## Abstract

A secret-sharing scheme realizes the forbidden graph access structure determined by a graph G = (V,E) if a pair of vertices can reconstruct the secret if and only if it is an edge in G. Secret-sharing schemes for forbidden graph access structures of bipartite graphs are equivalent to conditional disclosure of secrets protocols, a primitive that is used to construct attributed-based encryption schemes. We study the complexity of realizing a forbidden graph access structure by linear secret-sharing schemes. A secret-sharing scheme is linear if the reconstruction of the secret from the shares is a linear mapping. In many applications of secret-sharing, it is required that the scheme will be linear. We provide efficient constructions and lower bounds on the share size of linear secret-sharing schemes for sparse and dense graphs, closing the gap between upper and lower bounds: Given a sparse graph with n vertices and at most n^{1+β} edges, for some 0 ≤ β < 1, we construct a linear secret-sharing scheme realizing its forbidden graph access structure in which the total size of the shares is (formula presented). We provide an additional construction showing that every dense graph with n vertices and at least (formula presented) edges can be realized by a linear secret-sharing scheme with the same total share size. We provide lower bounds on the share size of linear secret-sharing schemes realizing forbidden graph access structures. We prove that for most forbidden graph access structures, the total share size of every linear secret-sharing scheme realizing these access structures is Ω(n^{3/2}), which shows that the construction of Gay, Kerenidis, and Wee [CRYPTO 2015] is optimal. Furthermore, we show that for every 0 ≤ β < 1 there exist a graph with at most n^{1+β} edges and a graph with at least (formula presented) edges, such that the total share size of every linear secret-sharing scheme realizing these forbidden graph access structures is Ω(n^{1+β/2}). This shows that our constructions are optimal (up to poly-logarithmic factors).

Original language | English |
---|---|

Title of host publication | Theory of Cryptography - 15th International Conference, TCC 2017, Proceedings |

Editors | Yael Kalai, Leonid Reyzin |

Publisher | Springer Verlag |

Pages | 394-423 |

Number of pages | 30 |

ISBN (Print) | 9783319705026 |

DOIs | |

State | Published - 1 Jan 2017 |

Event | 15th International Conference on Theory of Cryptography, TCC 2017 - Baltimore, United States Duration: 12 Nov 2017 → 15 Nov 2017 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 10678 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Conference

Conference | 15th International Conference on Theory of Cryptography, TCC 2017 |
---|---|

Country/Territory | United States |

City | Baltimore |

Period | 12/11/17 → 15/11/17 |

## Keywords

- Conditional disclosure of secrets
- Monotone span program
- Secret-sharing
- Share size

## ASJC Scopus subject areas

- Theoretical Computer Science
- General Computer Science