Towards breaking the exponential barrier for general secret sharing

A secret-sharing scheme for a monotone Boolean (access) function F: {0, 1}[superscript n] → {0, 1} is a randomized algorithm that on input a secret, outputs n shares s[subscript 1]., s[subscript n] such that for any (x[subscript 1]., x[subscript n]) ∈ {0, 1}[superscript n] the collection of shares {...

Full description

Bibliographic Details
Main Authors: Liu, Tianren (Author), Vaikuntanathan, Vinod (Author), Wee, Hoeteck (Author)
Other Authors: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science (Contributor)
Format: Article
Language:English
Published: Springer, 2020-04-30T20:00:05Z.
Subjects:
Online Access:Get fulltext
LEADER 02430 am a22001813u 4500
001 124959
042 |a dc 
100 1 0 |a Liu, Tianren  |e author 
100 1 0 |a Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science  |e contributor 
700 1 0 |a Vaikuntanathan, Vinod  |e author 
700 1 0 |a Wee, Hoeteck  |e author 
245 0 0 |a Towards breaking the exponential barrier for general secret sharing 
260 |b Springer,   |c 2020-04-30T20:00:05Z. 
856 |z Get fulltext  |u https://hdl.handle.net/1721.1/124959 
520 |a A secret-sharing scheme for a monotone Boolean (access) function F: {0, 1}[superscript n] → {0, 1} is a randomized algorithm that on input a secret, outputs n shares s[subscript 1]., s[subscript n] such that for any (x[subscript 1]., x[subscript n]) ∈ {0, 1}[superscript n] the collection of shares {s[subscript i]: xi = 1} determine the secret if F(x[subscript 1]., x[subscript n]) = 1 and reveal nothing about the secret otherwise. The best secret sharing schemes for general monotone functions have shares of size Θ(2[superscript n]). It has long been conjectured that one cannot do much better than 2[superscript Ω(n)] share size, and indeed, such a lower bound is known for the restricted class of linear secret-sharing schemes. In this work, we refute two natural strengthenings of the above conjecture: First, we present secret-sharing schemes for a family of 2[superscript 2[superscript n/2]] monotone functions over {0, 1}[superscript n] with sub-exponential share size 2[superscript O(√ n log n)]. This unconditionally refutes the stronger conjecture that circuit size is, within polynomial factors, a lower bound on the share size. Second, we disprove the analogous conjecture for non-monotone functions. Namely, we present "non-monotone secret-sharing schemes" for every access function over {0, 1}[superscript n] with shares of size 2[superscript O(√ n log n)]. Our construction draws upon a rich interplay amongst old and new problems in information-theoretic cryptography: from secret-sharing, to multi-party computation, to private information retrieval. Along the way, we also construct the first multi-party conditional disclosure of secrets (CDS) protocols for general functions F: {0, 1}[superscript n]→ {0, 1} with communication complexity 2[superscript O(√ n log n)]. 
546 |a en 
655 7 |a Article 
773 |t Advances in Cryptology - EUROCRYPT 2018