Advertisement

On the Power of Amortization in Secret Sharing: d-Uniform Secret Sharing and CDS with Constant Information Rate

  • Benny ApplebaumEmail author
  • Barak Arkis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11239)

Abstract

Consider the following secret-sharing problem. Your goal is to distribute a long file s between n servers such that \((d-1)\)-subsets cannot recover the file, \((d+1)\)-subsets can recover the file, and d-subsets should be able to recover s if and only if they appear in some predefined list L. How small can the information ratio (i.e., the number of bits stored on a server per each bit of the secret) be?

We advocate the study of such d-uniform access structures as a useful scaled-down version of general access structures. Our main result shows that, for constant d, any d-uniform access structure admits a secret sharing scheme with a constant asymptotic information ratio of \(c_d\) that does not grow with the number of servers n. This result is based on a new construction of d-party Conditional Disclosure of Secrets (CDS) for arbitrary predicates over n-size domain in which each party communicates at most four bits per secret bit.

In both settings, previous results achieved a non-constant information ratio that grows asymptotically with n, even for the simpler (and widely studied) special case of \(d=2\). Moreover, our multiparty CDS construction yields the first example of an access structure whose amortized information ratio is constant, whereas its best-known non-amortized information ratio is sub-exponential, thus providing a unique evidence for the potential power of amortization in the context of secret sharing.

Our main result applies to exponentially long secrets, and so it should be mainly viewed as a barrier against amortizable lower-bound techniques. We also show that in some natural simple cases (e.g., low-degree predicates), amortization kicks in even for quasi-polynomially long secrets. Finally, we prove some limited lower-bounds, point out some limitations of existing lower-bound techniques, and describe some applications to the setting of private simultaneous messages.

