From Statistical Zero Knowledge to Secret Sharing

We show a general connection between various types of statistical zero-knowledge (SZK) proof systems and (unconditionally secure) secret sharing schemes. Viewed through the SZK lens, we obtain several new results on secret-sharing: Characterizations: We obtain an almost-characterization of access structures for which there are secret-sharing schemes with an ecient sharing algorithm (but not necessarily ecient reconstruction). In particular, we show that for every language L2 SZKL (the class of languages that have statistical zero knowledge proofs with log-space veriers and simulators), a (monotonized) access structure associated with L has such a secretsharing scheme. Conversely, we show that such secret-sharing schemes can only exist for languages in SZK. Constructions: We show new constructions of secret-sharing schemes with ecient sharing and reconstruction for access structures that are in P, but are not known to be in NC, namely Bounded-Degree Graph Isomorphism and constant-dimensional lattice problems. In particular, this gives us the rst combinatorial access structure that is conjectured to be outside NC but has an ecient secret-sharing scheme. Previous such constructions (Beimel and Ishai; CCC 2001) were algebraic and number-theoretic in nature. Limitations: We show that universally-ecie nt secret-sharing schemes, where the complexity of computing the shares is a polynomial independent of the complexity of deciding the access structure, cannot exist for all (monotone languages in) P, unless there is a polynomial q such that P DSPACE(q(n)).

[1]  Carsten Lund,et al.  Interactive Proof Systems and Alternating Time-Space Complexity , 1991, STACS.

[2]  Ingo Wegener,et al.  The complexity of Boolean functions , 1987 .

[3]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[4]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[5]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[6]  ApplebaumBenny,et al.  Cryptography in $NC^0$ , 2006 .

[7]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[8]  Ran Canetti,et al.  Indistinguishability Obfuscation of Iterated Circuits and RAM Programs , 2014, IACR Cryptol. ePrint Arch..

[9]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[10]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[11]  Allison Bishop,et al.  Indistinguishability Obfuscation for Turing Machines with Unbounded Memory , 2015, IACR Cryptol. ePrint Arch..

[12]  Oded Goldreich,et al.  On the limits of non-approximability of lattice problems , 1998, STOC '98.

[13]  K. Srinathan,et al.  On the Power of Computational Secret Sharing , 2003, INDOCRYPT.

[14]  Éva Tardos,et al.  The gap between monotone and non-monotone circuit complexity is exponential , 1988, Comb..

[15]  Alfredo De Santis,et al.  Tight Bounds on the Information Rate of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[16]  H. James Hoover,et al.  Limits to Parallel Computation: P-Completeness Theory , 1995 .

[17]  Yuval Ishai,et al.  On the power of nonlinear secret-sharing , 2001, Proceedings 16th Annual IEEE Conference on Computational Complexity.

[18]  Nir Bitansky,et al.  Succinct Randomized Encodings and their Applications , 2015, IACR Cryptol. ePrint Arch..

[19]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[20]  Eugene M. Luks,et al.  Isomorphism of graphs of bounded valence can be tested in polynomial time , 1980, 21st Annual Symposium on Foundations of Computer Science (sfcs 1980).

[21]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[22]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[23]  Jacobo Torán,et al.  Isomorphism Testing: Perspective and Open Problems , 2005, Bull. EATCS.

[24]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2012, JACM.

[25]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[26]  Moni Naor,et al.  Secret-Sharing for NP , 2014, Journal of Cryptology.

[27]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[28]  Yuval Ishai,et al.  Partial Garbling Schemes and Their Applications , 2014, ICALP.

[29]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[30]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.

[31]  Arnold Walfisz Über Gitterpunkte in mehrdimensionalen Kugeln II , 1960 .

[32]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[33]  Rafael Pass,et al.  Succinct Garbling Schemes and Applications , 2014, IACR Cryptol. ePrint Arch..

[34]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..