Secret-Sharing Schemes: A Survey

A secret-sharing scheme is a method by which a dealer distributes shares to parties such that only authorized subsets of parties can reconstruct the secret. Secret-sharing schemes are an important tool in cryptography and they are used as a building box in many secure protocols, e.g., general protocol for multiparty computation, Byzantine agreement, threshold cryptography, access control, attribute-based encryption, and generalized oblivious transfer. In this survey, we describe the most important constructions of secret-sharing schemes; in particular, we explain the connections between secret-sharing schemes and monotone formulae and monotone span programs. We then discuss the main problem with known secret-sharing schemes - the large share size, which is exponential in the number of parties. We conjecture that this is unavoidable. We present the known lower bounds on the share size. These lower bounds are fairly weak and there is a big gap between the lower and upper bounds. For linear secret-sharing schemes, which is a class of schemes based on linear algebra that contains most known schemes, super-polynomial lower bounds on the share size are known. We describe the proofs of these lower bounds. We also present two results connecting secret-sharing schemes for a Hamiltonian access structure to the NP vs. coNP problem and to a major open problem in cryptography - constructing oblivious-transfer protocols from one-way functions.

[1]  Mihir Bellare,et al.  Robust computational secret sharing and a unified account of classical secret-sharing goals , 2007, CCS '07.

[2]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[3]  A. Razborov Communication Complexity , 2011 .

[4]  Pavel Pudlák Monotone complexity and the rank of matrices , 2002, Electron. Colloquium Comput. Complex..

[5]  Alfredo De Santis,et al.  On the size of shares for secret sharing schemes , 1991, Journal of Cryptology.

[6]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[7]  Enav Weinreb,et al.  Separating the power of monotone span programs over different fields , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[8]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[9]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[10]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[11]  Anna Gál,et al.  Lower bounds for monotone span programs , 2005, computational complexity.

[12]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[13]  Amos Beimel,et al.  Secret Sharing and Non-Shannon Information Inequalities , 2011, IEEE Transactions on Information Theory.

[14]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[15]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[16]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[17]  Amos Beimel,et al.  Universally ideal secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[18]  Alfredo De Santis,et al.  On the Information Rate of Secret Sharing Schemes , 1996, Theor. Comput. Sci..

[19]  Avi Wigderson,et al.  Superpolynomial Lower Bounds for Monotone Span Programs , 1996, Comb..

[20]  Pavel Pudlák,et al.  A note on monotone complexity and the rank of matrices , 2003, Inf. Process. Lett..

[21]  Robert B. Ash,et al.  Information Theory , 2020, The SAGE International Encyclopedia of Mass Media and Society.

[22]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[23]  Frantisek Matús,et al.  Infinitely Many Information Inequalities , 2007, 2007 IEEE International Symposium on Information Theory.

[24]  Carles Padró,et al.  Matroids Can Be Far from Ideal Secret Sharing , 2008, TCC.

[25]  Raymond W. Yeung,et al.  Information Theory and Network Coding , 2008 .

[26]  Ernest F. Brickell,et al.  On the classification of ideal secret sharing schemes , 1989, Journal of Cryptology.

[27]  K. Srinathan,et al.  Alternative Protocols for Generalized Oblivious Transfer , 2008, ICDCN.

[28]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[29]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[30]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[31]  Yuval Ishai,et al.  On the Power of Nonlinear Secret-Sharing , 2001, IACR Cryptol. ePrint Arch..

[32]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[33]  Anat Paskin-Cherniavsky,et al.  On Linear Secret Sharing for Connectivity in Directed Graphs , 2008, SCN.

[34]  Tamir Tassa,et al.  Hierarchical Threshold Secret Sharing , 2004, Journal of Cryptology.

[35]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[36]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[37]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[38]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[39]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[40]  Russell Impagliazzo,et al.  A personal view of average-case complexity , 1995, Proceedings of Structure in Complexity Theory. Tenth Annual IEEE Conference.

[41]  K. Srinathan,et al.  On the Power of Computational Secret Sharing , 2003, INDOCRYPT.

[42]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[43]  Ingemar Ingemarsson,et al.  A Construction of Practical Secret Sharing Schemes using Linear Block Codes , 1992, AUSCRYPT.

[44]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[45]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[46]  Marten van Dijk On the information rate of perfect secret sharing schemes , 1995, Des. Codes Cryptogr..

[47]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[48]  Nira Dyn,et al.  Multipartite Secret Sharing by Bivariate Interpolation , 2006, ICALP.

[49]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[50]  Jessica Ruth Metcalf-Burton Improved upper bounds for the information rates of the secret sharing schemes induced by the Vámos matroid , 2011, Discret. Math..

[51]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[52]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[53]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[54]  Anna Gál A characterization of span program size and improved lower bounds for monotone span programs , 1998, STOC '98.

[55]  Tamir Tassa,et al.  Generalized oblivious transfer by secret sharing , 2011, Des. Codes Cryptogr..

[56]  Marten van Dijk,et al.  Improved constructions of secret sharing schemes by applying (lambda, omega)-decompositions , 2006, Inf. Process. Lett..

[57]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[58]  Douglas R. Stinson,et al.  Decomposition constructions for secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[59]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[60]  Zhen Zhang,et al.  On Characterization of Entropy Function via Information Inequalities , 1998, IEEE Trans. Inf. Theory.

[61]  Thomas Johansson Progress in Cryptology - INDOCRYPT 2003 , 2003, Lecture Notes in Computer Science.

[62]  Enav Weinreb,et al.  Monotone circuits for weighted threshold functions , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[63]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[64]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[65]  Marten van Dijk A Linear Construction of Perfect Secret Sharing Schemes , 1994, EUROCRYPT.

[66]  Marcos K. Aguilera,et al.  Distributed Computing and Networking , 2011, Lecture Notes in Computer Science.

[67]  Moni Naor,et al.  Access Control and Signatures via Quorum Secret Sharing , 1998, IEEE Trans. Parallel Distributed Syst..

[68]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[69]  N. S. Barnett,et al.  Private communication , 1969 .

[70]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[71]  G. R. Blakley,et al.  Secret Sharing Schemes , 2011, Encyclopedia of Cryptography and Security.

[72]  Carles Padró,et al.  On secret sharing schemes, matroids and polymatroids , 2006, J. Math. Cryptol..

[73]  Alfredo De Santis,et al.  Tight Bounds on the Information Rate of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[74]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[75]  Gustavus J. Simmons,et al.  How to (Really) Share a Secret , 1988, CRYPTO.

[76]  Noga Alon,et al.  Simple Construction of Almost k-wise Independent Random Variables , 1992, Random Struct. Algorithms.

[77]  Eyal Kushilevitz,et al.  Secret sharing over infinite domains , 1993, Journal of Cryptology.

[78]  Enav Weinreb,et al.  Monotone circuits for monotone weighted threshold functions , 2006, Inf. Process. Lett..

[79]  Alexei E. Ashikhmin,et al.  Almost Affine Codes , 1998, Des. Codes Cryptogr..

[80]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[81]  Hung-Min Sun,et al.  Decomposition Construction for Secret Sharing Schemes with Graph Access Structures in Polynomial Time , 2010, SIAM J. Discret. Math..

[82]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.