Towards Breaking the Exponential Barrier for General Secret Sharing

  • Tianren Liu
  • Vinod Vaikuntanathan
  • Hoeteck Wee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10820)


A secret-sharing scheme for a monotone Boolean (access) function \(F: \{0,1\}^n \rightarrow \{0,1\}\) is a randomized algorithm that on input a secret, outputs n shares \(s_1,\ldots ,s_n\) such that for any \((x_1,\ldots ,x_n) \in \{0,1\}^n\), the collection of shares \( \{ s_i : x_i = 1 \}\) determine the secret if \(F(x_1,\ldots ,x_n)=1\) and reveal nothing about the secret otherwise. The best secret sharing schemes for general monotone functions have shares of size \(\varTheta (2^n)\). It has long been conjectured that one cannot do much better than \(2^{\varOmega (n)}\) share size, and indeed, such a lower bound is known for the restricted class of linear secret-sharing schemes.

In this work, we refute two natural strengthenings of the above conjecture:
  • First, we present secret-sharing schemes for a family of \(2^{2^{n/2}}\) monotone functions over \(\{0,1\}^n\) with sub-exponential share size \(2^{O(\sqrt{n} \log n)}\). This unconditionally refutes the stronger conjecture that circuit size is, within polynomial factors, a lower bound on the share size.

  • Second, we disprove the analogous conjecture for non-monotone functions. Namely, we present “non-monotone secret-sharing schemes” for every access function over \(\{0,1\}^n\) with shares of size \(2^{O(\sqrt{n} \log n)}\).

Our construction draws upon a rich interplay amongst old and new problems in information-theoretic cryptography: from secret-sharing, to multi-party computation, to private information retrieval. Along the way, we also construct the first multi-party conditional disclosure of secrets (CDS) protocols for general functions \(F:\{0,1\}^n \rightarrow \{0,1\}\) with communication complexity \(2^{O(\sqrt{n} \log n)}\).



We thank Yuval Ishai for telling us about Conjecture 1. We thank the anonymous EUROCRYPT 2018 reviewers for their insightful comments.

