Paper 2024/736

Secret Sharing with Certified Deletion

James Bartusek, University of California, Berkeley
Justin Raizes, Carnegie Mellon University
Abstract

Secret sharing allows a user to split a secret into many shares so that the secret can be recovered if, and only if, an authorized set of shares is collected. Although secret sharing typically does not require any computational hardness assumptions, its security does require that an adversary cannot collect an authorized set of shares. Over long periods of time where an adversary can benefit from multiple data breaches, this may become an unrealistic assumption. We initiate the systematic study of secret sharing with certified deletion in order to achieve security even against an adversary that eventually collects an authorized set of shares. In secret sharing with certified deletion, a (classical) secret $s$ is split into quantum shares that can be destroyed in a manner verifiable by the dealer. We put forth two natural definitions of security. No-signaling security roughly requires that if multiple non-communicating adversaries delete sufficiently many shares, then their combined view contains negligible information about $s$, even if the total set of corrupted parties forms an authorized set. Adaptive security requires privacy of $s$ against an adversary that can continuously and adaptively corrupt new shares and delete previously-corrupted shares, as long as the total set of corrupted shares minus deleted shares remains unauthorized. Next, we show that these security definitions are achievable: we show how to construct (i) a secret sharing scheme with no-signaling certified deletion for any monotone access structure, and (ii) a threshold secret sharing scheme with adaptive certified deletion. Our first construction uses Bartusek and Khurana's (CRYPTO 2023) 2-out-of-2 secret sharing scheme with certified deletion as a building block, while our second construction is built from scratch and requires several new technical ideas. For example, we significantly generalize the ``XOR extractor'' of Agarwal, Bartusek, Khurana, and Kumar (EUROCRYPT 2023) in order to obtain better seedless extraction from certain quantum sources of entropy, and show how polynomial interpolation can double as a high-rate randomness extractor in our context of threshold sharing with certified deletion.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in CRYPTO 2024
Keywords
QuantumCertified DeletionSecret SharingRandomness Extractors
Contact author(s)
bartusek james @ gmail com
jraizes @ cmu edu
History
2024-05-16: approved
2024-05-13: received
See all versions
Short URL
https://ia.cr/2024/736
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/736,
      author = {James Bartusek and Justin Raizes},
      title = {Secret Sharing with Certified Deletion},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/736},
      year = {2024},
      url = {https://eprint.iacr.org/2024/736}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.