Secret Sharing Made Short

A well-known fact in the theory of secret sharing schemes is that shares must be of length at least as the secret itself. However, the proof of this lower bound uses the notion of information theoretic secrecy. A natural (and very practical) question is whether one can do better for secret sharing if the notion of secrecy is computational, namely, against resource bounded adversaries. In this note we observe that, indeed, one can do much better in the computational model (which is the one used in most applications).We present an m-threshold scheme, where m shares recover the secret but m - 1 shares give no (computational) information on the secret, in which shares corresponding to a secret S are of size |S|/m plus a short piece of information whose length does not depend on the secret size but just in the security parameter. (The bound of |S|/m is clearly optimal if the secret is to be recovered from m shares). Therefore, for moderately large secrets (a confidential file, a long message, a large data base) the savings in space and communication over traditional schemes is remarkable.The scheme is very simple and combines in a natural way traditional (perfect) secret sharing schemes, encryption, and information dispersal. It is provable secure given a secure (e.g., private key) encryption function.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[3]  Peter Alan Lee,et al.  Fault Tolerance , 1990, Dependable Computing and Fault-Tolerant Systems.

[4]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[5]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[6]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[7]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[8]  Kenneth J. Perry Randomized Byzantine Agreement , 1985, IEEE Transactions on Software Engineering.

[9]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[10]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[11]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[12]  F. Preparata Holographic dispersal and recovery of information , 1989, IEEE Trans. Inf. Theory.

[13]  Moti Yung,et al.  Perfectly secure message transmission , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[14]  Moni Naor,et al.  Optimal file sharing in distributed networks , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[15]  Ernest F. Brickell,et al.  The Detection of Cheaters in Threshold Schemes , 1990, SIAM J. Discret. Math..

[16]  Silvio Micali,et al.  Fair Public-Key Cryptosystems , 1992, CRYPTO.

[17]  Hugo Krawczyk Distributed fingerprints and secure information dispersal , 1993, PODC '93.