Linear secret-sharing schemes for forbidden graph access structures

Amos Beimel, Oriol Farràs, Yuval Mintz, Naty Peter

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

21 Scopus citations

Abstract

A secret-sharing scheme realizes the forbidden graph access structure determined by a graph G = (V,E) if a pair of vertices can reconstruct the secret if and only if it is an edge in G. Secret-sharing schemes for forbidden graph access structures of bipartite graphs are equivalent to conditional disclosure of secrets protocols, a primitive that is used to construct attributed-based encryption schemes. We study the complexity of realizing a forbidden graph access structure by linear secret-sharing schemes. A secret-sharing scheme is linear if the reconstruction of the secret from the shares is a linear mapping. In many applications of secret-sharing, it is required that the scheme will be linear. We provide efficient constructions and lower bounds on the share size of linear secret-sharing schemes for sparse and dense graphs, closing the gap between upper and lower bounds: Given a sparse graph with n vertices and at most n1+β edges, for some 0 ≤ β < 1, we construct a linear secret-sharing scheme realizing its forbidden graph access structure in which the total size of the shares is (formula presented). We provide an additional construction showing that every dense graph with n vertices and at least (formula presented) edges can be realized by a linear secret-sharing scheme with the same total share size. We provide lower bounds on the share size of linear secret-sharing schemes realizing forbidden graph access structures. We prove that for most forbidden graph access structures, the total share size of every linear secret-sharing scheme realizing these access structures is Ω(n3/2), which shows that the construction of Gay, Kerenidis, and Wee [CRYPTO 2015] is optimal. Furthermore, we show that for every 0 ≤ β < 1 there exist a graph with at most n1+β edges and a graph with at least (formula presented) edges, such that the total share size of every linear secret-sharing scheme realizing these forbidden graph access structures is Ω(n1+β/2). This shows that our constructions are optimal (up to poly-logarithmic factors).

Original languageEnglish
Title of host publicationTheory of Cryptography - 15th International Conference, TCC 2017, Proceedings
EditorsYael Kalai, Leonid Reyzin
PublisherSpringer Verlag
Pages394-423
Number of pages30
ISBN (Print)9783319705026
DOIs
StatePublished - 1 Jan 2017
Event15th International Conference on Theory of Cryptography, TCC 2017 - Baltimore, United States
Duration: 12 Nov 201715 Nov 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10678 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Theory of Cryptography, TCC 2017
Country/TerritoryUnited States
CityBaltimore
Period12/11/1715/11/17

Keywords

  • Conditional disclosure of secrets
  • Monotone span program
  • Secret-sharing
  • Share size

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Linear secret-sharing schemes for forbidden graph access structures'. Together they form a unique fingerprint.

Cite this