Paper 2022/1578
Weighted Secret Sharing from Wiretap Channels
Abstract
Secretsharing allows splitting a piece of secret information among a group of shareholders, so that it takes a large enough subset of them to recover it. In \emph{weighted} secretsharing, each shareholder has an integer weight, and it takes a subset of largeenough weight to recover the secret. Schemes in the literature for weighted threshold secret sharing either have share sizes that grow linearly with the total weight, or ones that depend on huge public information (essentially a garbled circuit) of size (quasi)polynomial in the number of parties. To do better, we investigate a relaxation, $(\alpha, \beta)$ramp weighted secret sharing, where subsets of weight $\beta W$ can recover the secret (with $W$ the total weight), but subsets of weight $\alpha W$ or less cannot learn anything about it. These can be constructed from standard secretsharing schemes, but known constructions require long shares even for short secrets, achieving share sizes of $\max\big(W,\frac{\mathrm{secret}}{\epsilon}\big)$, where $\epsilon=\beta\alpha$. In this note we first observe that simple rounding let us replace the total weight $W$ by $N/\epsilon$, where $N$ is the number of parties. Combined with known constructions, this yields share sizes of $O\big(\max(N,\mathrm{secret})/{\epsilon}\big)$. Our main contribution is a novel connection between weighted secret sharing and wiretap channels, that improves or even eliminates the dependence on~$N$, at a price of increased dependence on $1/\epsilon$. We observe that for certain additivenoise $(R,A)$ wiretap channels, any semantically secure scheme can be naturally transformed into an $(\alpha,\beta)$ramp weighted secretsharing, where $\alpha,\beta$ are essentially the respective capacities of the channels $A,R$. We present two instantiations of this type of construction, one using Binary Symmetric wiretap Channels, and the other using additive Gaussian Wiretap Channels. Depending on the parameters of the underlying wiretap channels, this gives rise to $(\alpha, \beta)$ramp schemes with share sizes $\mathrm{secret}/\mathrm{poly}(\epsilon\log N)$ or even just $\mathrm{secret}/\mathrm{poly}(\epsilon)$.
Metadata
 Available format(s)
 Category
 Foundations
 Publication info
 Preprint.
 Keywords
 Weighted Secret SharingWiretap Channels
 Contact author(s)

fbenhamo102 @ gmail com
shai halevi @ gmail com
lstamble @ andrew cmu edu  History
 20230210: revised
 20221114: received
 See all versions
 Short URL
 https://ia.cr/2022/1578
 License

CC BY
BibTeX
@misc{cryptoeprint:2022/1578, author = {Fabrice Benhamouda and Shai Halevi and Lev Stambler}, title = {Weighted Secret Sharing from Wiretap Channels}, howpublished = {Cryptology ePrint Archive, Paper 2022/1578}, year = {2022}, note = {\url{https://eprint.iacr.org/2022/1578}}, url = {https://eprint.iacr.org/2022/1578} }