On the Local Leakage Resilience of Linear Secret Sharing Schemes

  • Fabrice Benhamouda
  • Akshay DegwekarEmail author
  • Yuval Ishai
  • Tal Rabin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10991)


We consider the following basic question: to what extent are standard secret sharing schemes and protocols for secure multiparty computation that build on them resilient to leakage? We focus on a simple local leakage model, where the adversary can apply an arbitrary function of a bounded output length to the secret state of each party, but cannot otherwise learn joint information about the states.

We show that additive secret sharing schemes and high-threshold instances of Shamir’s secret sharing scheme are secure under local leakage attacks when the underlying field is of a large prime order and the number of parties is sufficiently large. This should be contrasted with the fact that any linear secret sharing scheme over a small characteristic field is clearly insecure under local leakage attacks, regardless of the number of parties. Our results are obtained via tools from Fourier analysis and additive combinatorics.

We present two types of applications of the above results and techniques. As a positive application, we show that the “GMW protocol” for honest-but-curious parties, when implemented using shared products of random field elements (so-called “Beaver Triples”), is resilient in the local leakage model for sufficiently many parties and over certain fields. This holds even when the adversary has full access to a constant fraction of the views. As a negative application, we rule out multi-party variants of the share conversion scheme used in the 2-party homomorphic secret sharing scheme of Boyle et al. (Crypto 2016).



We thank the Crypto reviewers for helpful comments.

The first and fourth authors were supported by the Defense Advanced Research Projects Agency (DARPA) and U.S. Army Research Office (ARO) under Contract No. W911NF-15-C-0236. The second author did some of the work when he was a summer intern at IBM Research. He was supported in part by NSF Grants CNS-1413920 and CNS-1350619, and by the Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Office (ARO) under contracts W911NF-15-C-0226 and W911NF-15-C-0236. The third author was supported in part by ERC grant 742754, ISF grant 1709/14, NSF-BSF grant 2015782, and a grant from the Ministry of Science and Technology, Israel and Department of Science and Technology, Government of India.


