Paper 2015/683

Security of Linear Secret-Sharing Schemes against Mass Surveillance

Irene Giacomelli, Ruxandra F. Olimid, and Samuel Ranellucci


Following the line of work presented recently by Bellare, Paterson and Rogaway, we formalize and investigate the resistance of linear secret-sharing schemes to mass surveillance. This primitive is widely used to design IT systems in the modern computer world, and often it is implemented by a proprietary code that the provider (“big brother”) could manipulate to covertly violate the privacy of the users (by implementing Algorithm-Substitution Attacks or ASAs). First, we formalize the security notion that expresses the goal of big brother and prove that for any linear secret-sharing scheme there exists an undetectable subversion of it that efficiently allows surveillance. Second, we formalize the security notion that assures that a sharing scheme is secure against ASAs and construct the first sharing scheme that meets this notion. This work could serve as an important building block towards constructing systems secure against mass surveillance.

Note: Full version of the paper accepted at CANS2015

Available format(s)
Publication info
Published elsewhere. MINOR revision.CANS 2015 proceedings
linear secret-sharingalgorithm-substitution attackmass surveillancekleptography
Contact author(s)
giacomelli @ cs au dk
2015-09-18: revised
2015-07-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Irene Giacomelli and Ruxandra F.  Olimid and Samuel Ranellucci},
      title = {Security of Linear Secret-Sharing Schemes against Mass Surveillance},
      howpublished = {Cryptology ePrint Archive, Paper 2015/683},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.