**Nearly Optimal Robust Secret Sharing**

*Mahdi Cheraghchi*

**Abstract: **We prove that a known approach to improve Shamir's celebrated secret sharing scheme; i.e., adding an information-theoretic authentication tag to the secret, can make it robust for $n$ parties against any collusion of size $\delta n$, for any constant $\delta \in (0, 1/2)$. This result holds in the so-called "non-rushing" model in which the $n$ shares are submitted simultaneously for reconstruction. We thus obtain an efficient and robust secret sharing scheme in this model that is essentially optimal in all parameters including the share size which is $k(1+o(1)) + O(\kappa)$, where $k$ is the secret length and $\kappa$ is the security parameter. Like Shamir's scheme, in this modified scheme any set of more than $\delta n$ honest parties can efficiently recover the secret.

Using algebraic geometry codes instead of Reed-Solomon codes, we decrease the share length to a constant (only depending on $\delta$) while the number of shares $n$ can grow independently. In this case, when $n$ is large enough, the scheme satisfies the "threshold" requirement in an approximate sense; i.e., any set of $\delta n(1+\rho)$ honest parties, for arbitrarily small $\rho > 0$, can efficiently reconstruct the secret.

**Category / Keywords: **foundations / secret sharing, information theoretic privacy

**Date: **received 30 Sep 2015, last revised 5 Oct 2015

**Contact author: **cheraghchi at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20151005:181819 (All versions of this report)

**Short URL: **ia.cr/2015/951

[ Cryptology ePrint archive ]