Essentially Optimal Robust Secret Sharing with Maximal Corruptions

In a t-out-of-nrobust secret sharing scheme, a secret message is shared among n parties who can reconstruct the message by combining their shares. An adversary can adaptively corrupt upi¾?to t of the parties, get their shares, and modify them arbitrarily. The scheme should satisfy privacy, meaning that the adversary cannot learn anything about the shared message, and robustness, meaning that the adversary cannot cause the reconstruction procedure to output an incorrect message. Such schemes are only possible in the case of an honest majority, and here we focus on unconditional security in the maximal corruption setting where $$n = 2t+1$$ n=2t+1. In this scenario, to share an m-bit message with a reconstruction failure probability of at most $$2^{-k}$$ 2-k, a known lower-bound shows that the share size must be at least $$m + k$$ m+ki¾?bits. On the other hand, all prior constructions have share size that scales linearly with the number of parties n, and the prior state-of-the-art scheme due to Cevallos et al. EUROCRYPT '12 achieves $$m + \widetilde{O}k + n$$ m+O~k+n. In this work, we construct the first robust secret sharing scheme in the maximal corruption setting with $$n=2t+1$$ n=2t+1, that avoids the linear dependence between share size and the number of parties n. In particular, we get a share size of only $$m + \widetilde{O}k$$ m+O~ki¾?bits. Our scheme is computationally efficient and relies on approximation algorithms for the minimum graph bisection problem.

[1]  Rafail Ostrovsky,et al.  Unconditionally-Secure Robust Secret Sharing with Compact Shares , 2012, EUROCRYPT.

[2]  Robert Krauthgamer,et al.  A polylogarithmic approximation of the minimum bisection , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[3]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[4]  Ivan Damgård,et al.  Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions , 2015, EUROCRYPT.

[5]  Oded Goldreich Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[6]  Aravind Srinivasan,et al.  Randomized Distributed Edge Coloring via an Extension of the Chernoff-Hoeffding Bounds , 1997, SIAM J. Comput..

[7]  Anne Auger,et al.  Theory of Randomized Search Heuristics: Foundations and Recent Developments , 2011, Theory of Randomized Search Heuristics.

[8]  Allison Bishop,et al.  Robust Secret Sharing Schemes Against Local Adversaries , 2014, Public Key Cryptography.

[9]  Alfonso Cevallos,et al.  Reducing the Share Size in Robust Secret Sharing , 2011 .

[10]  Alfredo De Santis,et al.  Size of Shares and Probability of Cheating in Threshold Schemes , 1993, EUROCRYPT.

[11]  Harald Räcke Optimal hierarchical decompositions for congestion minimization in networks , 2008, STOC '08.

[12]  Reihaneh Safavi-Naini,et al.  Unconditionally-Secure Robust Secret Sharing with Minimum Share Size , 2013, Financial Cryptography.

[13]  Russell Impagliazzo,et al.  Constructive Proofs of Concentration Bounds , 2010, APPROX-RANDOM.

[14]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[15]  David S. Johnson,et al.  Some Simplified NP-Complete Graph Problems , 1976, Theor. Comput. Sci..

[16]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[17]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[18]  Alfredo De Santis,et al.  Lower Bounds for Robust Secret Sharing Schemes , 1997, Inf. Process. Lett..

[19]  Madhu Sudan Decoding of Reed Solomon Codes beyond the Error-Correction Bound , 1997, J. Complex..

[20]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[21]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899 .

[22]  David S. Johnson,et al.  Stockmeyer: some simplified np-complete graph problems , 1976 .

[23]  Mahdi Cheraghchi Nearly optimal robust secret sharing , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).