Matroids Can Be Far from Ideal Secret Sharing

In a secret-sharing scheme, a secret value is distributed among a set of parties by giving each party a share. The requirement is that only predefined subsets of parties can recover the secret from their shares. The family of the predefined authorized subsets is called the access structure. An access structure is ideal if there exists a secret-sharing scheme realizing it in which the shares have optimal length, that is, in which the shares are taken from the same domain as the secrets. Brickell and Davenport (J. of Cryptology, 1991) proved that ideal access structures are induced by matroids. Subsequently, ideal access structures and access structures induced by matroids have received a lot of attention. Seymour (J. of Combinatorial Theory, 1992) gave the first example of an access structure induced by a matroid, namely the Vamos matroid, that is non-ideal. Beimel and Livne (TCC 2006) presented the first non-trivial lower bounds on the size of the domain of the shares for secret-sharing schemes realizing an access structure induced by the Vamos matroid. In this work, we substantially improve those bounds by proving that the size of the domain of the shares in every secret-sharing scheme for those access structures is at least k1.1, where k is the size of the domain of the secrets (compared to k + Ω(√k) in previous works). Our bounds are obtained by using non-Shannon inequalities for the entropy function. The importance of our results are: (1) we present the first proof that there exists an access structure induced by a matroid which is not nearly ideal, and (2) we present the first proof that there is an access structure whose information rate is strictly between 2/3 and 1. In addition, we present a better lower bound that applies only to linear secret-sharing schemes realizing the access structures induced by the Vamos matroid.

[1]  Carles Padró,et al.  On secret sharing schemes, matroids and polymatroids , 2006, J. Math. Cryptol..

[2]  Randall Dougherty,et al.  Networks, Matroids, and Non-Shannon Information Inequalities , 2007, IEEE Transactions on Information Theory.

[3]  Paul D. Seymour On secret-sharing matroids , 1992, J. Comb. Theory, Ser. B.

[4]  Zhen Zhang,et al.  On Characterization of Entropy Function via Information Inequalities , 1998, IEEE Trans. Inf. Theory.

[5]  Paul Seymour,et al.  A FORBIDDEN MINOR CHARACTERIZATION OF MATROID PORTS , 1976 .

[6]  Alfredo De Santis,et al.  On Secret Sharing Schemes , 1998, Inf. Process. Lett..

[7]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[8]  Amos Beimel,et al.  Universally ideal secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[9]  Ernest F. Brickell,et al.  On the classification of ideal secret sharing schemes , 1989, Journal of Cryptology.

[10]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[11]  Kaoru Kurosawa,et al.  Nonperfect Secret Sharing Schemes and Matroids , 1994, EUROCRYPT.

[12]  Randall Dougherty,et al.  Six New Non-Shannon Information Inequalities , 2006, 2006 IEEE International Symposium on Information Theory.

[13]  Carles Padró,et al.  On Secret Sharing Schemes, Matroids and Polymatroids , 2007, TCC.

[14]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[15]  Mihir Bellare,et al.  Robust computational secret sharing and a unified account of classical secret-sharing goals , 2007, CCS '07.

[16]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[17]  F. Mat Two Constructions on Limits of Entropy Functions , 2007, IEEE Trans. Inf. Theory.

[18]  Alfredo De Santis,et al.  On the Size of Shares for Secret Sharing Schemes , 1991, CRYPTO.

[19]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[20]  Ernest F. Brickell,et al.  Some improved bounds on the information rate of perfect secret sharing schemes , 2006, Journal of Cryptology.

[21]  Eyal Kushilevitz,et al.  Secret sharing over infinite domains , 1993, Journal of Cryptology.

[22]  Alexei E. Ashikhmin,et al.  Almost Affine Codes , 1998, Des. Codes Cryptogr..

[23]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[24]  Amos Beimel,et al.  On Matroids and Non-ideal Secret Sharing , 2006, TCC.

[25]  Frantisek Matús,et al.  Matroid representations by partitions , 1999, Discret. Math..

[26]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[27]  A. Ingleton,et al.  Conditions for representability and transversality of matroids , 1971 .

[28]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[29]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[30]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[31]  Carles Padró,et al.  Secret Sharing Schemes with Three or Four Minimal Qualified Subsets , 2005, Des. Codes Cryptogr..

[32]  James G. Oxley,et al.  Matroid theory , 1992 .

[33]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).