Verifiably Multiplicative Secret Sharing

  • Maki YoshidaEmail author
  • Satoshi Obana
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10681)


Barkol et al. (Journal of Cryptology, 2010) introduced the notion of d-multiplicative secret sharing (d-MSS), which allows the players to multiply shared d secrets by converting their shares locally into an additive sharing of the product, and proved that d-MSS among n players is possible if and only if no d unauthorized sets of players cover the whole set of players (type \(Q_d\)). Although this result implies some limitations on secret sharing in the context of MPC, the d-multiplicative property is still useful for simplifying complex tasks of MPC by computing the product of d field elements directly and non-interactively. In this paper, to further improve usefulness, we introduce and study the verifiability of multiplication, which is mainly formalized for the motivated applications of d-MSS. Informally, a d-MSS scheme is verifiable if the scheme enables the players to locally generate an additive sharing of proof that the summed value is the correct product of shared d secrets. First, we prove that verifiably d-MSS among n players is possible if no \(d+1\) unauthorized sets of players cover the whole set of players (type \(Q_{d+1}\)) where the error probability is zero. That is, a larger number of players n is required. In addition, in the proposed error-free scheme, the share size of a proof increases with the number of unauthorized sets. To achieve the optimal bound on n of d-MSS (type \(Q_d\)) efficiently, we accept an error probability. We prove that verifiably d-MSS among n players is possible if and only if no d unauthorized sets of players cover the whole set of players (type \(Q_d\)) where the error probability is non-zero but is chosen arbitrarily. In the proposed scheme, each share of a proof consists of only two field elements. From these results, we can see that there is a tradeoff between usability and correctness (i.e. either no additional players or no error). Because these schemes do not require any setup or interaction, we can freely select them as the situation demands.


  1. 1.
    Araki, T., Furukawa, J., Lindell, Y., Nof, A., Ohara, K.: High-throughput semi-honest secure three-party computation with an honest majority. In: 23rd ACM Conference on Computer and Communications Security (ACM CCS 2016), pp. 805–817 (2016)Google Scholar
  2. 2.
    Araki, T., Barak, A., Furukawa, J., Lichter, T., Lindell, Y., Nof, A., Ohara, K., Watzman, A., Weinstein, O.: Optimized honest-majority MPC for malicious adversaries - breaking the 1 billion-gate per second barrier. In: 38th IEEE Symposium on Security and Privacy (S&P 2017), pp. 843–862 (2017)Google Scholar
  3. 3.
    Barkol, O., Ishai, Y., Weinreb, E.: On \(d\)-multiplicative secret sharing. J. Cryptology 23(4), 580–593 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Blakley, G.R.: Safeguarding cryptographic keys. In: AFIPS 1979 National Computer Conference, vol. 48, pp. 313–317 (1979)Google Scholar
  5. 5.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: The 20th Annual ACM Symposium on Theory of Computing, STOC 1988, pp. 1–10 (1988)Google Scholar
  6. 6.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Chaum, D., Crèpeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: The 20th Annual ACM Symposium on Theory of Computing, STOC 1988, pp. 11–19 (1988)Google Scholar
  8. 8.
    Carpentieri, M., De Santis, A., Vaccaro, U.: Size of shares and probability of cheating in threshold schemes. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 118–125. Springer, Heidelberg (1994). Google Scholar
  9. 9.
    Cabello, S., Padró, C., Sáez, G.: Secret sharing schemes with detection of cheaters for a general access structure. Des. Codes Crypt. 25(2), 175–188 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Cramer, R., Damgård, I., Maurer, U.: General secure multi-party computation from any linear secret-sharing scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 316–334. Springer, Heidelberg (2000). CrossRefGoogle Scholar
  11. 11.
    Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  12. 12.
    Goldreich, O.: Foundations of Cryptography: Vol. 2, Basic Applications. Cambridge University Press, New York (2004)Google Scholar
  13. 13.
    Goldwasser, S., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with an honest majority. In: The 19th Annual ACM Symposium on Theory of Computing, STOC 1987, pp. 218–229 (1987)Google Scholar
  14. 14.
    Hirt, M., Maurer, U.: Player simulation and general adversary structures in perfect multiparty computation. J. Cryptology 13(1), 31–60 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. In: IEEE Global Telecommunications Conference, Globecom 1987, pp. 99–102 (1987)Google Scholar
  16. 16.
    Ishai, Y., Kushilevits, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: The 41st Annual Symposium on Foundations of Computer Science (FOCS2000), pp. 294–304 (2000)Google Scholar
  17. 17.
    Ishai, Y., Ostrovsky, R., Seyalioglu, H.: Identifying cheaters without an honest majority. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 21–38. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  18. 18.
    Liu, M., Xiao, L., Zhang, Z.: Multiplicative linear secret sharing schemes based on connectivity of graphs. IEEE Trans. Inf. Theory 53(11), 3973–3978 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Maurer, U.: Secure multi-party computation made simple. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 14–28. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  20. 20.
    Hirt, M., Tschudi, D.: Efficient general-adversary multi-party computation. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 181–200. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  21. 21.
    Patra, A., Choudhary, A., Rabin, T., Rangan, C.P.: The round complexity of verifiable secret sharing revisited. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 487–504. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  22. 22.
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: The 21st Annual ACM Symposium on Theory of Computing, STOC 1989, pp. 73–85 (1989)Google Scholar
  23. 23.
    Rogaway, P., Bellare, M.: Robust computational secret sharing and a unified account of classical secret-sharing goals. In: The 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 172–184 (2007)Google Scholar
  24. 24.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Yao, A.C.: Protocols for secure computations. In: The 23rd Annual Symposium on Foundations of Computer Science, FOCS 1982, pp. 160–164 (1982)Google Scholar
  26. 26.
    Yoshida, M., Fujiwara, T.: On the impossibility of \(d\)-multiplicative non-perfect secret sharing. IEICE Trans. 98–A(2), 767–770 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.NICTTokyoJapan
  2. 2.Hosei UniversityTokyoJapan

Personalised recommendations