Staircase codes for secret sharing with optimal communication and read overheads

We study the communication efficient secret sharing (CESS) problem. A classical threshold secret sharing scheme encodes a secret into <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula> shares given to <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula> parties, such that any set of at least <inline-formula> <tex-math notation="LaTeX">$t$ </tex-math></inline-formula>, <inline-formula> <tex-math notation="LaTeX">$t<n$ </tex-math></inline-formula>, parties can reconstruct the secret, and any set of at most <inline-formula> <tex-math notation="LaTeX">$z$ </tex-math></inline-formula>, <inline-formula> <tex-math notation="LaTeX">$z<t<n$ </tex-math></inline-formula>, colluding parties cannot obtain any information about the secret. A CESS scheme satisfies the previous properties of threshold secret sharing. Moreover, it allows to reconstruct the secret from any set of <inline-formula> <tex-math notation="LaTeX">$d\geq t$ </tex-math></inline-formula>, parties by reading and communicating the minimum amount of information. In this paper, we introduce three explicit constructions of CESS codes called <italic>Staircase codes</italic>. The first construction achieves optimal communication and read costs for a given <inline-formula> <tex-math notation="LaTeX">$d$ </tex-math></inline-formula>. The second construction achieves optimal costs universally for all possible values of <inline-formula> <tex-math notation="LaTeX">$d$ </tex-math></inline-formula> between <inline-formula> <tex-math notation="LaTeX">$t$ </tex-math></inline-formula> and <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula>. The third construction, which is the most general, achieves optimal costs universally for all values of <inline-formula> <tex-math notation="LaTeX">$d$ </tex-math></inline-formula> in any given set <inline-formula> <tex-math notation="LaTeX">$\Delta \subseteq \{t, {\dots },n\}$ </tex-math></inline-formula>. The introduced Staircase codes can store a secret of maximal size, i.e., equal to <inline-formula> <tex-math notation="LaTeX">$t-z$ </tex-math></inline-formula> shares, and they are all designed over a small finite field <inline-formula> <tex-math notation="LaTeX">$GF(q)$ </tex-math></inline-formula>, for any prime power <inline-formula> <tex-math notation="LaTeX">$q> n$ </tex-math></inline-formula>. However, Staircase codes may require dividing the secret and the shares into many symbols. We also describe how Staircase codes can be used to construct threshold changeable secret sharing with minimum storage cost, i.e., minimum share size.

[1]  Yeow Meng Chee,et al.  Threshold changeable secret sharing schemes revisited , 2012, Theor. Comput. Sci..

[2]  Duncan S. Wong,et al.  On Secret Reconstruction in Secret Sharing Schemes , 2008, IEEE Transactions on Information Theory.

[3]  Min-Shiang Hwang,et al.  A (t, n) multi-secret sharing scheme , 2004, Appl. Math. Comput..

[4]  Carles Padró,et al.  Lecture Notes in Secret Sharing , 2012, IACR Cryptol. ePrint Arch..

[5]  Josef Pieprzyk,et al.  Changing Thresholds in the Absence of Secure Channels , 1999, Aust. Comput. J..

[6]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[7]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[8]  Hong Zhong,et al.  A Secret Sharing Scheme with the Changeable Threshold Value , 2009, 2009 International Symposium on Information Engineering and Electronic Commerce.

[9]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[10]  Emina Soljanin,et al.  Secure Network Coding for Wiretap Networks of Type II , 2009, IEEE Transactions on Information Theory.

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .

[13]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[14]  Nihar B. Shah,et al.  Information-Theoretically Secure Regenerating Codes for Distributed Storage , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[15]  Nihar B. Shah,et al.  Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction , 2010, IEEE Transactions on Information Theory.

[16]  Hung-Yu Chien,et al.  A Practical ( t , n ) Multi-Secret Sharing Scheme , 2000 .

[17]  Kannan Ramchandran,et al.  Distributed Secret Dissemination Across a Network , 2012, IEEE Journal of Selected Topics in Signal Processing.

[18]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[19]  Sriram Vishwanath,et al.  Centralized Repair of Multiple Node Failures With Applications to Communication Efficient Secret Sharing , 2016, IEEE Transactions on Information Theory.

[20]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[21]  Feng Wang,et al.  Dynamic threshold changeable multi-policy secret sharing scheme , 2015, Secur. Commun. Networks.

[22]  Cunsheng Ding,et al.  Several Generalizations Of Shamir's Secret Sharing Scheme , 2004, Int. J. Found. Comput. Sci..

[23]  Douglas R. Stinson,et al.  On dealer-free dynamic threshold schemes , 2013, Adv. Math. Commun..

[24]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[25]  Wentao Huang,et al.  Communication Efficient Secret Sharing , 2015, IEEE Transactions on Information Theory.