Stronger Lower Bounds for Leakage-Resilient Secret Sharing
Charlotte Hoffmann, Institute of Science and Technology Austria
Mark Simkin, Ethereum Foundation
Abstract
Threshold secret sharing allows a dealer to split a secret into shares, such that any shares allow for reconstructing , but no shares reveal any information about . Leakage-resilient secret sharing requires that the secret remains hidden, even when an adversary additionally obtains a limited amount of leakage from every share.
Benhamouda et al. (CRYPTO'18) proved that Shamir's secret sharing scheme is one bit leakage-resilient for reconstruction threshold and conjectured that the same holds for for any constant . Nielsen and Simkin (EUROCRYPT'20) showed that this is the best one can hope for by proving that Shamir's scheme is not secure against one-bit leakage when .
In this work, we strengthen the lower bound of Nielsen and Simkin. We consider noisy leakage-resilience, where a random subset of leakages is replaced by uniformly random noise. We prove a lower bound for Shamir's secret sharing, similar to that of Nielsen and Simkin, which holds even when a constant fraction of leakages is replaced by random noise.
To this end, we first prove a lower bound on the share size of any noisy-leakage-resilient sharing scheme. We then use this lower bound to show that there exist universal constants , such that for infinitely many , it holds that Shamir's secret sharing scheme is not noisy-leakage-resilient for , even when a fraction of leakages are replaced by random noise.