On the Power of Computational Secret Sharing

Vinod, Viji; Narayanan, Arvind; Srinathan, Kannan; Rangan, C. Pandu; Kim, Kwangjo

doi:10.1007/978-3-540-24582-7_12

Cited by 34 publications

(23 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another non-linear construction of secret-sharing schemes is an unpublished result of Yao [69] (see also [67]). Yao showed that if an access structure can be described by a small monotone circuit, then it has an efficient computational secret-sharing scheme.…”

Section: Summary and Open Problemsmentioning

confidence: 99%

Secret-Sharing Schemes: A Survey

Beimel

2011

Lecture Notes in Computer Science

522

305

View full text Add to dashboard Cite

Abstract. A secret-sharing scheme is a method by which a dealer distributes shares to parties such that only authorized subsets of parties can reconstruct the secret. Secret-sharing schemes are important tools in cryptography and they are used as a building box in many secure protocols, e.g., general protocol for multiparty computation, Byzantine agreement, threshold cryptography, access control, attribute-based encryption, and generalized oblivious transfer. In this survey, we will describe the most important constructions of secret-sharing schemes, explaining the connections between secret-sharing schemes and monotone formulae and monotone span programs. The main problem with known secret-sharing schemes is the large share size: it is exponential in the number of parties. We conjecture that this is unavoidable. We will discuss the known lower bounds on the share size. These lower bounds are fairly weak and there is a big gap between the lower and upper bounds. For linear secret-sharing schemes, which is a class of schemes based on linear algebra that contains most known schemes, super-polynomial lower bounds on the share size are known. We will describe the proofs of these lower bounds. We will also present two results connecting secret-sharing schemes for a Hamiltonian access structure to the NP vs. coNP problem and to a major open problem in cryptography -constructing oblivious-transfer protocols from one-way functions.

show abstract

Section: Summary and Open Problemsmentioning

confidence: 99%

Secret-Sharing Schemes: A Survey

Beimel

2011

Lecture Notes in Computer Science

522

305

View full text Add to dashboard Cite

show abstract

“…A somewhat different approach to formalizing CSS is given by Cachin [14] and refined by Vinod et al [51]. For privacy one requires that the probability that an adversary can guess the shared secret is negligible (in the security parameterized, which is again the length of the secret).…”

Section: Krawczyk (1993) and Othersmentioning

confidence: 99%

“…Robustness is then added-on using a hash-function-based technique that Krawczyk introduced in a separate paper [32]. Follow-on work to Krawczyk's paper has mostly focused on doing CSS for more general access structures [1,14,34,51].…”

Section: Introductionmentioning

confidence: 99%

Robust computational secret sharing and a unified account of classical secret-sharing goals

Bellare

Rogaway

2007

Proceedings of the 14th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

We give a unified account of classical secret-sharing goals from a modern cryptographic vantage. Our treatment encompasses perfect, statistical, and computational secret sharing; static and dynamic adversaries; schemes with or without robustness; schemes where a participant recovers the secret and those where an external party does so. We then show that Krawczyk's 1993 protocol for robust computational secret sharing (RCSS) need not be secure, even in the random-oracle model and for threshold schemes, if the encryption primitive it uses satisfies only one-query indistinguishability (ind1), the only notion Krawczyk defines. Nonetheless, we show that the protocol is secure (in the random-oracle model, for threshold schemes) if the encryption scheme also satisfies one-query key-unrecoverability (key1). Since practical encryption schemes are ind1+key1 secure, our result effectively shows that Krawczyk's RCSS protocol is sound (in the randomoracle model, for threshold schemes). Finally, we prove the security for a variant of Krawczyk's protocol, in the standard model and for arbitrary access structures, assuming ind1 encryption and a statistically-hiding, weakly-binding commitment scheme.

show abstract

“…This is done using a computational scheme of Yao [23] realizing the access structures which have polynomial-size monotone circuits. This scheme was never published; a description of the scheme has recently appeared in [20]. …”

Section: Secret Sharing For Weighted Threshold Access Structuresmentioning

confidence: 99%

Monotone circuits for monotone weighted threshold functions

Beimel

Weinreb

2006

Information Processing Letters

View full text Add to dashboard Cite

Weighted threshold functions with positive weights are a natural generalization of unweighted threshold functions. These functions are clearly monotone. However, the naive way of computing them is adding the weights of the satisfied variables and checking if the sum is greater than the threshold; this algorithm is inherently non-monotone since addition is a non-monotone function. In this work we by-pass this addition step and construct a polynomial size logarithmic depth unbounded fan-in monotone circuit for every weighted threshold function, i.e., we show that weighted threshold functions are in mAC 1 . (To the best of our knowledge, prior to our work no polynomial monotone circuits were known for weighted threshold functions.) Our monotone circuits are applicable for the cryptographic tool of secret sharing schemes. Using general results for compiling monotone circuits (Yao, 1989) and monotone formulae (Benaloh and Leichter, 1990) into secret sharing schemes, we get secret sharing schemes for every weighted threshold access structure. Specifically, we get: (1) information-theoretic secret sharing schemes where the size of each share is quasi-polynomial in the number of users, and (2) computational secret sharing schemes where the size of each share is polynomial in the number of users.

show abstract

On the Power of Computational Secret Sharing

Cited by 34 publications

References 9 publications

Secret-Sharing Schemes: A Survey

Secret-Sharing Schemes: A Survey

Robust computational secret sharing and a unified account of classical secret-sharing goals

Monotone circuits for monotone weighted threshold functions

Contact Info

Product

Resources

About