Efficient robust secret sharing from expander graphs

Threshold secret sharing allows a dealer to share a secret among n players so that any coalition of t players learns nothing about the secret, but any t+1 players can reconstruct the secret in its entirety. Robust secret sharing (RSS) provides the additional guarantee that even if t malicious players mangle their shares, they cannot cause the honest players to reconstruct an incorrect secret. In this work, we construct a simple RSS protocol for t=12−𝜖n$t = \left ({ \frac {1}{2} - \epsilon }\right )n$ that achieves logarithmic overhead in terms of share size and simultaneously allows efficient reconstruction. Our shares size increases by an additive term of O(κ+logn)$\mathcal {O}(\kappa + \log n)$, and reconstruction succeeds except with probability at most 2−κ. Previous efficient RSS protocols like that of Rabin and Ben-Or (STOC ’89) and Cevallos et al. (Eurocrypt ’12) use MACs to allow each player to check the shares of each other player in the protocol. These checks provide robustness, but require significant overhead in share size. Our construction identifies the n players as nodes in an expander graph, each player only checks its neighbors in the expander graph.

[1]  Reihaneh Safavi-Naini,et al.  A Model for Adversarial Wiretap Channels and its Applications , 2015, J. Inf. Process..

[2]  Martin Tompa,et al.  How to share a secret with cheaters , 2005, Journal of Cryptology.

[3]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[4]  Allison Bishop,et al.  Robust Secret Sharing Schemes Against Local Adversaries , 2014, Public Key Cryptography.

[5]  Douglas R. Stinson,et al.  Error decodable secret sharing and one-round perfectly secure message transmission for general adversary structures , 2010, Cryptography and Communications.

[6]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[7]  Keith M. Martin,et al.  On the Role of Expander Graphs in Key Predistribution Schemes for Wireless Sensor Networks , 2011, WEWoRC.

[8]  Thomas Johansson,et al.  On the Relation between A-Codes and Codes Correcting Independent Errors , 1993, EUROCRYPT.

[9]  Anna Gál,et al.  Combinatorial methods in boolean function complexity , 1995 .

[10]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[11]  Amos Beimel Secret-Sharing Schemes: A Survey , 2011, IWCC.

[12]  Rafail Ostrovsky,et al.  Identifying Cheaters without an Honest Majority , 2012, TCC.

[13]  Gabriel Bracha,et al.  An O(log n) expected rounds randomized byzantine generals protocol , 1987, JACM.

[14]  Ronald Cramer,et al.  Optimal Black-Box Secret Sharing over Arbitrary Abelian Groups , 2002, CRYPTO.

[15]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[16]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[17]  Subhas Kumar Ghosh On Optimality of Key Pre-distribution Schemes for Distributed Sensor Networks , 2006, ESAS.

[18]  Kaoru Kurosawa General Error Decodable Secret Sharing Scheme and Its Application , 2011, IEEE Transactions on Information Theory.

[19]  Ernest F. Brickell Some Ideal Secret Sharing Schemes , 1989, EUROCRYPT.

[20]  Richard Taylor An Integrity Check Value Algorithm for Stream Ciphers , 1993, CRYPTO.

[21]  M. Murty Ramanujan Graphs , 1965 .

[22]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[23]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[24]  Allison Bishop,et al.  Essentially Optimal Robust Secret Sharing with Maximal Corruptions , 2016, EUROCRYPT.

[25]  Matthias Fitzi,et al.  Towards Optimal and Efficient Perfectly Secure Message Transmission , 2007, TCC.

[26]  Gustavus J. Simmons A survey of information authentication , 1988 .

[27]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.


[29]  Alfredo De Santis,et al.  Size of Shares and Probability of Cheating in Threshold Schemes , 1993, EUROCRYPT.

[30]  Reihaneh Safavi-Naini,et al.  Unconditionally-Secure Robust Secret Sharing with Minimum Share Size , 2013, Financial Cryptography.

[31]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[32]  Ivan Damgård,et al.  Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions , 2015, EUROCRYPT.

[33]  Carles Padró,et al.  On Secret Sharing Schemes, Matroids and Polymatroids , 2007, TCC.

[34]  Ingemar Ingemarsson,et al.  A Construction of Practical Secret Sharing Schemes using Linear Block Codes , 1992, AUSCRYPT.

[35]  Rosario Gennaro Theory and practice of verifiable secret sharing , 1996 .

[36]  Bert den Boer A Simple and Key-Economical Unconditional Authentication Scheme , 1993, J. Comput. Secur..

[37]  Kaoru Kurosawa,et al.  New combinatorial designs and their applications to authentication codes and secret sharing schemes , 2004, Discret. Math..

[38]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[39]  N. Linial,et al.  Expander Graphs and their Applications , 2006 .

[40]  Moti Yung,et al.  Expander Graph based Key Distribution Mechanisms in Wireless Sensor Networks , 2006, 2006 IEEE International Conference on Communications.

[41]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[42]  Rafail Ostrovsky,et al.  Almost-Everywhere Secure Computation with Edge Corruptions , 2013, Journal of Cryptology.

[43]  Rafail Ostrovsky,et al.  Unconditionally-Secure Robust Secret Sharing with Compact Shares , 2012, EUROCRYPT.

[44]  Carles Padró,et al.  On secret sharing schemes, matroids and polymatroids , 2006, J. Math. Cryptol..

[45]  Kaoru Kurosawa,et al.  Optimum Secret Sharing Scheme Secure against Cheating , 1996, EUROCRYPT.

[46]  Mahdi Cheraghchi Nearly optimal robust secret sharing , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).

[47]  Doron Puder Expansion of random graphs: new proofs, new results , 2015 .

[48]  Rafail Ostrovsky,et al.  Secure Message Transmission with Small Public Discussion , 2010, EUROCRYPT.

[49]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[50]  Carles Padró,et al.  Secret Sharing Schemes with Detection of Cheaters for a General Access Structure , 2002, Des. Codes Cryptogr..

[51]  Moti Yung,et al.  Perfectly secure message transmission , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[52]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[53]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[54]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[55]  Dirk Westhoff,et al.  Security and Privacy in Ad-Hoc and Sensor Networks, Third European Workshop, ESAS 2006, Hamburg, Germany, September 20-21, 2006, Revised Selected Papers , 2006, ESAS.

[56]  van Me Marten Dijk Secret key sharing and secret key generation , 1997 .

[57]  Rafail Ostrovsky,et al.  Almost-Everywhere Secure Computation , 2008, EUROCRYPT.

[58]  Kaoru Kurosawa,et al.  Almost Secure (1-Round, n-Channel) Message Transmission Scheme , 2007, ICITS.