Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation

  • Ronald Cramer
  • Ivan Damgård
  • Yuval Ishai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


We present a method for converting shares of a secret into shares of the same secret in a different secret-sharing scheme using only local computation and no communication between players. In particular, shares in a replicated scheme based on a CNF representation of the access structure can be converted into shares from any linear scheme for the same structure.

We show how this can be combined with any pseudorandom function to create, from initially distributed randomness, any number of Shamir secret-sharings of (pseudo)random values without communication. We apply this technique to obtain efficient non-interactiveprotocols for secure computation of low-degree polynomials, which in turn give rise to other applications in secure computation and threshold cryptography. For instance, we can make the Cramer-Shoup threshold cryptosystem by Canetti and Goldwasser fully non-interactive, or construct non-interactive threshold signature schemes secure without random oracles.

The latter solutions are practical only for a relatively small number of players. However, in our main applications the number of players is typically small, and furthermore it can be argued that no solution that makes a black-box use of a pseudorandom function can be more efficient.


  1. 1.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Computationally private randomizing polynomials and their applications (Manuscript) (2004)Google Scholar
  2. 2.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: Proc. of 22nd STOC, pp. 503–513 (1990)Google Scholar
  3. 3.
    Beaver, D., Wool, A.: Quorum-based secure multi-party computation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 375–390. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Beimel, A.: Secure schemes for secret sharing and key distribution. PhD thesis, Technion (1996)Google Scholar
  5. 5.
    Beimel, A., Ishai, Y., Kushilevitz, E., Raymond, J.F.: Breaking the O(n 1/(2k − 1)) Barrier for Information-Theoretic Private Information Retrieval. In: Proceedings of the 43rd IEEE Conference on the Foundations of Computer Science (FOCS 2002), pp. 261–270 (2002)Google Scholar
  6. 6.
    Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Boneh, D., Boyen, X.: Efficient Selective Identity-based Encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Boyen, X.: Secure Identity-Based Encryption Without Random Oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. of Cryptology 13(1) (2000)Google Scholar
  10. 10.
    Canetti, R., Damgård, I., Dziembowski, S., Ishai, Y., Malkin, T.: On Adaptive vs. Non-adaptive Security of Multiparty Protocols. J. of Cryptology 17(3) (2004); Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 262. Springer, Heidelberg (2001)Google Scholar
  11. 11.
    Canetti, R., Goldwasser, S.: An efficient threshold public-key cryptosystem secure against adaptive chosen ciphertext attacks. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 90. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Cramer, R., Damgård, I.B.: Secret-key zero-knowlegde and non-interactive verifiable exponentiation. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 223–237. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Cramer, R., Damgård, I., Nielsen, J.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 280. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Fitzi, M., Wolf, S., Wullschleger, J.: Pseudo-signatures, broadcast, and multi-party computation from correlated randomness. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 562–578. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Cramer, R., Shoup, V.: Signature Schemes Based on the Strong RSA Assumption. In: Proc. ACM Conference on Computer and Communications Security (1999)Google Scholar
  17. 17.
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 123. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: The Round Complexity of Verifiable Secret Sharing and Secure Multicast. In: Proceedings of the 33rd ACM Symp. on Theory of Computing (STOC 2001), pp. 580–589 (2001)Google Scholar
  19. 19.
    Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: On 2-round secure multiparty computation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 178. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Gilboa, N., Ishai, Y.: Compressing cryptographic resources. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 591. Springer, Heidelberg (1999)Google Scholar
  21. 21.
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: Proc. 41st FOCS, pp. 294–304 (2000)Google Scholar
  22. 22.
    Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Triguero, F., Morales, R., Hennessy, M., Eidenbenz, S., Conejo, R. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Ito, M., Saito, A., Nishizeki, T.: Secret sharing schemes realizing general access structures. In: Proc. IEEE Global Telecommunication Conf., Globecom 1987, pp. 99–102 (1987)Google Scholar
  24. 24.
    Karchmer, M., Wigderson, A.: On span programs. In: Proc. of 8th IEEE Structure in Complexity Theory, pp. 102–111 (1993)Google Scholar
  25. 25.
    Maurer, U.M.: Secure multi-party computation made simple. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 14–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Micali, S., Sidney, R.: A simple method for generating and sharing pseudo-random functions, with applications to clipper-like key escrow systems. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 185–196. Springer, Heidelberg (1995)Google Scholar
  27. 27.
    Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and kDCs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999)Google Scholar
  28. 28.
    Shamir, A.: How to share a secret. Commun. ACM 22(6), 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 207. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  30. 30.
    Waters, B.R.: Efficient Identity-Based Encryption Without Random Oracles. Eprint report 2004/180Google Scholar
  31. 31.
    Yao, A.C.: How to generate and exchange secrets. In: Proc. 27th FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ronald Cramer
    • 1
  • Ivan Damgård
    • 2
  • Yuval Ishai
    • 3
  1. 1.CWI, Amsterdam and Mathematical InstituteLeiden University 
  2. 2.Aarhus University 
  3. 3.TechnionHaifa

Personalised recommendations