New Protocols for Conditional Disclosure of Secrets (and More)

We present new protocols for conditional disclosure of secrets (CDS), where two parties want to disclose a secret to a third party if and only if their respective inputs satisfy some predicate. • For general predicates P : [N ]×[N ] → {0,1}, we present two protocols that achieve o(N 1/2) communication: the first achieves O(N 1/3) communication and the second achieves sub-polynomial 2O( p log N loglog N ) = N o(1) communication. • As a corollary, we obtain improved share complexity for forbidden graph access structures. Namely, for every graph on N vertices, there is a secret-sharing scheme for N parties in which each pair of parties can reconstruct the secret if and only if the corresponding vertices in G are connected, and where each party gets a share of size 2O( p log N loglog N ) = N o(1). Prior to this work, the best protocols for both primitives required communication complexity Õ(N 1/2). Indeed, this is essentially the best that all prior techniques could hope to achieve as they were limited to so-called “linear reconstruction”. This is the first work to break this O(N 1/2) “linear reconstruction” barrier in settings related to secret sharing. To obtain these results, we draw upon techniques for non-linear reconstruction developed in the context of information-theoretic private information retrieval. We further extend our results to the setting of private simultaneous messages (PSM), and provide applications such as an improved attribute-based encryption (ABE) for quadratic polynomials. ∗E-mail: liutr@mit.edu. Research supported in part by NSF Grants CNS-1350619 and CNS-1414119. †E-mail: vinodv@csail.mit.edu. Research supported in part by NSF Grants CNS-1350619 and CNS-1414119, Alfred P. Sloan Research Fellowship, Microsoft Faculty Fellowship, the NEC Corporation, a Steven and Renee Finn Career Development Chair from MIT. This work was also sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Office under contracts W911NF-15-C-0226 and W911NF-15-C-0236. ‡E-mail: wee@di.ens.fr. Research supported in part by ERC Project aSCEND (H2020 639554) and NSF Award CNS1445424. ISSN 1433-8092 Electronic Colloquium on Computational Complexity, Revision 1 of Report No. 76 (2017)

[1]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[4]  Yuval Ishai,et al.  Share Conversion and Private Information Retrieval , 2012, 2012 IEEE 27th Conference on Computational Complexity.

[5]  Tatsuaki Okamoto,et al.  Adaptively Attribute-Hiding (Hierarchical) Inner Product Encryption , 2012, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Yuval Ishai,et al.  On the Cryptographic Complexity of the Worst Functions , 2014, TCC.

[7]  Noam Nisan,et al.  On Randomized One-round Communication Complexity , 1999, computational complexity.

[8]  Prashant Nalini Vasudevan,et al.  Conditional Disclosure of Secrets: Amplification, Closure, Amortization, Lower-Bounds, and Separations , 2017, CRYPTO.

[9]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[10]  Hoeteck Wee,et al.  Improved Dual System ABE in Prime-Order Groups via Predicate Encodings , 2015, EUROCRYPT.

[11]  Klim Efremenko,et al.  3-Query Locally Decodable Codes of Subexponential Length , 2008 .

[12]  Vinod M. Prabhakaran,et al.  On the Communication Complexity of Secure Computation , 2013, IACR Cryptol. ePrint Arch..

[13]  Hung-Min Sun,et al.  Secret sharing in graph-based prohibited structures , 1997, Proceedings of INFOCOM '97.

[14]  Sergey Yekhanin Towards 3-query locally decodable codes of subexponential length , 2007, STOC '07.

[15]  A. Lewko,et al.  Fully Secure HIBE with Short Ciphertexts , 2009 .

[16]  Allison Lewko,et al.  Tools for simulating features of composite order bilinear groups in the prime order setting , 2012 .

[17]  Ashwin Nayak,et al.  Optimal lower bounds for quantum automata and random access codes , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[18]  Rafail Ostrovsky,et al.  Communication Complexity in Algebraic Two-Party Protocols , 2008, CRYPTO.

[19]  David P. Woodruff,et al.  A geometric approach to information-theoretic private information retrieval , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[20]  Zeev Dvir,et al.  Matching Vector Codes , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[21]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[22]  Lance Fortnow,et al.  A tight lower bound for restricted pir protocols , 2006, computational complexity.

[23]  Anna Gál,et al.  Lower bounds for monotone span programs , 1994, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[24]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[25]  Toniann Pitassi,et al.  Exponential Lower Bounds for Monotone Span Programs , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[26]  Yuval Ishai,et al.  On the power of nonlinear secret-sharing , 2001, Proceedings 16th Annual IEEE Conference on Computational Complexity.

[27]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[28]  Alfredo De Santis,et al.  Tight Bounds on the Information Rate of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[29]  László Csirmaz Secret sharing schemes on graphs , 2005, IACR Cryptol. ePrint Arch..

[30]  Vince Grolmusz,et al.  Superpolynomial Size Set-systems with Restricted Intersections mod 6 and Explicit Ramsey Graphs , 2000, Comb..

[31]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[32]  Marten van Dijk On the information rate of perfect secret sharing schemes , 1995, Des. Codes Cryptogr..

[33]  Toniann Pitassi,et al.  The Hardness of Being Private , 2012, 2012 IEEE 27th Conference on Computational Complexity.

[34]  Paul Erdös,et al.  Covering a graph by complete bipartite graphs , 1997, Discret. Math..

[35]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[36]  Alfredo De Santis,et al.  On the Information Rate of Secret Sharing Schemes , 1996, Theor. Comput. Sci..

[37]  Yuval Ishai,et al.  Private simultaneous messages protocols with applications , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[38]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[39]  Nuttapong Attrapadung,et al.  Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More , 2014, IACR Cryptol. ePrint Arch..

[40]  Zeev Dvir,et al.  2-Server PIR with Sub-Polynomial Communication , 2014, STOC.

[41]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[42]  Hoeteck Wee,et al.  Communication Complexity of Conditional Disclosure of Secrets and Attribute-Based Encryption , 2015, CRYPTO.

[43]  Siegfried Bublitz,et al.  Decomposition of graphs and monotone formula size of homogeneous functions , 1986, Acta Informatica.

[44]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[45]  Hoeteck Wee,et al.  Dual System Encryption via Predicate Encodings , 2014, TCC.

[46]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[47]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[48]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[49]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[50]  Vinod Vaikuntanathan,et al.  Secret Sharing and Statistical Zero Knowledge , 2015, ASIACRYPT.