206,427 research outputs found
Secret-Sharing for NP
A computational secret-sharing scheme is a method that enables a dealer, that
has a secret, to distribute this secret among a set of parties such that a
"qualified" subset of parties can efficiently reconstruct the secret while any
"unqualified" subset of parties cannot efficiently learn anything about the
secret. The collection of "qualified" subsets is defined by a Boolean function.
It has been a major open problem to understand which (monotone) functions can
be realized by a computational secret-sharing schemes. Yao suggested a method
for secret-sharing for any function that has a polynomial-size monotone circuit
(a class which is strictly smaller than the class of monotone functions in P).
Around 1990 Rudich raised the possibility of obtaining secret-sharing for all
monotone functions in NP: In order to reconstruct the secret a set of parties
must be "qualified" and provide a witness attesting to this fact.
Recently, Garg et al. (STOC 2013) put forward the concept of witness
encryption, where the goal is to encrypt a message relative to a statement "x
in L" for a language L in NP such that anyone holding a witness to the
statement can decrypt the message, however, if x is not in L, then it is
computationally hard to decrypt. Garg et al. showed how to construct several
cryptographic primitives from witness encryption and gave a candidate
construction.
One can show that computational secret-sharing implies witness encryption for
the same language. Our main result is the converse: we give a construction of a
computational secret-sharing scheme for any monotone function in NP assuming
witness encryption for NP and one-way functions. As a consequence we get a
completeness theorem for secret-sharing: computational secret-sharing scheme
for any single monotone NP-complete function implies a computational
secret-sharing scheme for every monotone function in NP
Optimal non-perfect uniform secret sharing schemes
A secret sharing scheme is non-perfect if some subsets of participants that cannot recover the secret value have partial information about it. The information ratio of a secret sharing scheme is the ratio between the maximum length of the shares and the length of the secret. This work is dedicated to the search of bounds on the information ratio of non-perfect secret sharing schemes. To this end, we extend the known connections between polymatroids and perfect secret sharing schemes to the non-perfect case. In order to study non-perfect secret sharing schemes in all generality, we describe their structure through their access function, a real function that measures the amount of information that every subset of participants obtains about the secret value. We prove that there exists a secret sharing scheme for every access function. Uniform access functions, that is, the ones whose values depend only on the number of participants, generalize the threshold access structures. Our main result is to determine the optimal information ratio of the uniform access functions. Moreover, we present a construction of linear secret sharing schemes with optimal information ratio for the rational uniform access functions.Peer ReviewedPostprint (author's final draft
Fourier-based Function Secret Sharing with General Access Structure
Function secret sharing (FSS) scheme is a mechanism that calculates a
function f(x) for x in {0,1}^n which is shared among p parties, by using
distributed functions f_i:{0,1}^n -> G, where G is an Abelian group, while the
function f:{0,1}^n -> G is kept secret to the parties. Ohsawa et al. in 2017
observed that any function f can be described as a linear combination of the
basis functions by regarding the function space as a vector space of dimension
2^n and gave new FSS schemes based on the Fourier basis. All existing FSS
schemes are of (p,p)-threshold type. That is, to compute f(x), we have to
collect f_i(x) for all the distributed functions. In this paper, as in the
secret sharing schemes, we consider FSS schemes with any general access
structure. To do this, we observe that Fourier-based FSS schemes by Ohsawa et
al. are compatible with linear secret sharing scheme. By incorporating the
techniques of linear secret sharing with any general access structure into the
Fourier-based FSS schemes, we show Fourier-based FSS schemes with any general
access structure.Comment: 12 page
Random coding for sharing bosonic quantum secrets
We consider a protocol for sharing quantum states using continuous variable
systems. Specifically we introduce an encoding procedure where bosonic modes in
arbitrary secret states are mixed with several ancillary squeezed modes through
a passive interferometer. We derive simple conditions on the interferometer for
this encoding to define a secret sharing protocol and we prove that they are
satisfied by almost any interferometer. This implies that, if the
interferometer is chosen uniformly at random, the probability that it may not
be used to implement a quantum secret sharing protocol is zero. Furthermore, we
show that the decoding operation can be obtained and implemented efficiently
with a Gaussian unitary using a number of single-mode squeezers that is at most
twice the number of modes of the secret, regardless of the number of players.
We benchmark the quality of the reconstructed state by computing the fidelity
with the secret state as a function of the input squeezing.Comment: Updated figure 1, added figure 2, closer to published versio
Multilevel Threshold Secret and Function Sharing based on the Chinese Remainder Theorem
A recent work of Harn and Fuyou presents the first multilevel (disjunctive)
threshold secret sharing scheme based on the Chinese Remainder Theorem. In this
work, we first show that the proposed method is not secure and also fails to
work with a certain natural setting of the threshold values on compartments. We
then propose a secure scheme that works for all threshold settings. In this
scheme, we employ a refined version of Asmuth-Bloom secret sharing with a
special and generic Asmuth-Bloom sequence called the {\it anchor sequence}.
Based on this idea, we also propose the first multilevel conjunctive threshold
secret sharing scheme based on the Chinese Remainder Theorem. Lastly, we
discuss how the proposed schemes can be used for multilevel threshold function
sharing by employing it in a threshold RSA cryptosystem as an example
- …