The Share Size of Secret-Sharing Schemes for Almost All Access Structures and Graphs

The share size of general secret-sharing schemes is poorly understood. The gap between the best known upper bound on the total share size per party of 2 (Applebaum et al., STOC 2020) and the best known lower bound of Ω(n/ log n) (Csirmaz, J. of Cryptology 1997) is huge (where n is the number of parties in the scheme). To gain some understanding on this problem, we study the share size of secret-sharing schemes of almost all access structures, i.e., of almost all collections of authorized sets. This is motivated by the fact that in complexity, many times almost all objects are hardest (e.g., most Boolean functions require exponential size circuits). All previous constructions of secret-sharing schemes were for the worst access structures (i.e., all access structures) or for specific families of access structures. We prove upper bounds on the share size for almost all access structures. We combine results on almost all monotone Boolean functions (Korshunov, Probl. Kibern. 1981) and a construction of (Liu and Vaikuntanathan, STOC 2018) and conclude that almost all access structures have a secret-sharing scheme with share size 2 √ . We also study graph secret-sharing schemes. In these schemes, the parties are vertices of a graph and a set can reconstruct the secret if and only if it contains an edge. Again, for this family there is a huge gap between the upper bounds – O(n/ log n) (Erdös and Pyber, Discrete Mathematics 1997) – and the lower bounds – Ω(log n) (van Dijk, Des. Codes Crypto. 1995). We show that for almost all graphs, the share size of each party is n. This result is achieved by using robust 2-server conditional disclosure of secrets protocols, a new primitive introduced and constructed in (Applebaum et al., STOC 2020), and the fact that the size of the maximal independent set in a random graph is small. Finally, using robust conditional disclosure of secrets protocols, we improve the total share size for all very dense graphs.

[1]  Alan M. Frieze,et al.  Random graphs , 2006, SODA '06.

[2]  M. van Dijk On the information rate of perfect secret sharing schemes , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[3]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[4]  Hoeteck Wee,et al.  Communication Complexity of Conditional Disclosure of Secrets and Attribute-Based Encryption , 2015, CRYPTO.

[5]  Béla Bollobás,et al.  Graphs which Contain all Small Graphs , 1981, Eur. J. Comb..

[6]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[7]  Nuttapong Attrapadung,et al.  Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More , 2014, IACR Cryptol. ePrint Arch..

[8]  Carles Padró,et al.  Improving the Linear Programming Technique in the Search for Lower Bounds in Secret Sharing , 2018, IEEE Transactions on Information Theory.

[9]  Ernest F. Brickell,et al.  On the classification of ideal secret sharing schemes , 1989, Journal of Cryptology.

[10]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[11]  Gábor Tardos,et al.  Optimal Information Rate of Secret Sharing Schemes on Trees , 2013, IEEE Transactions on Information Theory.

[12]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[13]  Alfredo De Santis,et al.  Tight Bounds on the Information Rate of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[14]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[15]  László Csirmaz Secret sharing schemes on graphs , 2005, IACR Cryptol. ePrint Arch..

[16]  László Csirmaz,et al.  Secret sharing on large girth graphs , 2018, Cryptography and Communications.

[17]  Gustavus J. Simmons,et al.  How to (Really) Share a Secret , 1988, CRYPTO.

[18]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[19]  Prashant Nalini Vasudevan,et al.  Placing Conditional Disclosure of Secrets in the Communication Complexity Universe , 2021, Journal of Cryptology.

[20]  Colin McDiarmid,et al.  Topics in Chromatic Graph Theory: Colouring random graphs , 2015 .

[21]  Benny Applebaum,et al.  On the Power of Amortization in Secret Sharing: d-Uniform Secret Sharing and CDS with Constant Information Rate , 2018, TCC.

[22]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[23]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[24]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[25]  Carles Padró,et al.  Multi-linear Secret-Sharing Schemes , 2014, TCC.

[26]  Amos Beimel,et al.  Secret-Sharing Schemes for General and Uniform Access Structures , 2019, IACR Cryptol. ePrint Arch..

[27]  Enav Weinreb,et al.  Separating the power of monotone span programs over different fields , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[28]  Douglas R Stinson,et al.  Some improved bounds on the information rate of perfect secret sharing schemes , 1990, Journal of Cryptology.

[29]  Hoeteck Wee,et al.  Dual System Encryption via Predicate Encodings , 2014, TCC.

