Cryptology ePrint Archive: Report 2000/038

On the Complexity of Verifiable Secret Sharing and Multi-Party Computation

Ronald Cramer and Ivan Damgård and Stefan Dziembowski

Abstract: We first study the problem of doing Verifiable Secret Sharing (VSS) information theoretically secure for a general access structure. We do it in the model where private channels between players and a broadcast channel is given, and where an active, adaptive adversary can corrupt any set of players not in the access structure. In particular, we consider the complexity of protocols for this problem, as a function of the access structure and the number of players. For all access structures where VSS is possible at all, we show that, up to a polynomial time black-box reduction, the complexity of adaptively secure VSS is the same as that of ordinary secret sharing (SS), where security is only required against a passive, static adversary. Previously, such a connection was only known for linear secret sharing and VSS schemes.

We then show an impossibility result indicating that a similar equivalence does not hold for Multiparty Computation (MPC): we show that even if protocols are given black-box access for free to an idealized secret sharing scheme secure for the access structure in question, it is not possible to handle all relevant access structures efficiently, not even if the adversary is passive and static. In other words, general MPC can only be black-box reduced efficiently to secret sharing if extra properties of the secret sharing scheme used (such as linearity) are assumed.

Category / Keywords: foundations / secure multi-party computation, verifiable secret sharing

Publication Info: Appears in the Proceedings of STOC '00, ACM, May 2000.

Date: received 27 Jul 2000

Contact author: cramer at brics dk, ivan@daimi aau dk, stefand@brics dk

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20000727:155815 (All versions of this report)

Short URL: ia.cr/2000/038

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]