Paper 2025/525

Deniable Secret Sharing

Ran Canetti, Boston University
Ivan Damgård, Aarhus University
Sebastian Kolby, Aarhus University
Divya Ravi, University of Amsterdam
Sophia Yakoubov, Aarhus University
Abstract

We introduce deniable secret sharing (DSS), which, analogously to deniable encryption, enables shareholders to produce fake shares that are consistent with a target “fake message”, regardless of the original secret. In contrast to deniable encryption, in a DSS scheme an adversary sees multiple shares, some of which might be real, and some fake. This makes DSS a more difficult task, especially in situations where the fake shares need to be generated by individual shareholders, without coordination with other shareholders. We define several desirable properties for DSS, and show both positive and negative results for each. The strongest property is fake hiding, which is a natural analogy of deniability for encryption: given a complete set of shares, an adversary cannot determine whether any shares are fake. We show a construction based on Shamir secret sharing that achieves fake hiding as long as (1) the fakers are qualified (number or more), and (2) the set of real shares which the adversary sees is unqualified. Next we show a construction based on indistinguishability obfuscation that relaxes condition (1) and achieves fake hiding even when the fakers are unqualified (as long as they comprise more than half of the shareholders). We also extend the first construction to provide the weaker property of faker anonymity for all thresholds. (Faker anonymity requires that given some real shares and some fake shares, an adversary should not be able to tell which are fake, even if it can tell that some fake shares are present.) All of these constructions require the fakers to coordinate in order to produce fake shares. On the negative side, we first show that fake hiding is unachievable when the fakers are a minority, even if the fakers coordinate. Further, if the fakers do not coordinate, then even faker anonymity is unachievable as soon as (namely the reconstruction threshold is smaller than the number of parties).

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
secret sharingdeniability
Contact author(s)
canetti @ bu edu
ivan @ cs au dk
sk @ cs au dk
d ravi @ uva nl
sophia yakoubov @ cs au dk
History
2025-03-21: approved
2025-03-20: received
See all versions
Short URL
https://ia.cr/2025/525
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/525,
      author = {Ran Canetti and Ivan Damgård and Sebastian Kolby and Divya Ravi and Sophia Yakoubov},
      title = {Deniable Secret Sharing},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/525},
      year = {2025},
      url = {https://eprint.iacr.org/2025/525}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.