Paper 2017/940

Linear Secret-Sharing Schemes for Forbidden Graph Access Structures

Amos Beimel, Oriol Farràs, Yuval Mintz, and Naty Peter

Abstract

A secret-sharing scheme realizes the forbidden graph access structure determined by a graph if the parties are the vertices of the graph and the subsets that can reconstruct the secret are the pairs of vertices in (i.e., the edges) and the subsets of at least three vertices. Secret-sharing schemes for forbidden graph access structures defined by bipartite graphs are equivalent to conditional disclosure of secrets protocols. We study the complexity of realizing a forbidden graph access structure by linear secret-sharing schemes. A secret-sharing scheme is linear if the secret can be reconstructed from the shares by a linear mapping. We provide efficient constructions and lower bounds on the share size of linear secret-sharing schemes for sparse and dense graphs, closing the gap between upper and lower bounds. Given a sparse (resp. dense) graph with vertices and at most edges (resp. at least edges), for some , we construct a linear secret-sharing scheme realizing its forbidden graph access structure in which the total size of the shares is . Furthermore, we construct linear secret-sharing schemes realizing these access structures in which the size of each share is . We also provide constructions achieving different trade-offs between the size of each share and the total share size. We prove that almost all forbidden graph access structures require linear secret-sharing schemes with total share size ; this shows that the construction of Gay, Kerenidis, and Wee [CRYPTO 2015] is optimal. Furthermore, we show that for every there exist a graph with at most edges and a graph with at least edges such that the total share size in any linear secret-sharing scheme realizing the associated forbidden graph access structures is . Finally, we show that for every there exist a graph with at most edges and a graph with at least edges such that the size of the share of at least one party in any linear secret-sharing scheme realizing these forbidden graph access structures is . This shows that our constructions are optimal (up to poly-logarithmic factors).

Note: We provided more general lower bounds. We added constructions of linear secret-sharing schemes for forbidden access structures with different trade-offs between the max share size and the total share size.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in TCC 2017
Keywords
Secret-sharingshare sizemonotone span programconditional disclosure of secrets
Contact author(s)
naty @ post bgu ac il
oriol farras @ urv cat
amos beimel @ gmail com
History
2020-07-11: last of 4 revisions
2017-09-27: received
See all versions
Short URL
https://ia.cr/2017/940
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/940,
      author = {Amos Beimel and Oriol Farràs and Yuval Mintz and Naty Peter},
      title = {Linear Secret-Sharing Schemes for Forbidden Graph Access Structures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/940},
      year = {2017},
      url = {https://eprint.iacr.org/2017/940}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.