Nearly optimal robust secret sharing

We prove that a known approach to improve Shamir's celebrated secret sharing scheme; i.e., adding an information-theoretic authentication tag to the secret, can make it robust for n parties against any collusion of size δn, for any constant δ ∈ (0; 1/2). This result holds in the so-called “nonrushing” model in which the n shares are submitted simultaneously for reconstruction. We thus finally obtain a simple, fully explicit, and robust secret sharing scheme in this model that is essentially optimal in all parameters including the share size which is k(1+o(1))+O(κ), where k is the secret length and κ is the security parameter. Like Shamir's scheme, in this modified scheme any set of more than δn honest parties can efficiently recover the secret. Using algebraic geometry codes instead of Reed-Solomon codes, the share length can be decreased to a constant (only depending on δ) while the number of shares n can grow independently. In this case, when n is large enough, the scheme satisfies the “threshold” requirement in an approximate sense; i.e., any set of δn(1 + ρ) honest parties, for arbitrarily small ρ > 0, can efficiently reconstruct the secret.

[1]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[2]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[3]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[4]  Rafail Ostrovsky,et al.  Unconditionally-Secure Robust Secret Sharing with Compact Shares , 2012, EUROCRYPT.

[5]  Ivan Damgård,et al.  Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions , 2015, EUROCRYPT.

[6]  Sik K. Leung-Yan-Cheong On a special class of wiretap channels (Corresp.) , 1977, IEEE Trans. Inf. Theory.

[7]  C. Padró,et al.  Secret Sharing Schemes with Detection of Cheaters for a General Access Structure , 2002 .

[8]  Alexander Vardy,et al.  Semantic Security for the Wiretap Channel , 2012, CRYPTO.

[9]  Venkatesan Guruswami,et al.  Explicit Codes Achieving List Decoding Capacity: Error-Correction With Optimal Redundancy , 2008, IEEE Transactions on Information Theory.

[10]  Rafail Ostrovsky,et al.  Identifying Cheaters without an Honest Majority , 2012, TCC.

[11]  Ron M. Roth Introduction to coding theory , 1992 .

[12]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[13]  Allison Bishop,et al.  Robust Secret Sharing Schemes Against Local Adversaries , 2014, Public Key Cryptography.

[14]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[15]  Henning Stichtenoth Algebraic function fields and codes , 1993, Universitext.

[16]  Venkatesan Guruswami,et al.  Codes for Computationally Simple Channels: Explicit Constructions with Optimal Rate , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[17]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[18]  Allison Bishop,et al.  Essentially Optimal Robust Secret Sharing with Maximal Corruptions , 2016, EUROCRYPT.

[19]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[20]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[21]  Reihaneh Safavi-Naini,et al.  Unconditionally-Secure Robust Secret Sharing with Minimum Share Size , 2013, Financial Cryptography.

[22]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .

[23]  Venkatesan Guruswami,et al.  Optimal rate list decoding of folded algebraic-geometric codes over constant-sized alphabets , 2014, SODA.

[24]  Reihaneh Safavi-Naini,et al.  A Model for Adversarial Wiretap Channels and its Applications , 2015, J. Inf. Process..

[25]  Douglas R. Stinson An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..