Space Efficient Computational Multi-Secret Sharing and Its Applications

In a (t1, . . . , t`)-multi-secret sharing scheme (MSSS), ` independent secrets s1, . . . , s` are shared with n parties in such a way that at least ti parties are required to recover the secret si (while si remains hidden with fewer shares). We consider the problem of minimizing the share size of MSSS in the challenging setting when there are many secrets to be shared among many parties. To circumvent the information-theoretic lower bound (e.g., Blundo [4]), we focus on the computational setting. A simple generalization of computational secret sharing (Krawczyk [17]) to multi-secret sharing yields a scheme with share size/overhead scaling linearly in `, the total number of secrets. To beat this linear scaling, we consider constructing MSSS based on a related notion of encryption—dynamic threshold public key encryption (DTPKE)—that enables a sender to dynamically specify a threshold for each ciphertext. None of the existing DTPKE is well-suited for our purpose. Thus, we propose a new construction of a dynamic threshold public key encryption scheme with improved efficiency characteristics. We then give a recursive application of our construction that yields an efficient MSSS with share size only logarithmic in the number of secrets (thus effectively O(log `) as in the common cases, where `, n are polynomially related). Finally, we describe an application of our space efficient (1, 2, . . . , n−1)MSSS to a special tool called gradual verifiable secret sharing which is the fundamental building block for general multiparty computation (MPC) with n players that provides fairness without honest majority.

[1]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[2]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[3]  David Pointcheval,et al.  Dynamic Threshold Public-Key Encryption , 2008, CRYPTO.

[4]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[5]  Y. Yeh,et al.  Dynamic Multi-Secret Sharing Scheme , 2008 .

[6]  Germán Sáez,et al.  New results and applications for multi-secret sharing schemes , 2014, Des. Codes Cryptogr..

[7]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[8]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[9]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[10]  Giovanni Di Crescenzo,et al.  Multi-Secret Sharing Schemes , 1994, CRYPTO.

[11]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[12]  Germán Sáez,et al.  Sharing many secrets with computational provable security , 2013, Inf. Process. Lett..

[13]  Nir Bitansky,et al.  Erratum: Succinct Non-interactive Arguments via Linear Interactive Proofs , 2013, TCC.

[14]  Keith M. Martin,et al.  Multisecret Threshold Schemes , 1994, CRYPTO.

[15]  Carles Padró,et al.  Multi-linear Secret-Sharing Schemes , 2014, TCC.

[16]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[17]  Yehuda Lindell,et al.  On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation , 2006, CRYPTO.

[18]  Helger Lipmaa,et al.  Succinct Non-Interactive Zero Knowledge Arguments from Span Programs and Linear Error-Correcting Codes , 2013, IACR Cryptol. ePrint Arch..

[19]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[20]  Stefano Tessaro,et al.  Asynchronous Verifiable Information Dispersal , 2005, DISC.

[21]  Marten van Dijk,et al.  A General Decomposition Construction for Incomplete Secret Sharing Schemes , 1998, Des. Codes Cryptogr..

[22]  Huaxiong Wang,et al.  Verifiable Multi-secret Sharing Schemes for Multiple Threshold Access Structures , 2007, Inscrypt.

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[25]  Barbara Masucci Sharing Multiple Secrets: Models, Schemes and Analysis , 2006, Des. Codes Cryptogr..

[26]  Ueli Maurer,et al.  A Dynamic Tradeoff Between Active and Passive Corruptions in Secure Multi-Party Computation , 2013, IACR Cryptol. ePrint Arch..

[27]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.