Cryptology ePrint Archive: Report 2015/951
Nearly Optimal Robust Secret Sharing
Abstract: We prove that a known approach to improve Shamir's celebrated secret sharing scheme; i.e., adding an information-theoretic authentication tag to the secret, can make it robust for $n$ parties against any collusion of size $\delta n$, for any constant $\delta \in (0, 1/2)$. This result holds in the so-called "non-rushing" model in which the $n$ shares are submitted simultaneously for reconstruction. We thus obtain an efficient and robust secret sharing scheme in this model that is essentially optimal in all parameters including the share size which is $k(1+o(1)) + O(\kappa)$, where $k$ is the secret length and $\kappa$ is the security parameter. Like Shamir's scheme, in this modified scheme any set of more than $\delta n$ honest parties can efficiently recover the secret.
Using algebraic geometry codes instead of Reed-Solomon codes, we decrease the share length to a constant (only depending on $\delta$) while the number of shares $n$ can grow independently. In this case, when $n$ is large enough, the scheme satisfies the "threshold" requirement in an approximate sense; i.e., any set of $\delta n(1+\rho)$ honest parties, for arbitrarily small $\rho > 0$, can efficiently reconstruct the secret.
Category / Keywords: foundations / secret sharing, information theoretic privacy
Date: received 30 Sep 2015, last revised 5 Oct 2015
Contact author: cheraghchi at gmail com
Available format(s): PDF | BibTeX Citation
Version: 20151005:181819 (All versions of this report)
Short URL: ia.cr/2015/951
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]