Secret Sharing Schemes for Dense Forbidden Graphs

A secret-sharing scheme realizes a given graph if every two vertices connected by an edge can reconstruct the secret and every independent set in the graph does not get any information about the secret. A secret-sharing scheme realizes a forbidden graph if every two vertices connected by an edge can reconstruct the secret and every two vertices which are not connected by an edge do not get any information about the secret. Similar to secret-sharing schemes for general access structures, there are gaps between the known lower bounds and upper bounds on the total share size for graphs and for forbidden graphs. Following [Beimel et al. CRYPTO 2012], our goal in this paper is to understand how the total share size increases by removing few edges from a graph that can be realized by an efficient secret-sharing scheme. We show that if a graph with n vertices contains at least $$\left {\begin{array}{c}n\\ 2\end{array}}\right -n^{1+\beta }$$ edges for some $$0 \le \beta < \frac{1}{2}$$, i.e., it is obtained by removing few edges from the complete graph, then there is a scheme realizing its forbidden graph in which the total share size is $$On^{7/6+2\beta /3}$$. This should be compared to $$On^{3/2}$$, the best known upper bound for the total share size in general forbidden graphs. Additionally, we show that a forbidden graph access structure obtained by removing few edges from an arbitrary graph G can be realized by a secret-sharing scheme with total share size of $$Om + n^{7/6+2\beta /3}$$, where m is the total size of the shares in a secret-sharing scheme realizing G and $$n^{1+\beta }$$ is the number of the removed edges. We also show that for a graph obtained by removing few edges from an arbitrary graph G with n vertices, if the chromatic number of the graph that contains the removed edges is small, then there is a fairly efficient scheme realizing the resulting graph; specifically, we construct a secret-sharing scheme with total share size of $$\tilde{O}m^{2/3} n^{2/3+2\beta /3} c^{1/3}$$, where m is the total size of the shares in a secret-sharing scheme realizing G, the value $$n^{1+\beta }$$ is an upper bound on the number of the removed edges, and c is the chromatic number of the graph of the removed edges. This should be compared to $$On^2/\log n$$, the best known upper bound for the total share size for general graphs.

[1]  Carles Padró,et al.  On secret sharing schemes, matroids and polymatroids , 2006, J. Math. Cryptol..

[2]  Hung-Min Sun,et al.  Secret sharing in graph-based prohibited structures , 1997, Proceedings of INFOCOM '97.

[3]  Amos Beimel,et al.  Universally ideal secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[4]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.

[5]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[6]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[7]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[8]  Moni Naor,et al.  Access Control and Signatures via Quorum Secret Sharing , 1998, IEEE Trans. Parallel Distributed Syst..

[9]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[10]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[11]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[12]  Yuval Ishai,et al.  On the Cryptographic Complexity of the Worst Functions , 2014, TCC.

[13]  Pavel Pudlák,et al.  A note on monotone complexity and the rank of matrices , 2003, Inf. Process. Lett..

[14]  Anna Gál,et al.  Lower bounds for monotone span programs , 2005, computational complexity.

[15]  Paul Erdös,et al.  Covering a graph by complete bipartite graphs , 1997, Discret. Math..

[16]  Marten van Dijk On the information rate of perfect secret sharing schemes , 1995, Des. Codes Cryptogr..

[17]  K. Srinathan,et al.  Alternative Protocols for Generalized Oblivious Transfer , 2008, ICDCN.

[18]  Tamir Tassa,et al.  Generalized oblivious transfer by secret sharing , 2011, Des. Codes Cryptogr..

[19]  Alfredo De Santis,et al.  Tight Bounds on the Information Rate of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[20]  Pavel Pudlák Monotone complexity and the rank of matrices , 2002, Electron. Colloquium Comput. Complex..

[21]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[22]  Toniann Pitassi,et al.  Exponential Lower Bounds for Monotone Span Programs , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[23]  Eyal Kushilevitz,et al.  Secret sharing over infinite domains , 1993, Journal of Cryptology.

[24]  Noga Alon,et al.  Covering graphs by the minimum number of equivalence relations , 1986, Comb..

[25]  Carles Padró,et al.  Lower bounds on the information rate of secret sharing schemes with homogeneous access structure , 2002, Inf. Process. Lett..

[26]  Stasys Jukna On set intersection representations of graphs , 2009 .

[27]  Alfredo De Santis,et al.  On the size of shares for secret sharing schemes , 1991, Journal of Cryptology.

[28]  László Csirmaz Secret sharing schemes on graphs , 2005, IACR Cryptol. ePrint Arch..

[29]  Hoeteck Wee,et al.  Communication Complexity of Conditional Disclosure of Secrets and Attribute-Based Encryption , 2015, CRYPTO.

[30]  Ernest F. Brickell,et al.  On the classification of ideal secret sharing schemes , 1989, Journal of Cryptology.

[31]  Amos Beimel,et al.  Secret-Sharing Schemes for Very Dense Graphs , 2014, Journal of Cryptology.

[32]  Avi Wigderson,et al.  Superpolynomial Lower Bounds for Monotone Span Programs , 1996, Comb..

[33]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[34]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[35]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[36]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[37]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[38]  Siegfried Bublitz,et al.  Decomposition of graphs and monotone formula size of homogeneous functions , 1986, Acta Informatica.

[39]  Anna Gál A characterization of span program size and improved lower bounds for monotone span programs , 1998, STOC '98.

[40]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[41]  Carles Padró,et al.  Secret Sharing Schemes on Sparse Homogeneous Access Structures with Rank Three , 2004, Electron. J. Comb..

[42]  Alfredo De Santis,et al.  Graph decompositions and secret sharing schemes , 2004, Journal of Cryptology.

[43]  Douglas R. Stinson,et al.  Decomposition constructions for secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[44]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[45]  Ingemar Ingemarsson,et al.  A Construction of Practical Secret Sharing Schemes using Linear Block Codes , 1992, AUSCRYPT.

[46]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.