d-Multiplicative Secret Sharing for Multipartite Adversary Structures

Secret sharing schemes are said to be d-multiplicative if the i-th shares of any d secrets s^(j), j?[d] can be converted into an additive share of the product ?_{j?[d]}s^(j). d-Multiplicative secret sharing is a central building block of multiparty computation protocols with minimum number of rounds which are unconditionally secure against possibly non-threshold adversaries. It is known that d-multiplicative secret sharing is possible if and only if no d forbidden subsets covers the set of all the n players or, equivalently, it is private with respect to an adversary structure of type Q_d. However, the only known method to achieve d-multiplicativity for any adversary structure of type Q_d is based on CNF secret sharing schemes, which are not efficient in general in that the information ratios are exponential in n. In this paper, we explicitly construct a d-multiplicative secret sharing scheme for any ?-partite adversary structure of type Q_d whose information ratio is O(n^{?+1}). Our schemes are applicable to the class of all the ?-partite adversary structures, which is much wider than that of the threshold ones. Furthermore, our schemes achieve information ratios which are polynomial in n if ? is constant and hence are more efficient than CNF schemes. In addition, based on the standard embedding of ?-partite adversary structures into ?^?, we introduce a class of ?-partite adversary structures of type Q_d with good geometric properties and show that there exist more efficient d-multiplicative secret sharing schemes for adversary structures in that family than the above general construction. The family of adversary structures is a natural generalization of that of the threshold ones and includes some adversary structures which arise in real-world scenarios

Multiplicative and Verifiably Multiplicative Secret Sharing for Multipartite Adversary Structures

$d$-Multiplicative secret sharing enables $n$ players to locally compute additive shares of the product of $d$ secrets from their shares. Barkol et al. (Journal of Cryptology, 2010) show that it is possible to construct a $d$-multiplicative scheme for any adversary structure satisfying the $Q_d$ property, in which no $d$ sets cover the whole set of players. In this paper, we focus on multipartite adversary structures and propose efficient multiplicative and verifiably multiplicative secret sharing schemes tailored to them. First, our multiplicative scheme is applicable to any multipartite $Q_d$-adversary structure. If the number of parts is constant, our scheme achieves a share size polynomial in the number $n$ of players while the general construction by Barkol et al. results in exponentially large share size in the worst case. We also propose its variant defined over smaller fields. As a result, for a special class of bipartite adversary structures with two maximal points, it achieves a constant share size for arbitrary $n$ while the share size of the first scheme necessarily incurs a logarithmic factor of $n$. Secondly, we devise a more efficient scheme for a special class of multipartite ones such that players in each part have the same weight and a set of players belongs to the adversary structure if and only if the sum of their weights is at most a threshold. Thirdly, if the adversary structure is $Q_{d+1}$, our first scheme is shown to be a verifiably multiplicative scheme that detects incorrect outputs with probability $1$. For multipartite adversary structures with a constant number of parts, it improves the worst-case share and proof sizes of the only known general construction by Yoshida and Obana (IEEE Transactions on Information Theory, 2019). Finally, we propose a more efficient verifiably multiplicative scheme by allowing small error probability $\delta$ and focusing on a more restricted class of multipartite adversary structures. Our scheme verifies computation of polynomials and can achieve a share size independent of $\delta$ while the previous construction only works for monomials and results in a share size involving a factor of $\log\delta^{-1}$

Secure secret sharing in the cloud

In this paper, we show how a dealer with limited resources is possible to share the secrets to players via an untrusted cloud server without compromising the privacy of the secrets. This scheme permits a batch of two secret messages to be shared to two players in such a way that the secrets are reconstructable if and only if two of them collaborate. An individual share reveals absolutely no information about the secrets to the player. The secret messages are obfuscated by encryption and thus give no information to the cloud server. Furthermore, the scheme is compatible with the Paillier cryptosystem and other cryptosystems of the same type. In light of the recent developments in privacy-preserving watermarking technology, we further model the proposed scheme as a variant of reversible watermarking in the encrypted domain