32,050 research outputs found

    Optimal non-perfect uniform secret sharing schemes

    Get PDF
    A secret sharing scheme is non-perfect if some subsets of participants that cannot recover the secret value have partial information about it. The information ratio of a secret sharing scheme is the ratio between the maximum length of the shares and the length of the secret. This work is dedicated to the search of bounds on the information ratio of non-perfect secret sharing schemes. To this end, we extend the known connections between polymatroids and perfect secret sharing schemes to the non-perfect case. In order to study non-perfect secret sharing schemes in all generality, we describe their structure through their access function, a real function that measures the amount of information that every subset of participants obtains about the secret value. We prove that there exists a secret sharing scheme for every access function. Uniform access functions, that is, the ones whose values depend only on the number of participants, generalize the threshold access structures. Our main result is to determine the optimal information ratio of the uniform access functions. Moreover, we present a construction of linear secret sharing schemes with optimal information ratio for the rational uniform access functions.Peer ReviewedPostprint (author's final draft

    On the information ratio of non-perfect secret sharing schemes

    Get PDF
    The final publication is available at Springer via http://dx.doi.org/10.1007/s00453-016-0217-9A secret sharing scheme is non-perfect if some subsets of players that cannot recover the secret value have partial information about it. The information ratio of a secret sharing scheme is the ratio between the maximum length of the shares and the length of the secret. This work is dedicated to the search of bounds on the information ratio of non-perfect secret sharing schemes and the construction of efficient linear non-perfect secret sharing schemes. To this end, we extend the known connections between matroids, polymatroids and perfect secret sharing schemes to the non-perfect case. In order to study non-perfect secret sharing schemes in all generality, we describe their structure through their access function, a real function that measures the amount of information on the secret value that is obtained by each subset of players. We prove that there exists a secret sharing scheme for every access function. Uniform access functions, that is, access functions whose values depend only on the number of players, generalize the threshold access structures. The optimal information ratio of the uniform access functions with rational values has been determined by Yoshida, Fujiwara and Fossorier. By using the tools that are described in our work, we provide a much simpler proof of that result and we extend it to access functions with real values.Peer ReviewedPostprint (author's final draft

    On Ideal Secret-Sharing Schemes for kk-homogeneous access structures

    Full text link
    A kk-uniform hypergraph is a hypergraph where each kk-hyperedge has exactly kk vertices. A kk-homogeneous access structure is represented by a kk-uniform hypergraph H\mathcal{H}, in which the participants correspond to the vertices of hypergraph H\mathcal{H}. A set of vertices can reconstruct the secret value from their shares if they are connected by a kk-hyperedge, while a set of non-adjacent vertices does not obtain any information about the secret. One parameter for measuring the efficiency of a secret sharing scheme is the information rate, defined as the ratio between the length of the secret and the maximum length of the shares given to the participants. Secret sharing schemes with an information rate equal to one are called ideal secret sharing schemes. An access structure is considered ideal if an ideal secret sharing scheme can realize it. Characterizing ideal access structures is one of the important problems in secret sharing schemes. The characterization of ideal access structures has been studied by many authors~\cite{BD, CT,JZB, FP1,FP2,DS1,TD}. In this paper, we characterize ideal kk-homogeneous access structures using the independent sequence method. In particular, we prove that the reduced access structure of Γ\Gamma is an (k,n)(k, n)-threshold access structure when the optimal information rate of Γ\Gamma is larger than k1k\frac{k-1}{k}, where Γ\Gamma is a kk-homogeneous access structure satisfying specific criteria.Comment: 19 page

    Secret-Sharing Schemes for General and Uniform Access Structures

    Get PDF
    A secret-sharing scheme allows some authorized sets of parties to reconstruct a secret; the collection of authorized sets is called the access structure. For over 30 years, it was known that any (monotone) collection of authorized sets can be realized by a secret-sharing scheme whose shares are of size 2no(n)2^{n-o(n)} and until recently no better scheme was known. In a recent breakthrough, Liu and Vaikuntanathan (STOC 2018) have reduced the share size to O(20.994n)O(2^{0.994n}). Our first contribution is improving the exponent of secret sharing down to 0.8920.892. For the special case of linear secret-sharing schemes, we get an exponent of 0.9420.942 (compared to 0.9990.999 of Liu and Vaikuntanathan). Motivated by the construction of Liu and Vaikuntanathan, we study secret-sharing schemes for uniform access structures. An access structure is kk-uniform if all sets of size larger than kk are authorized, all sets of size smaller than kk are unauthorized, and each set of size kk can be either authorized or unauthorized. The construction of Liu and Vaikuntanathan starts from protocols for conditional disclosure of secrets, constructs secret-sharing schemes for uniform access structures from them, and combines these schemes in order to obtain secret-sharing schemes for general access structures. Our second contribution in this paper is constructions of secret-sharing schemes for uniform access structures. We achieve the following results: (a) A secret-sharing scheme for kk-uniform access structures for large secrets in which the share size is O(k2)O(k^2) times the size of the secret. (b) A linear secret-sharing scheme for kk-uniform access structures for a binary secret in which the share size is O~(2h(k/n)n/2)\tilde{O}(2^{h(k/n)n/2}) (where hh is the binary entropy function). By counting arguments, this construction is optimal (up to polynomial factors). (c) A secret-sharing scheme for kk-uniform access structures for a binary secret in which the share size is 2O~(klogn)2^{\tilde{O}(\sqrt{k \log n})}. Our third contribution is a construction of ad-hoc PSM protocols, i.e., PSM protocols in which only a subset of the parties will compute a function on their inputs. This result is based on ideas we used in the construction of secret-sharing schemes for kk-uniform access structures for a binary secret