References

  1. [AA18]
    Applebaum, B., Arkis, B.: Conditional disclosure of secrets and d-uniform secret sharing with constant information rate. IACR Cryptology ePrint Archive 2018/1 (2018)Google Scholar
  2. [AARV17]
    Applebaum, B., Arkis, B., Raykov, P., Vasudevan, P.N.: Conditional disclosure of secrets: amplification, closure, amortization, lower-bounds, and separations. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 727–757. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_24CrossRefGoogle Scholar
  3. [AHMS18]
    Applebaum, B., Holenstein, T., Mishra, M., Shayevitz, O.: The communication complexity of private simultaneous messages, revisited. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 261–286. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78375-8_9. https://eprint.iacr.org/2018/144CrossRefGoogle Scholar
  4. [AIK06]
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in \(\text{ NC }^{0}\). SIAM J. Comput. 36(4), 845–888 (2006)MathSciNetCrossRefGoogle Scholar
  5. [AIR01]
    Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_8CrossRefGoogle Scholar
  6. [Bei11]
    Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20901-7_2CrossRefGoogle Scholar
  7. [BFM16]
    Beimel, A., Farràs, O., Mintz, Y.: Secret-sharing schemes for very dense graphs. J. Cryptol. 29(2), 336–362 (2016)MathSciNetCrossRefGoogle Scholar
  8. [BFMP17]
    Beimel, A., Farràs, O., Mintz, Y., Peter, N.: Linear secret-sharing schemes for forbidden graph access structures. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 394–423. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70503-3_13CrossRefGoogle Scholar
  9. [BI01]
    Beimel, A., Ishai, Y.: On the power of nonlinear secrect-sharing. In: Proceedings of the 16th Annual IEEE Conference on Computational Complexity, Chicago, Illinois, USA, 18–21 June 2001, pp. 188–202. IEEE Computer Society (2001)Google Scholar
  10. [BIKK14]
    Beimel, A., Ishai, Y., Kumaresan, R., Kushilevitz, E.: On the cryptographic complexity of the worst functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 317–342. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54242-8_14CrossRefzbMATHGoogle Scholar
  11. [BKN18]
    Beimel, A., Kushilevitz, E., Nissim, P.: The Complexity of Multiparty PSM Protocols and Related Models. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 287–318. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78375-8_10. https://eprint.iacr.org/2018/148CrossRefGoogle Scholar
  12. [BL88]
    Benaloh, J., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, New York (1990).  https://doi.org/10.1007/0-387-34799-2_3CrossRefGoogle Scholar
  13. [Bla79]
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings AFIPS 1979 National Computer Conference, pp. 313–317. AFIPS (1979)Google Scholar
  14. [CKGS98]
    Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)MathSciNetCrossRefGoogle Scholar
  15. [CSGV93]
    Capocelli, R.M., Santis, A.D., Gargano, L., Vaccaro, U.: On the size of shares for secret sharing schemes. J. Cryptol. 6(3), 157–167 (1993)CrossRefGoogle Scholar
  16. [Csi97]
    Csirmaz, L.: The size of a share must be large. J. Cryptol. 10(4), 223–231 (1997)MathSciNetCrossRefGoogle Scholar
  17. [FKN94]
    Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation (extended abstract). In: Leighton, F.T., Goodrich, M.T. (eds.) Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, 23–25 May 1994, Montréal, Québec, Canada, pp. 554–563. ACM (1994)Google Scholar
  18. [GIKM00]
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. J. Comput. Syst. Sci. 60(3), 592–629 (2000)MathSciNetCrossRefGoogle Scholar
  19. [GKW15]
    Gay, R., Kerenidis, I., Wee, H.: Communication complexity of conditional disclosure of secrets and attribute-based encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 485–502. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_24CrossRefGoogle Scholar
  20. [GPSW06]
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, 30 october–3 November 2006, pp. 89–98. ACM (2006)Google Scholar
  21. [IK00]
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, 12–14 November 2000, Redondo Beach, California, USA, pp. 294–304. IEEE Computer Society (2000)Google Scholar
  22. [IK02]
    Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Eidenbenz, S., Triguero, F., Morales, R., Conejo, R., Hennessy, M. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45465-9_22CrossRefGoogle Scholar
  23. [Ish13]
    Ishai, Y.: Randomization techniques for secure computation. In: Prabhakaran, M., Sahai, A. (eds.) Secure Multi-Party Computation, Volume 10 of Cryptology and Information Security Series, pp. 222–248. IOS Press (2013)Google Scholar
  24. [ISN87]
    Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. In: Proceedings IEEE Globecom 1987, pp. 99–102. IEEE (1987)Google Scholar
  25. [IW14]
    Ishai, Y., Wee, H.: Partial garbling schemes and their applications. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43948-7_54CrossRefzbMATHGoogle Scholar
  26. [KGH83]
    Karnin, E.D., Greene, J.W., Hellman, M.E.: On secret sharing systems. IEEE Trans. Inf. Theor. 29(1), 35–41 (1983)MathSciNetCrossRefGoogle Scholar
  27. [KS17]
    Katz, J., Shacham, H. (eds.): CRYPTO 2017. LNCS, vol. 10401. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7CrossRefzbMATHGoogle Scholar
  28. [KW93]
    Karchmer, M., Wigderson, A.: On span programs. In: Proceedings of the Eigth Annual Structure in Complexity Theory Conference, San Diego, CA, USA, 18–21 May 1993, pp. 102–111. IEEE Computer Society (1993)Google Scholar
  29. [LV18]
    Liu, T., Vaikuntanathan, V.: Breaking the circuit-size barrier in secret sharing. In: To appear in STOC2018 (2018). https://eprint.iacr.org/2018/333
  30. [LVW17a]
    Liu, T., Vaikuntanathan, V., Wee, H.: Conditional disclosure of secrets via non-linear reconstruction. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. Lecture Notes in Computer Science, vol. 10401, pp. 758–790. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_25CrossRefGoogle Scholar
  31. [LVW17b]
    Liu, T., Vaikuntanathan, V., Wee, H.: Towards breaking the exponential barrier for general secret sharing. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 567–596. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78381-9_21CrossRefGoogle Scholar
  32. [Min12]
    Mintz, Y.: Information ratios of graph secret-sharing schemes. Master’s thesis, Department of Computer Science, Ben Gurion University (2012)Google Scholar
  33. [Sha79]
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  34. [SS97]
    Sun, H., Shieh, S.: Secret sharing in graph-based prohibited structures. In: Proceedings IEEE INFOCOM 1997, The Conference on Computer Communications, Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies, Driving the Information Revolution, Kobe, Japan, 7–12 April 1997, pp. 718–724. IEEE (1997)Google Scholar
  35. [Sti94]
    Stinson, D.R.: Decomposition constructions for secret-sharing schemes. IEEE Trans. Inf. Theor. 40(1), 118–125 (1994)MathSciNetCrossRefGoogle Scholar
  36. [SW05]
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27CrossRefGoogle Scholar
  37. [VV15]
    Vaikuntanathan, V., Vasudevan, P.N.: Secret sharing and statistical zero knowledge. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 656–680. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_27CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Tel-Aviv UniversityTel AvivIsrael

Personalised recommendations