Secret Sharing and Statistical Zero Knowledge

We show a general connection between various types of statistical zero-knowledge (SZK) proof systems and (unconditionally secure) secret sharing schemes. Viewed through the SZK lens, we obtain several new results on secret-sharing: Characterizations: We obtain an almost-characterization of access structures for which there are secret-sharing schemes with an efficient sharing algorithm (but not necessarily efficient reconstruction). In particular, we show that for every language \(L \in {{\mathbf {SZK}}_{\mathbf {L}}}\) (the class of languages that have statistical zero knowledge proofs with log-space verifiers and simulators), a (monotonized) access structure associated with L has such a secret-sharing scheme. Conversely, we show that such secret-sharing schemes can only exist for languages in \({\mathbf {SZK}}\). Constructions: We show new constructions of secret-sharing schemes with both efficient sharing and efficient reconstruction for access structures associated with languages that are in \({\mathbf {P}}\), but are not known to be in \({\mathbf {NC}}\), namely Bounded-Degree Graph Isomorphism and constant-dimensional lattice problems. In particular, this gives us the first combinatorial access structure that is conjectured to be outside \({\mathbf {NC}}\) but has an efficient secret-sharing scheme. Previous such constructions (Beimel and Ishai; CCC 2001) were algebraic and number-theoretic in nature. Limitations: We also show that universally-efficient secret-sharing schemes, where the complexity of computing the shares is a polynomial independent of the complexity of deciding the access structure, cannot exist for all (monotone languages in) \(\mathbf {P}\), unless there is a polynomial q such that \({\mathbf {P}} \subseteq {\mathbf {DSPACE}}(q(n))\).

[1]  Ingo Wegener,et al.  The complexity of Boolean functions , 1987 .

[2]  Arnold Walfisz Über Gitterpunkte in mehrdimensionalen Kugeln II , 1960 .

[3]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[4]  Eugene M. Luks,et al.  Isomorphism of graphs of bounded valence can be tested in polynomial time , 1980, 21st Annual Symposium on Foundations of Computer Science (sfcs 1980).

[5]  Éva Tardos,et al.  The gap between monotone and non-monotone circuit complexity is exponential , 1988, Comb..

[6]  Allison Bishop,et al.  Indistinguishability Obfuscation for Turing Machines with Unbounded Memory , 2015, IACR Cryptol. ePrint Arch..

[7]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[8]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[9]  ApplebaumBenny,et al.  Cryptography in $NC^0$ , 2006 .

[10]  Oded Goldreich,et al.  On the limits of non-approximability of lattice problems , 1998, STOC '98.

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[13]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.

[14]  Ran Canetti,et al.  Indistinguishability Obfuscation of Iterated Circuits and RAM Programs , 2014, IACR Cryptol. ePrint Arch..

[15]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[16]  Guy N. Rothblum,et al.  On Approximating the Entropy of Polynomial Mappings , 2011, ICS.

[17]  Yuval Ishai,et al.  Partial Garbling Schemes and Their Applications , 2014, ICALP.

[18]  Rafael Pass,et al.  Succinct Garbling Schemes and Applications , 2014, IACR Cryptol. ePrint Arch..

[19]  Nir Bitansky,et al.  Succinct Randomized Encodings and their Applications , 2015, IACR Cryptol. ePrint Arch..

[20]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..

[21]  B. Applebaum Cryptography in NC0 , 2014 .

[22]  C. Peirce An unpublished manuscript) , 2016 .

[23]  Jacobo Torán,et al.  Isomorphism Testing: Perspective and Open Problems , 2005, Bull. EATCS.

[24]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[25]  K. Srinathan,et al.  On the Power of Computational Secret Sharing , 2003, INDOCRYPT.

[26]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[27]  Yuval Ishai,et al.  On the power of nonlinear secret-sharing , 2001, Proceedings 16th Annual IEEE Conference on Computational Complexity.

[28]  Moni Naor,et al.  Secret-Sharing for NP , 2014, Journal of Cryptology.

[29]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[30]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[31]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[32]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[33]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[34]  Alfredo De Santis,et al.  Tight Bounds on the Information Rate of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[35]  Carsten Lund,et al.  Interactive Proof Systems and Alternating Time-Space Complexity , 1991, STACS.

[36]  H. James Hoover,et al.  Limits to Parallel Computation: P-Completeness Theory , 1995 .