Paper 2025/1119

Strong Secret Sharing with Snitching

Jan Bormet, TU Darmstadt
Stefan Dziembowski, University of Warsaw, IDEAS Institute
Sebastian Faust, TU Darmstadt
Tomasz Lizurej, NASK
Marcin Mielniczuk, University of Warsaw
Abstract

One of the main shortcomings of classical distributed cryptography is its reliance on a certain fraction of participants remaining honest. Typically, honest parties are assumed to follow the protocol and not leak any information, even if behaving dishonestly would benefit them economically. More realistic models used in blockchain consensus rely on weaker assumptions, namely that no large coalition of corrupt parties exists, although every party can act selfishly. This is feasible since, in a consensus protocol, active misbehavior can be detected and "punished" by other parties. However, "information leakage", where an adversary reveals sensitive information via, e.g., a subliminal channel, is often impossible to detect and, hence, much more challenging to handle. A recent approach to address this problem was proposed by Dziembowski, Faust, Lizurej, and Mielniczuk (ACM CCS 2024), who introduced a new notion called secret sharing with snitching. This primitive guarantees that as long as no large coalition of mutually trusting parties exists, every leakage of the shared secret produces a "snitching proof" indicating that some party participated in the illegal secret reconstruction. This holds in a very strong model, where mutually distrusting parties use an MPC protocol to reconstruct any information about the shared secret. Such a "snitching proof" can be sent to a smart contract (modeled as a "judge") deployed on the blockchain, which punishes the aving party financially. In this paper, we extend the results from the work of CCS'24 by addressing its two main shortcomings. Firstly, we significantly strengthen the attack model by considering the case when mutually distrusting parties can also rely on a trusted third party (e.g., a smart contract). We call this new primitive strong secret sharing with snitching (SSSS). We present an SSSS protocol that is secure in this model. Secondly, unlike in the construction from CCS'24, our protocol does not require the honest parties to perform any MPC computations on hash functions. Besides its theoretical interest, this improvement is of practical importance, as it allows the construction of SSSS from any (even very "MPC-unfriendly") hash function.

Note: A major revision of an IACR publication in CRYPTO 2025

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in CRYPTO 2025
Keywords
secret sharingcollusion prevention
Contact author(s)
jan bormet @ tu-darmstadt de
stefan dziembowski @ crypto edu pl
sebastian faust @ tu-darmstadt de
tomasz lizurej @ crypto edu pl
m mielniczuk @ uw edu pl
History
2025-06-16: approved
2025-06-13: received
See all versions
Short URL
https://ia.cr/2025/1119
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/1119,
      author = {Jan Bormet and Stefan Dziembowski and Sebastian Faust and Tomasz Lizurej and Marcin Mielniczuk},
      title = {Strong Secret Sharing with Snitching},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/1119},
      year = {2025},
      url = {https://eprint.iacr.org/2025/1119}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.