How to Share a Secret, Infinitely

Secret sharing schemes allow a dealer to distribute a secret piece of information among several parties such that only qualified subsets of parties can reconstruct the secret. The collection of qualified subsets is called an <italic>access structure</italic>. The best known example is the <inline-formula> <tex-math notation="LaTeX">$k$ </tex-math></inline-formula>-threshold access structure, where the qualified subsets are those of size at least <inline-formula> <tex-math notation="LaTeX">$k$ </tex-math></inline-formula>. When <inline-formula> <tex-math notation="LaTeX">$k=2$ </tex-math></inline-formula> and there are <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula> parties, there are schemes for sharing an <inline-formula> <tex-math notation="LaTeX">$\ell $ </tex-math></inline-formula>-bit secret in which the share size of each party is roughly <inline-formula> <tex-math notation="LaTeX">$\max \{\ell ,\log n\}$ </tex-math></inline-formula> bits, and this is tight even for secrets of 1 b. In these schemes, the number of parties <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula> must be given in advance to the dealer. In this paper, we consider the case where the set of parties is not known in advance and could potentially be infinite. Our goal is to give the <inline-formula> <tex-math notation="LaTeX">${t} {^{\mathrm{ th}}}$ </tex-math></inline-formula> party arriving the smallest possible share as a function of <inline-formula> <tex-math notation="LaTeX">$t$ </tex-math></inline-formula>. Our main result is such a scheme for the <inline-formula> <tex-math notation="LaTeX">$k$ </tex-math></inline-formula>-threshold access structure and 1-bit secrets where the share size of party <inline-formula> <tex-math notation="LaTeX">$t$ </tex-math></inline-formula> is <inline-formula> <tex-math notation="LaTeX">$(k-1)\cdot \log t + \mathsf {poly}(k)\cdot o(\log t)$ </tex-math></inline-formula>. For <inline-formula> <tex-math notation="LaTeX">$k=2$ </tex-math></inline-formula> we observe an <italic>equivalence</italic> to prefix codes and present matching upper and lower bounds of the form <inline-formula> <tex-math notation="LaTeX">$\log t + \log \log t + \log \log \log t + O(1)$ </tex-math></inline-formula>. Finally, we show that for any access structure there exists such a secret sharing scheme with shares of size <inline-formula> <tex-math notation="LaTeX">$2^{t-1}$ </tex-math></inline-formula>.

[1]  Moni Naor,et al.  How to Share a Secret, Infinitely , 2018, IEEE Trans. Inf. Theory.

[2]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[3]  Moni Naor,et al.  Games for exchanging information , 2008, STOC.

[4]  Rasmus Pagh,et al.  How to Approximate a Set without Knowing Its Size in Advance , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[5]  Ignacio Cascudo,et al.  Bounds on the Threshold Gap in Secret Sharing and its Applications , 2013, IEEE Transactions on Information Theory.

[6]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[7]  Andrew Chi-Chih Yao,et al.  An Almost Optimal Algorithm for Unbounded Searching , 1976, Inf. Process. Lett..

[8]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[9]  Yuval Ishai,et al.  On the power of nonlinear secret-sharing , 2001, Proceedings 16th Annual IEEE Conference on Computational Complexity.

[10]  Ilan Komargodski,et al.  Be Adaptive, Avoid Overcommitting , 2017, CRYPTO.

[11]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[12]  Joel Friedman Constructing O(n log n) Size Monotone Formulae for the k-th Threshold Function of n Boolean Variables , 1986, SIAM J. Comput..

[13]  Gábor Tardos,et al.  On-line secret sharing , 2011, Designs, Codes and Cryptography.

[14]  Tal Malkin,et al.  Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods , 2002, EUROCRYPT.

[15]  Michael Rodeh,et al.  Economical encoding of commas between strings , 1978, CACM.

[16]  Moni Naor,et al.  Implicit Representation of Graphs , 1992, SIAM J. Discret. Math..

[17]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[18]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[19]  K. Srinathan,et al.  On the Power of Computational Secret Sharing , 2003, INDOCRYPT.

[20]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[21]  Peter Elias,et al.  Universal codeword sets and representations of the integers , 1975, IEEE Trans. Inf. Theory.

[22]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[23]  Moni Naor,et al.  Implicit representation of graphs , 1992, STOC '88.

[24]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[25]  Ilan Komargodski,et al.  Threshold Secret Sharing Requires a Linear Size Alphabet , 2016, TCC.

[26]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.

[27]  Ravi B. Boppana,et al.  Threshold Functions and Bounded Depth Monotone Circuits , 1986, J. Comput. Syst. Sci..

[28]  Moni Naor,et al.  Secret-Sharing for NP , 2014, Journal of Cryptology.

[29]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[30]  Anat Paskin-Cherniavsky,et al.  Evolving Secret Sharing: Dynamic Thresholds and Robustness , 2017, TCC.

[31]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[32]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[33]  Mikkel Thorup,et al.  Changing base without losing space , 2010, STOC '10.