Characterizing Ideal Weighted Threshold Secret Sharing

Weighted threshold secret sharing was introduced by Shamir in his seminal work on secret sharing. In such settings, there is a set of users where each user is assigned a positive weight. A dealer wishes to distribute a secret among those users so that a subset of users may reconstruct the secret if and only if the sum of weights of its users exceeds a certain threshold. On one hand, there are nontrivial weighted threshold access structures that have an ideal scheme—a scheme in which the size of the domain of shares of each user is the same as the size of the domain of possible secrets (this is the smallest possible size for the domain of shares). On the other hand, other weighted threshold access structures are not ideal. In this work we characterize all weighted threshold access structures that are ideal. We show that a weighted threshold access structure is ideal if and only if it is a hierarchical threshold access structure (as introduced by Simmons), or a tripartite access structure (these structures generalize the concept of bipartite access structures due to Padro and Saez), or a composition of two ideal weighted threshold access structures that are defined on smaller sets of users. We further show that in all those cases the weighted threshold access structure may be realized by a linear ideal secret sharing scheme. The proof of our characterization relies heavily on the strong connection between ideal secret sharing schemes and matroids, as proved by Brickell and Davenport.

[1]  Weighted Threshold Secret Sharing Schemes , 1999, Inf. Process. Lett..

[2]  Carles Padró,et al.  Secret sharing schemes on access structures with intersection number equal to one , 2006, Discret. Appl. Math..

[3]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[4]  Douglas R. Stinson,et al.  An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..

[5]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[6]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[7]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[8]  James G. Oxley,et al.  Matroid theory , 1992 .

[9]  Douglas R. Stinson,et al.  New General Lower Bounds on the Information Rate of Secret Sharing Schemes , 1992, CRYPTO.

[10]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Gustavus J. Simmons,et al.  How to (Really) Share a Secret , 1988, CRYPTO.

[13]  Ken Martin Discrete Structures in the Theory of Secret Sharing , 1991 .

[14]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[15]  Amos Beimel,et al.  Universally ideal secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[16]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.

[17]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[18]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[19]  Tamir Tassa,et al.  Characterizing Ideal Weighted Threshold Secret Sharing , 2005, TCC.

[20]  Gustavus J. Simmons,et al.  Contemporary Cryptology: The Science of Information Integrity , 1994 .

[21]  Germán Sáez,et al.  New Results on Multipartite Access Structures , 2006, IACR Cryptol. ePrint Arch..

[22]  Nira Dyn,et al.  Multipartite Secret Sharing by Bivariate Interpolation , 2006, ICALP.

[23]  Ernest F. Brickell,et al.  Some improved bounds on the information rate of perfect secret sharing schemes , 2006, Journal of Cryptology.

[24]  Enav Weinreb,et al.  Monotone circuits for monotone weighted threshold functions , 2006, Inf. Process. Lett..

[25]  Alexei E. Ashikhmin,et al.  Almost Affine Codes , 1998, Des. Codes Cryptogr..

[26]  Carles Padró,et al.  Secret Sharing Schemes on Access Structures with Intersection Number Equal to One , 2002, SCN.

[27]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[28]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[29]  Tamir Tassa Hierarchical Threshold Secret Sharing , 2004, TCC.

[30]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[31]  Michael J. Collins A Note on Ideal Tripartite Access Structures , 2002, IACR Cryptol. ePrint Arch..

[32]  Alfredo De Santis,et al.  On the Size of Shares for Secret Sharing Schemes , 1991, CRYPTO.

[33]  Carles Padró,et al.  Secret Sharing Schemes with Bipartite Access Structure , 1998, EUROCRYPT.

[34]  Enav Weinreb,et al.  Monotone circuits for weighted threshold functions , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[35]  Kevin Barraclough,et al.  I and i , 2001, BMJ : British Medical Journal.

[36]  Ernest F. Brickell,et al.  On the classification of ideal secret sharing schemes , 1989, Journal of Cryptology.

[37]  Keith M. Martin,et al.  Ideal secret sharing schemes with multiple secrets , 1996, Journal of Cryptology.

[38]  Paul D. Seymour On secret-sharing matroids , 1992, J. Comb. Theory, Ser. B.

[39]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.