Abstract
Consider a scenario where an l-bit secret has been distributed among n players by an honest dealer using some secret sharing scheme. Then, if all players behave honestly, the secret can be reconstructed in one round with zero error probability, and by broadcasting nl bits.
We ask the following question: how close to this ideal can we get if up to t players (but not the dealer) are corrupted by an adaptive, active adversary with unbounded computing power? - and where in addition we of course require that the adversary does not learn the secret ahead of reconstruction time. It is easy to see that t = ⌊(n ™ 1)/2⌋ is the maximal value of t that can be tolerated, and furthermore, we show that the best we can hope for is a one-round reconstruction protocol where every honest player outputs the correct secret or “failure”. For any such protocol with failure probability at most 2™ν(k), we show a lower bound of ν(nl + kn 2) bits on the information communicated. We further show that this is tight up to a constant factor.
The lower bound trivially applies as well to VSS schemes, where also the dealer may be corrupt. Using generic methods, the scheme establishing the upper bound can be turned into a VSS with efficient reconstruction. However, the distribution phase becomes very inefficient. Closing this gap, we present a new VSS protocol where the distribution complexity matches that of the previously best known VSS, but where the reconstruction phase meets our lower bound up to a constant factor. The reconstruction is a factor of n better than previous VSS protocols. We show an application of this to multi-party computation with pre-processing, improving the complexity of earlier similar protocols by a factor of n.
Supported by the Swiss SNF, project no. SPP 2000-055466.98.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
D. Beaver. Efficient multiparty protocols using circuit randomization. In CRYPTO’ 91, LNCS 576, pages 420–432. Springer-Verlag, 1992.
M. Ben-Or, S. Goldwasser, and A. Widgerson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In 20th Annual ACM Symposium on the Theory of Computing, pages 1–10, 1988.
R.E. Blahut. Priciples and Practice of Information Theory. Addison-Wesley, 1987.
R. Cramer, I. Damgard, S. Dziembowski, M. Hirt, and T. Rabin. Efficient multiparty computations secure against an adaptive adversary. In EUROCRYPT’ 99, LNCS 1592. Springer-Verlag, 1999.
R. Cramer, I. Damgaard, and U. Maurer. General secure multi-party computation from any linear secret-sharing scheme. In EUROCRYPT 2000, LNCS 1807. Springer-Verlag, 2000.
B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch. Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In 26th Annual Symposium on Foundations of Computer Science, pages 383–395, 1985.
S. Cabello, C. Padró, and G. Sáez. Secret sharing schemes with detection of cheaters for a general access structure. In Proceedings of the 12th International Symposium on Fundamentals of Computation Theory, FCT’ 99, LNCS 1233, pages 185–193, 1999.
R. Gennaro, M.O. Rabin, and T. Rabin. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In 17th ACM Symposium on Principles of Distributed Computing, 1998.
M. Hirt and U. Maurer. Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract). In 16th ACM Symposium on Principles of Distributed Computing, pages 25–34, 1997.
M. Karchmer and A. Wigderson. On span programs. In 8th Annual Conference on Structure in Complexity Theory (SCTC’ 93), pages 102–111, 1993.
U. Maurer. Authentication theory and hypothesis testing. IEEE Transaction on Information Theory, 2000.
T. Rabin and M. Ben-Or. Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In 21th Annual ACM Symposium on the Theory of Computing, pages 73–85, 1989.
A. Shamir. How to share a secret. Communications of the Association for Computing Machinery, 22(11):612–613, 1979.
G.J. Simmons. Authentication theory/coding theory. In CRYPTO’ 84, LNCS 196, pages 411–431. Springer-Verlag, 1985.
D.R. Stinson. Cryptography — Theory and Practice. Number ISBN 0-8493-8521-0. CRC Press, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cramer, R., Damgård, I., Fehr, S. (2001). On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase. In: Kilian, J. (eds) Advances in Cryptology — CRYPTO 2001. CRYPTO 2001. Lecture Notes in Computer Science, vol 2139. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44647-8_30
Download citation
DOI: https://doi.org/10.1007/3-540-44647-8_30
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42456-7
Online ISBN: 978-3-540-44647-7
eBook Packages: Springer Book Archive