Function secret sharing

Elette Boyle, Niv Gilboa, Yuval Ishai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

113 Scopus citations


Motivated by the goal of securely searching and updating distributed data, we introduce and study the notion of function secret sharing (FSS). This new notion is a natural generalization of distributed point functions (DPF), a primitive that was recently introduced by Gilboa and Ishai (Eurocrypt 2014). Given a positive integer p ≥ 2 and a class F of functions f: {0, 1}n → (image found), where (image found) is an Abelian group, a p-party FSS scheme for F allows one to split each f ∈ F into p succinctly described functions fi: {0, 1}n →(image found), 1 ≤ i ≤ p, such that: (1) ∑p i=1 fi = f, and (2) any strict subset of the fi hides f. Thus, an FSS for F can be thought of as method for succinctly performing an “additive secret sharing” of functions from F. The original definition of DPF coincides with a twoparty FSS for the class of point functions, namely the class of functions that have a nonzero output on at most one input. We present two types of results. First, we obtain efficiency improvements and extensions of the original DPF construction. Then, we initiate a systematic study of general FSS, providing some constructions and establishing relations with other cryptographic primitives. More concretely, we obtain the following main results: – Improved DPF. We present an improved (two-party) DPF construction from a pseudorandom generator (PRG), reducing the length of the key describing each fi from O(λ ・ nlog2 3) to O(λn), where λ is the PRG seed length. – Multi-party DPF. We present the first nontrivial construction of a p-party DPF for p ≥ 3, obtaining a near-quadratic improvement over a naive construction that additively shares the truth-table of f. This constrcution too can be based on any PRG. – FSS for simple functions. We present efficient PRG-based FSS constructions for natural function classes that extend point functions, including interval functions and partial matching functions. – A study of general FSS. We show several relations between general FSS and other cryptographic primitives. These include a construction of general FSS via obfuscation, an indication for the implausibility of constructing general FSS from weak cryptographic assumptions such as the existence of one-way functions, a completeness result, and a relation with pseudorandom functions.

Original languageEnglish
Title of host publicationAdvances in Cryptology - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2015, Proceedings
EditorsMarc Fischlin, Elisabeth Oswald
PublisherSpringer Verlag
Number of pages31
ISBN (Print)9783662468029
StatePublished - 1 Jan 2015
Event34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2015 - Sofia, Bulgaria
Duration: 26 Apr 201530 Apr 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2015

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'Function secret sharing'. Together they form a unique fingerprint.

Cite this