  1. 1.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009). Scholar
  2. 2.
    Araki, T., Furukawa, J., Lindell, Y., Nof, A., Ohara, K.: High-throughput semi-honest secure three-party computation with an honest majority. In: CCS (2016)Google Scholar
  3. 3.
    Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992). Scholar
  4. 4.
    Beimel, A., Ishai, Y., Kushilevitz, E., Orlov, I.: Share conversion and private information retrieval. In: CCC (2012)Google Scholar
  5. 5.
    Ben-Or, M., Coppersmith, D., Luby, M., Rubinfeld, R.: Non-abelian homomorphism testing, and distributions close to their self-convolutions. Random Struct. Algorithms (2008)Google Scholar
  6. 6.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: STOC (1988)Google Scholar
  7. 7.
    Bitansky, N., Dachman-Soled, D., Lin, H.: Leakage-tolerant computation with input-independent preprocessing. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 146–163. Springer, Heidelberg (2014). Scholar
  8. 8.
    Blakley, G.: Safeguarding cryptographic keys. In: AFIPS National Computer Conference (1979)Google Scholar
  9. 9.
    Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. J. Comput. Syst. Sci. 47, 549–595 (1993)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Bogdanov, A., Ishai, Y., Viola, E., Williamson, C.: Bounded indistinguishability and the complexity of recovering secrets. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 593–618. Springer, Heidelberg (2016). Scholar
  11. 11.
    Boyle, E., Gilboa, N., Ishai, Y.: Breaking the circuit size barrier for secure computation under DDH. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 509–539. Springer, Heidelberg (2016). Scholar
  12. 12.
    Boyle, E., Goldwasser, S., Kalai, Y.T.: Leakage-resilient coin tossing. In: Peleg, D. (ed.) DISC 2011. LNCS, vol. 6950, pp. 181–196. Springer, Heidelberg (2011). Scholar
  13. 13.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 462–462. Springer, Heidelberg (1988). Scholar
  14. 14.
    Cramer, R., Damgård, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342–362. Springer, Heidelberg (2005). Scholar
  15. 15.
    Dachman-Soled, D., Liu, F., Zhou, H.: Leakage-resilient circuits revisited – optimal number of computing components without leak-free hardware. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 131–158. Springer, Heidelberg (2015). Scholar
  16. 16.
    Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). Scholar
  17. 17.
    Dodis, Y., Halevi, S., Rothblum, R.D., Wichs, D.: Spooky encryption and its applications. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 93–122. Springer, Heidelberg (2016). Scholar
  18. 18.
    Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. Springer, Heidelberg (2014). Scholar
  19. 19.
    Dziembowski, S., Faust, S.: Leakage-resilient circuits without computational assumptions. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 230–247. Springer, Heidelberg (2012). Scholar
  20. 20.
    Dziembowski, S., Pietrzak, K.: Intrusion-resilient secret sharing. In: FOCS (2007)Google Scholar
  21. 21.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS (2008)Google Scholar
  22. 22.
    Faust, S., Rabin, T., Reyzin, L., Tromer, E., Vaikuntanathan, V.: Protecting circuits from leakage: the computationally-bounded and noisy cases. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 135–156. Springer, Heidelberg (2010). Scholar
  23. 23.
    Fazio, N., Gennaro, R., Jafarikhah, T., Skeith III, W.E.: Homomorphic secret sharing from paillier encryption. In: Okamoto, T., Yu, Y., Au, M.H., Li, Y. (eds.) ProvSec 2017. LNCS, vol. 10592, pp. 381–399. Springer, Cham (2017). Scholar
  24. 24.
    Genkin, D., Ishai, Y., Weiss, M.: How to construct a leakage-resilient (stateless) trusted party. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 209–244. Springer, Cham (2017). Scholar
  25. 25.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC 1987 (1987)Google Scholar
  26. 26.
    Goldwasser, S., Rothblum, G.N.: How to compute in the presence of leakage. SICOMP (2015).
  27. 27.
    Gowers, W.T.: A new proof of Szemerédi’s theorem. Geom. Funct. Anal. 11, 465–588 (2001)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Gowers, W.T., Wolf, J.: The true complexity of a system of linear equations. Proc. London Math. Soc. 100, 155–176 (2010)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Gowers, W.T., Wolf, J.: Linear forms and higher-degree uniformity for functions on \( \mathbb{F}_n^p \). Geom. Funct. Anal. 21, 36–39 (2011)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Gowers, W.T., Wolf, J.: Linear forms and quadratic uniformity for functions on \( \mathbb{F}_n^p \). Mathematika 57, 215–237 (2011)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Goyal, V., Ishai, Y., Maji, H.K., Sahai, A., Sherstov, A.A.: Bounded-communication leakage resilience via parity-resilient circuits. In: FOCS (2016)Google Scholar
  32. 32.
    Green, B.: Montréal notes on quadratic Fourier analysis. Add. Comb. 43, 69–102 (2007)zbMATHGoogle Scholar
  33. 33.
    Green, B., Tao, T.: Linear equations in primes. Ann. Math. 171, 1753–1850 (2010)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Guruswami, V., Wootters, M.: Repairing reed-solomon codes. IEEE Trans. Inf. Theory 63, 5684–5698 (2017)MathSciNetzbMATHGoogle Scholar
  35. 35.
    Ishai, Y., Sahai, A., Wagner, D.A.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). Scholar
  36. 36.
    Keller, M., Orsini, E., Scholl, P.: MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In: CCS (2016)Google Scholar
  37. 37.
    Kiltz, E., Pietrzak, K.: Leakage resilient elgamal encryption. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 595–612. Springer, Heidelberg (2010). Scholar
  38. 38.
    Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y.: Spectre attacks: exploiting speculative execution. ArXiv e-prints, January 2018Google Scholar
  39. 39.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  40. 40.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Scholar
  41. 41.
    Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., Hamburg, M.: Meltdown. ArXiv e-printsGoogle Scholar
  42. 42.
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004). Scholar
  43. 43.
    Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  44. 44.
    Tao, T., Vu, V.H.: Additive Combinatorics. Cambridge University Press, Cambridge (2006)CrossRefGoogle Scholar
  45. 45.
    Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Fabrice Benhamouda
    • 1
  • Akshay Degwekar
    • 2
    Email author
  • Yuval Ishai
    • 3
  • Tal Rabin
    • 1
  1. 1.IBM ResearchYorktown HeightsUSA
  2. 2.MITCambridgeUSA
  3. 3.TechnionHaifaIsrael

Personalised recommendations