Secret Sharing with Binary Shares

Shamir's celebrated secret sharing scheme provides an efficient method for encoding a secret of arbitrary length $\ell$ among any $N \leq 2^\ell$ players such that for a threshold parameter $t$, (i) the knowledge of any $t$ shares does not reveal any information about the secret and, (ii) any choice of $t+1$ shares fully reveals the secret. It is known that any such threshold secret sharing scheme necessarily requires shares of length $\ell$, and in this sense Shamir's scheme is optimal. The more general notion of ramp schemes requires the reconstruction of secret from any $t+g$ shares, for a positive integer gap parameter $g$. Ramp secret sharing scheme necessarily requires shares of length $\ell/g$. Other than the bound related to secret length $\ell$, the share lengths of ramp schemes can not go below a quantity that depends only on the gap ratio $g/N$. In this work, we study secret sharing in the extremal case of bit-long shares and arbitrarily small gap ratio $g/N$, where standard ramp secret sharing becomes impossible. We show, however, that a slightly relaxed but equally effective notion of semantic security for the secret, and negligible reconstruction error probability, eliminate the impossibility. Moreover, we provide explicit constructions of such schemes. One of the consequences of our relaxation is that, unlike standard ramp schemes with perfect secrecy, adaptive and non-adaptive adversaries need different analysis and construction. For non-adaptive adversaries, we explicitly construct secret sharing schemes that provide secrecy against any $\tau$ fraction of observed shares, and reconstruction from any $\rho$ fraction of shares, for any choices of $0 \leq \tau < \rho \leq 1$. Our construction achieves secret length $N(\rho-\tau-o(1))$, which we show to be optimal. For adaptive adversaries, we construct explicit schemes attaining a secret length $\Omega(N(\rho-\tau))$.

[1]  Venkatesan Guruswami,et al.  List decoding from erasures: bounds and code constructions , 2001, IEEE Trans. Inf. Theory.

[2]  Mahdi Cheraghchi,et al.  Invertible extractors and wiretap protocols , 2009, 2009 IEEE International Symposium on Information Theory.

[3]  Lawrence H. Ozarow,et al.  Wire-tap channel II , 1984, AT&T Bell Laboratories Technical Journal.

[4]  Venkatesan Guruswami,et al.  Codes for Computationally Simple Channels: Explicit Constructions with Optimal Rate , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[5]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[6]  Ignacio Cascudo,et al.  Strongly Multiplicative Ramp Schemes from High Degree Rational Points on Curves , 2008, EUROCRYPT.

[7]  Amir Yehudayoff,et al.  Affine extractors over prime fields , 2011, Comb..

[8]  Ronen Shaltiel,et al.  How to Get More Mileage from Randomness Extractors , 2006, 21st Annual IEEE Conference on Computational Complexity (CCC'06).

[9]  Ilan Komargodski,et al.  Threshold Secret Sharing Requires a Linear Size Alphabet , 2016, TCC.

[10]  Ivan Damgård,et al.  Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions , 2015, EUROCRYPT.

[11]  Hao Chen,et al.  Secure Computation from Random Error Correcting Codes , 2007, EUROCRYPT.

[12]  S. Tsujii,et al.  Nonperfect Secret Sharing Schemes , 1992, AUSCRYPT.

[13]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[14]  Ignacio Cascudo,et al.  Asymptotically Good Ideal Linear Secret Sharing with Strong Multiplication over Any Fixed Finite Field , 2009, CRYPTO.

[15]  Yuval Ishai,et al.  Near-Optimal Secret Sharing and Error Correcting Codes in AC0 , 2017, IACR Cryptol. ePrint Arch..

[16]  Reihaneh Safavi-Naini,et al.  Erasure adversarial wiretap channels , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[17]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[18]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[19]  Luca Trevisan,et al.  Extractors and pseudorandom generators , 2001, JACM.

[20]  JM Jeroen Doumen,et al.  Some applications of coding theory in cryptography , 2003 .

[21]  Xin Li,et al.  A New Approach to Affine Extractors and Dispersers , 2011, 2011 IEEE 26th Annual Conference on Computational Complexity.

[22]  Ueli Maurer,et al.  Information-Theoretic Key Agreement: From Weak to Strong Secrecy for Free , 2000, EUROCRYPT.

[23]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[24]  Leonid Reyzin,et al.  Theory of Cryptography , 2017, Lecture Notes in Computer Science.

[25]  Ignacio Cascudo,et al.  Bounds on the Threshold Gap in Secret Sharing and its Applications , 2013, IEEE Transactions on Information Theory.

[26]  Ran Raz,et al.  Extracting all the randomness and reducing the error in Trevisan's extractors , 1999, STOC '99.

[27]  Reihaneh Safavi-Naini,et al.  A Model for Adversarial Wiretap Channel , 2013, ArXiv.

[28]  Reihaneh Safavi-Naini,et al.  Hash-then-Encode: A Modular Semantically Secure Wiretap Code , 2017 .

[29]  Amit Sahai,et al.  On Perfect and Adaptive Security in Exposure-Resilient Cryptography , 2001, EUROCRYPT.

[30]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[31]  A. Robert Calderbank,et al.  Wiretap channel type II with an active eavesdropper , 2009, 2009 IEEE International Symposium on Information Theory.

[32]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[33]  Christopher Williamson,et al.  Bounded Indistinguishability and the Complexity of Recovering Secrets , 2016, CRYPTO.

[34]  Mahdi Cheraghchi,et al.  Nearly optimal robust secret sharing , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).

[35]  Jean Bourgain,et al.  On the Construction of Affine Extractors , 2007 .

[36]  Alexander Vardy,et al.  Semantic Security for the Wiretap Channel , 2012, CRYPTO.

[37]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .

[38]  Ivan Damgård,et al.  On the complexity of verifiable secret sharing and multiparty computation , 2000, STOC '00.

[39]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[40]  Adam D. Smith Scrambling adversarial errors using few random bits, optimal information reconciliation, and better private codes , 2007, SODA '07.

[41]  Venkatesan Guruswami,et al.  Optimal Rate Code Constructions for Computationally Simple Channels , 2016, J. ACM.

[42]  Douglas R. Stinson,et al.  An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..

[43]  Kaoru Kurosawa,et al.  Almost k -Wise Independent Sample Spaces and Their Cryptologic Applications , 2001, Journal of Cryptology.

[44]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[45]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[46]  Christopher Williamson,et al.  Approximate Bounded Indistinguishability , 2017, ICALP.

[47]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.