On-line secret sharing

In a perfect secret sharing scheme the dealer distributes shares to participants so that qualified subsets can recover the secret, while unqualified subsets have no information on the secret. In an on-line secret sharing scheme the dealer assigns shares in the order the participants show up, knowing only those qualified subsets whose all members she has seen. We often assume that the overall access structure (the set of minimal qualified subsets) is known and only the order of the participants is unknown. On-line secret sharing is a useful primitive when the set of participants grows in time, and redistributing the secret when a new participant shows up is too expensive. In this paper we start the investigation of unconditionally secure on-line secret sharing schemes. The complexity of a secret sharing scheme is the size of the largest share a single participant can receive over the size of the secret. The infimum of this amount in the on-line or off-line setting is the on-line or off-line complexity of the access structure, respectively. For paths on at most five vertices and cycles on at most six vertices the on-line and offline complexities are equal, while for other paths and cycles these values differ. We show that the gap between these values can be arbitrarily large even for graph based access structures. We present a general on-line secret sharing scheme that we call first-fit. Its complexity is the maximal degree of the access structure. We show, however, that this on-line scheme is never optimal: the on-line complexity is always strictly less than the maximal degree. On the other hand, we give examples where the first-fit scheme is almost optimal, namely, the on-line complexity can be arbitrarily close to the maximal degree. The performance ratio is the ratio of the on-line and off-line complexities of the same access structure. We show that for graphs the performance ratio is smaller than the number of vertices, and for an infinite family of graphs the performance ratio is at least constant times the square root of the number of vertices.

[1]  Paul Erdös,et al.  Covering a graph by complete bipartite graphs , 1997, Discret. Math..

[2]  Alfredo De Santis,et al.  On the Information Rate of Secret Sharing Schemes , 1996, Theor. Comput. Sci..

[3]  Victor W. Marek,et al.  Book review: Combinatorics, Set Systems, Hypergraphs, Families of Vectors and Combinatorial Probability by B. Bollobas (Cambridge University Press) , 1987, SGAR.

[4]  Alfredo De Santis,et al.  Graph decompositions and secret sharing schemes , 2004, Journal of Cryptology.

[5]  Douglas R. Stinson,et al.  Decomposition constructions for secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[6]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[7]  Ueli Maurer,et al.  Secure multi-party computation made simple , 2002, Discret. Appl. Math..

[8]  Carles Padró,et al.  Ideal secret sharing schemes whose minimal qualified subsets have at most three participants , 2009, Des. Codes Cryptogr..

[9]  B. Bollobás Combinatorics: Set Systems, Hypergraphs, Families of Vectors and Combinatorial Probability , 1986 .

[10]  Alfredo De Santis,et al.  Tight Bounds on the Information Rate of Secret Sharing Schemes , 1997, Des. Codes Cryptogr..

[11]  László Csirmaz Secret sharing schemes on graphs , 2005, IACR Cryptol. ePrint Arch..

[12]  Gábor Tardos,et al.  Secret sharing on trees: problem solved , 2009, IACR Cryptol. ePrint Arch..

[13]  Alfredo De Santis,et al.  On the size of shares for secret sharing schemes , 1991, Journal of Cryptology.

[14]  Alfredo De Santis,et al.  Fully Dynamic Secret Sharing Schemes , 1996, Theor. Comput. Sci..

[15]  I. Csiszár Information Theory , 1981 .

[16]  F. Mat Two Constructions on Limits of Entropy Functions , 2007, IEEE Trans. Inf. Theory.

[18]  Alfredo De Santis,et al.  Fully Dynamic Secret Sharing Schemes , 1993, Theor. Comput. Sci..

[19]  Toby Berger,et al.  Review of Information Theory: Coding Theorems for Discrete Memoryless Systems (Csiszár, I., and Körner, J.; 1981) , 1984, IEEE Trans. Inf. Theory.

[20]  Imre Csiszár,et al.  Information Theory - Coding Theorems for Discrete Memoryless Systems, Second Edition , 2011 .

[21]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[22]  Alfredo De Santis,et al.  On the Size of Shares for Secret Sharing Schemes , 1991, CRYPTO.

[23]  Avery Miller Online Graph Colouring , 2004 .

[24]  Carles Padró,et al.  Matroids Can Be Far from Ideal Secret Sharing , 2008, TCC.

[25]  Carles Padró,et al.  On Secret Sharing Schemes, Matroids and Polymatroids , 2007, TCC.

[26]  Marten van Dijk On the information rate of perfect secret sharing schemes , 1995, Des. Codes Cryptogr..

[27]  Michael E. Saks,et al.  An on-line graph coloring algorithm with sublinear performance ratio , 1989, Discret. Math..

[28]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[29]  Alfredo De Santis,et al.  On the Information Rate of Secret Sharing Schemes (Extended Abstract) , 1992, CRYPTO.

[30]  Christian Cachin On-Line Secret Sharing , 1995, IMACC.

[31]  Carles Padró,et al.  Ideal Secret Sharing Schemes Whose Minimal Qualified Subsets Have at Most Three Participants , 2006, SCN.