Supplementary material


  1. [BBR94]
    Barrington, D.A.M., Beigel, R., Rudich, S.: Representing boolean functions as polynomials modulo composite numbers. Comput. Complex. 4, 367–382 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  2. [BDL12]
    Bhowmick, A., Dvir, Z., Lovett, S.: New lower bounds for matching vector codes. CoRR, abs/1204.1367 (2012)Google Scholar
  3. [Bei11]
    Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011). Scholar
  4. [BF98]
    Babai, L., Frankl, P.: Linear algebra methods in combinatorics (1998)Google Scholar
  5. [BGP95]
    Beimel, A., Gál, A., Paterson, M.: Lower bounds for monotone span programs. In: FOCS, pp. 674–681 (1995)Google Scholar
  6. [BGW99]
    Babai, L., Gál, A., Wigderson, A.: Superpolynomial lower bounds for monotone span programs. Combinatorica 19(3), 301–319 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  7. [BI01]
    Beimel, A., Ishai, Y.: On the power of nonlinear secret-sharing. In: Proceedings of the 16th Annual IEEE Conference on Computational Complexity, Chicago, 18–21 June 2001, pp. 188–202. IEEE Computer Society (2001)Google Scholar
  8. [BIKK14]
    Beimel, A., Ishai, Y., Kumaresan, R., Kushilevitz, E.: On the cryptographic complexity of the worst functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 317–342. Springer, Heidelberg (2014). Scholar
  9. [BL88]
    Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 1988, Santa Barbara, 21–25 August 1988, pp. 27–35 (1988)Google Scholar
  10. [Bla79]
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of AFIPS 1979 National Computer Conference, pp. 313–317 (1979)Google Scholar
  11. [CFIK03]
    Cramer, R., Fehr, S., Ishai, Y., Kushilevitz, E.: Efficient multi-party computation over rings. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 596–613. Springer, Heidelberg (2003). Scholar
  12. [CKGS98]
    Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  13. [Csi97]
    Csirmaz, L.: The size of a share must be large. J. Cryptol. 10(4), 223–231 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  14. [DG15]
    Dvir, Z., Gopi, S.: 2-server PIR with sub-polynomial communication. In: STOC, pp. 577–584 (2015)Google Scholar
  15. [DGY11]
    Dvir, Z., Gopalan, P., Yekhanin, S.: Matching vector codes. SIAM J. Comput. 40(4), 1154–1178 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  16. [Efr12]
    Efremenko, K.: 3-query locally decodable codes of subexponential length, vol. 41, pp. 1694–1703 (2012)Google Scholar
  17. [FKN94]
    Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation (extended abstract). In: Leighton, F.T., Goodrich, M.T. (eds.) Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, 23–25 May 1994, Montréal, pp. 554–563. ACM (1994)Google Scholar
  18. [GIKM00]
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. J. Comput. Syst. Sci. 60(3), 592–629 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  19. [GKW15]
    Gay, R., Kerenidis, I., Wee, H.: Communication complexity of conditional disclosure of secrets and attribute-based encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 485–502. Springer, Heidelberg (2015). Scholar
  20. [GPSW06]
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conference on Computer and Communications Security, pp. 89–98 (2006)Google Scholar
  21. [Gro00]
    Grolmusz, V.: Superpolynomial size set-systems with restricted intersections mod 6 and explicit ramsey graphs. Combinatorica 20(1), 71–86 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  22. [IK97]
    Ishai, Y., Kushilevitz, E.: Private simultaneous messages protocols with applications. In: ISTCS, pp. 174–184 (1997)Google Scholar
  23. [IK00]
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, 12–14 November 2000, Redondo Beach, pp. 294–304. IEEE Computer Society (2000)Google Scholar
  24. [IK02]
    Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Eidenbenz, S., Triguero, F., Morales, R., Conejo, R., Hennessy, M. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002). Scholar
  25. [ISN89]
    Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. Electron. Commun. Jpn. (Part III Fundam. Electron. Sci.) 72(9), 56–64 (1989)MathSciNetCrossRefGoogle Scholar
  26. [IW14]
    Ishai, Y., Wee, H.: Partial garbling schemes and their applications. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014). Scholar
  27. [KW93]
    Karchmer, M., Wigderson, A.: On span programs. In: Structure in Complexity Theory Conference, pp. 102–111. IEEE Computer Society (1993)Google Scholar
  28. [LVW17]
    Liu, T., Vaikuntanathan, V., Wee, H.: Conditional disclosure of secrets via non-linear reconstruction. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 758–790. Springer, Cham (2017). Scholar
  29. [OSW07]
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: ACM Conference on Computer and Communications Security, pp. 195–203 (2007)Google Scholar
  30. [PR17]
    Pitassi, T., Robere, R.: Lifting nullstellensatz to monotone span programs over any field. Electron. Colloq. Comput. Compl. (ECCC) 24, 165 (2017)Google Scholar
  31. [RPRC16]
    Robere, R., Pitassi, T., Rossman, B., Cook, S.A.: Exponential lower bounds for monotone span programs. In: FOCS, pp. 406–415 (2016)Google Scholar
  32. [Sha79]
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  33. [VV15]
    Vaikuntanathan, V., Vasudevan, P.N.: Secret sharing and statistical zero knowledge. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 656–680. Springer, Heidelberg (2015). Scholar
  34. [WY05]
    Woodruff, D.P., Yekhanin, S.: A geometric approach to information-theoretic private information retrieval. In: CCC, pp. 275–284 (2005)Google Scholar
  35. [Yek08]
    Yekhanin, S.: Towards 3-query locally decodable codes of subexponential length. J. ACM 55(1), 1:1–1:16 (2008)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Tianren Liu
    • 1
  • Vinod Vaikuntanathan
    • 1
  • Hoeteck Wee
    • 2
  1. 1.MITCambridgeUSA
  2. 2.CNRS and ENSParisFrance

Personalised recommendations