Towards an Exponential Lower Bound for Secret Sharing
Kasper Green Larsen and Mark Simkin
Abstract
A secret sharing scheme allows a dealer to distribute shares of a
secret among a set of parties such that any
authorized subset of parties can reconstruct the secret, yet any
unauthorized subset learns nothing about it. The family of all authorized subsets is called the access
structure. Classic results show that if contains
precisely all subsets of cardinality at least , then there exists a
secret sharing scheme where the length of the shares is proportional
to bits plus the length of the secret. However, for general
access structures, the best known upper bounds have shares of length
exponential in , whereas the strongest lower bound shows that the
shares must have length at least . Beimel conjectured that
the exponential upper bound is tight, but proving it has so far
resisted all attempts.
In this paper we make progress towards proving the conjecture by showing that there exists an access structure
, such that any secret sharing scheme for
must have either exponential share length, or the function used for
reconstructing the secret by authorized parties must have an
exponentially long description. As an example corollary, we conclude
that if one insists that authorized parties can reconstruct the secret
via a constant fan-in boolean circuit of size polynomial in the share
length, then there exists an access structure that requires a share
length that is exponential in .
@misc{cryptoeprint:2019/174,
author = {Kasper Green Larsen and Mark Simkin},
title = {Towards an Exponential Lower Bound for Secret Sharing},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/174},
year = {2019},
url = {https://eprint.iacr.org/2019/174}
}
Note: In order to protect the privacy of readers, eprint.iacr.org
does not use cookies or embedded third party content.