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[30]  Moni Naor,et al.  One-Way Functions and (Im)Perfect Obfuscation , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.