Paper 2022/497

Protecting Distributed Primitives against Leakage: Equivocal Secret Sharing and More

Carmit Hazay, Muthuramakrishnan Venkitasubramaniam, and Mor Weiss


Leakage-resilient cryptography aims to protect cryptographic primitives from so-called "side channel attacks" that exploit their physical implementation to learn their input or secret state. Starting from the works of Ishai, Sahai and Wagner (CRYPTO`03) and Micali and Reyzin (TCC`04), most works on leakage-resilient cryptography either focus on protecting general computations, such as circuits or multiparty computation protocols, or on specific non-interactive primitives such as storage, encryption and signatures. This work focuses on leakage-resilience for the middle ground, namely for distributed and interactive cryptographic primitives. Our main technical contribution is designing the first secret-sharing scheme that is equivocal, resists adaptive probing of a constant fraction of bits from each share, while incurring only a constant blowup in share size. Equivocation is a strong leakage-resilience guarantee, recently introduced by Hazay et al. (ITC`21). Our construction is obtained via a general compiler which we introduce, that transforms any secret-sharing scheme into an equivocal scheme against adaptive leakage. An attractive feature of our compiler is that it respects additive reconstruction, namely, if the original scheme has additive reconstruction, then the transformed scheme has linear reconstruction. We extend our compiler to a general paradigm for protecting distributed primitives against leakage, and show its applicability to various primitives, including secret sharing, verifiable secret sharing, function secret sharing, distributed encryption and signatures, and distributed zero-knowledge proofs. For each of these primitives, our paradigm transforms any construction of the primitive into a scheme that resists adaptive party corruptions, as well as adaptive probing leakage of a constant fraction of bits in each share when the share is stored in memory (but not when it is used in computations). Moreover, the transformation incurs only a constant blowup in the share size, and respects additive reconstruction - an important feature for several of these primitives, such as function secret sharing and distributed encryption.

Available format(s)
Publication info
Published elsewhere. Major revision. ITC 2022
Leakage ResilienceSecret SharingVerifiable Secret SharingFunction Secret SharingEquivocal Secret SharingDistributed Zero KnowledgeThreshold Encryption
Contact author(s)
mor weiss @ biu ac il
2022-04-28: received
Short URL
Creative Commons Attribution


      author = {Carmit Hazay and Muthuramakrishnan Venkitasubramaniam and Mor Weiss},
      title = {Protecting Distributed Primitives against Leakage: Equivocal Secret Sharing and More},
      howpublished = {Cryptology ePrint Archive, Paper 2022/497},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.