[30]  Alfredo De Santis,et al.  On the size of shares for secret sharing schemes , 1991, Journal of Cryptology.

[31]  Amos Beimel,et al.  Better secret sharing via robust conditional disclosure of secrets , 2020, Electron. Colloquium Comput. Complex..

[32]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[33]  Ingemar Ingemarsson,et al.  A Construction of Practical Secret Sharing Schemes using Linear Block Codes , 1992, AUSCRYPT.

[34]  Peter Nelson,et al.  Almost all matroids are nonrepresentable , 2016, 1605.04288.

[35]  Amos Beimel,et al.  Optimal Linear Multiparty Conditional Disclosure of Secrets Protocols , 2018, IACR Cryptol. ePrint Arch..

[36]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.

[37]  László Csirmaz,et al.  An impossibility result on graph secret sharing , 2009, Des. Codes Cryptogr..

[38]  Vinod Vaikuntanathan,et al.  Conditional Disclosure of Secrets via Non-linear Reconstruction , 2017, CRYPTO.

[39]  László Csirmaz Secret sharing on the d-dimensional cube , 2015, Des. Codes Cryptogr..

[40]  Claude E. Shannon,et al.  The synthesis of two-terminal switching circuits , 1949, Bell Syst. Tech. J..

[41]  Amos Beimel,et al.  Secret-Sharing Schemes for Very Dense Graphs , 2014, Journal of Cryptology.

[42]  Avi Wigderson,et al.  Superpolynomial Lower Bounds for Monotone Span Programs , 1996, Comb..

[43]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[44]  Eyal Kushilevitz,et al.  The Complexity of Multiparty PSM Protocols and Related Models , 2018, IACR Cryptol. ePrint Arch..

[45]  Amos Beimel,et al.  Universally ideal secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[46]  Alfredo De Santis,et al.  New bounds on the information rate of secret sharing schemes , 1995, IEEE Trans. Inf. Theory.

[47]  Moni Naor,et al.  Access Control and Signatures via Quorum Secret Sharing , 1998, IEEE Trans. Parallel Distributed Syst..

[48]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[49]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[50]  Prashant Nalini Vasudevan,et al.  Conditional Disclosure of Secrets: Amplification, Closure, Amortization, Lower-Bounds, and Separations , 2017, CRYPTO.

[51]  Vinod Vaikuntanathan,et al.  Breaking the circuit-size barrier in secret sharing , 2018, IACR Cryptol. ePrint Arch..

[52]  Eyal Kushilevitz,et al.  Secret sharing over infinite domains , 1993, Journal of Cryptology.

[53]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[54]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[55]  Yuval Ishai,et al.  On the Cryptographic Complexity of the Worst Functions , 2014, TCC.

[56]  Amos Beimel,et al.  Linear Secret-Sharing Schemes for Forbidden Graph Access Structures , 2017, TCC.

[57]  Anna Gál,et al.  Lower bounds for monotone span programs , 2005, computational complexity.

[58]  Paul Erdös,et al.  Covering a graph by complete bipartite graphs , 1997, Discret. Math..

[59]  Alfredo De Santis,et al.  On the Information Rate of Secret Sharing Schemes , 1996, Theor. Comput. Sci..

[60]  Toniann Pitassi,et al.  Lifting Nullstellensatz to monotone span programs over any field , 2018, Electron. Colloquium Comput. Complex..

[61]  Vinod Vaikuntanathan,et al.  Towards Breaking the Exponential Barrier for General Secret Sharing , 2017, IACR Cryptol. ePrint Arch..

[62]  Marten van Dijk On the information rate of perfect secret sharing schemes , 1995, Des. Codes Cryptogr..

[63]  Carles Padró,et al.  On secret sharing schemes, matroids and polymatroids , 2006, J. Math. Cryptol..

[64]  Hung-Min Sun,et al.  Secret sharing in graph-based prohibited structures , 1997, Proceedings of INFOCOM '97.

[65]  Pavel Pudlák Monotone complexity and the rank of matrices , 2002, Electron. Colloquium Comput. Complex..

[66]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[67]  Benny Applebaum,et al.  The Communication Complexity of Private Simultaneous Messages, Revisited , 2018, Electron. Colloquium Comput. Complex..

[68]  Murali K. Ganapathy,et al.  On the number of zero-patterns of a sequence of polynomials , 2001 .