    On the Information Ratio of Non-Perfect Secret Sharing Schemes

    Get PDF
    A secret sharing scheme is non-perfect if some subsets of players that cannot recover the secret value have partial information about it. The information ratio of a secret sharing scheme is the ratio between the maximum length of the shares and the length of the secret. This work is dedicated to the search of bounds on the information ratio of non-perfect secret sharing schemes and the construction of efficient linear non-perfect secret sharing schemes. To this end, we extend the known connections between matroids, polymatroids and perfect secret sharing schemes to the non-perfect case. In order to study non-perfect secret sharing schemes in all generality, we describe their structure through their access function, a real function that measures the amount of information on the secret value that is obtained by each subset of players. We prove that there exists a secret sharing scheme for every access function. Uniform access functions, that is, access functions whose values depend only on the number of players, generalize the threshold access structures. The optimal information ratio of the uniform access functions with rational values has been determined by Yoshida, Fujiwara and Fossorier. By using the tools that are described in our work, we provide a much simpler proof of that result and we extend it to access functions with real values

    On the optimization of bipartite secret sharing schemes

    Get PDF
    Optimizing the ratio between the maximum length of the shares and the length of the secret value in secret sharing schemes for general access structures is an extremely difficult and long-standing open problem. In this paper, we study it for bipartite access structures, in which the set of participants is divided in two parts, and all participants in each part play an equivalent role. We focus on the search of lower bounds by using a special class of polymatroids that is introduced here, the tripartite ones. We present a method based on linear programming to compute, for every given bipartite access structure, the best lower bound that can be obtained by this combinatorial method. In addition, we obtain some general lower bounds that improve the previously known ones, and we construct optimal secret sharing schemes for a family of bipartite access structures.Peer ReviewedPostprint (author's final draft

    Security in Locally Repairable Storage

    Full text link
    In this paper we extend the notion of {\em locally repairable} codes to {\em secret sharing} schemes. The main problem that we consider is to find optimal ways to distribute shares of a secret among a set of storage-nodes (participants) such that the content of each node (share) can be recovered by using contents of only few other nodes, and at the same time the secret can be reconstructed by only some allowable subsets of nodes. As a special case, an eavesdropper observing some set of specific nodes (such as less than certain number of nodes) does not get any information. In other words, we propose to study a locally repairable distributed storage system that is secure against a {\em passive eavesdropper} that can observe some subsets of nodes. We provide a number of results related to such systems including upper-bounds and achievability results on the number of bits that can be securely stored with these constraints.Comment: This paper has been accepted for publication in IEEE Transactions of Information Theor

    Optimal Linear Multiparty Conditional Disclosure of Secrets Protocols

    Get PDF
    In a kk-party CDS protocol, each party sends one message to a referee (without seeing the other messages) such that the referee will learn a secret held by the parties if and only if the inputs of the parties satisfy some condition (e.g., if the inputs are all equal). This simple primitive is used to construct attribute based encryption, symmetrically-private information retrieval, priced oblivious transfer, and secret-sharing schemes for any access structure. Motivated by these applications, CDS protocols have been recently studied in many papers. In this work, we study linear CDS protocols, where each of the messages of the parties is a linear function of the secret and random elements taken from some finite field. Linearity is an important property of CDS protocols as many applications of CDS protocols required it. Our main result is a construction of linear kk-party CDS protocols for an arbitrary function f:[N]k{0,1}f:[N]^{k}\rightarrow \{0,1\} with messages of size O(N(k1)/2)O(N^{(k-1)/2}). By a lower bound of Beimel et al. [TCC 2017], this message size is optimal. We also consider functions with few inputs that return one, and design more efficient CDS protocols for them. CDS protocols can be used to construct secret-sharing schemes for uniform access structures, where for some kk all sets of size less than kk are unauthorized, all sets of size greater than kk are authorized, and each set of size kk can be either authorized or unauthorized. We show that our results imply that every kk-uniform access structure with nn parties can be realized by a linear secret-sharing scheme with share size min{(O(n/k))(k1)/2,O(n2n/2)}\min\{ (O(n/k))^{(k-1)/2},O(n \cdot 2^{n/2})\}. Furthermore, the linear kk-party CDS protocol with messages of size O(N(k1)/2)O(N^{(k-1)/2}) was recently used by Liu and Vaikuntanathan [STOC 2018] to construct a linear secret-sharing scheme with share size O(20.999n)O(2^{0.999n}) for any nn-party access structure
    corecore