## Abstract

A secret-sharing scheme realizes the forbidden graph access structure determined by a graph G=(V,E) if the parties are the vertices of the graph and the subsets that can reconstruct the secret are the pairs of vertices in E (i.e., the edges) and the subsets of at least three vertices. Secret-sharing schemes for forbidden graph access structures defined by bipartite graphs are equivalent to conditional disclosure of secrets (CDS) protocols. We study the complexity of realizing a forbidden graph access structure by linear secret-sharing schemes, which are schemes in which the secret can be reconstructed from the shares by a linear mapping. We provide efficient constructions and lower bounds on the share size of linear secret-sharing schemes for sparse and very dense graphs, closing the gap between upper and lower bounds. Given a sparse (resp. very dense) graph with n vertices and at most n 1+\β edges (resp. at least n 2-n1+\β edges), for some 0 ≤\β < 1, we construct a linear secret-sharing scheme realizing its forbidden graph access structure with total share size O (n1+\β/2). Furthermore, we construct linear secret-sharing schemes realizing these access structures in which the size of each share is O (n1+\β). We also provide constructions achieving different trade-offs between the size of each share and the total share size. We prove that almost all forbidden graph access structures require linear secret-sharing schemes with total share size Ω (n 3/2); this shows that the construction of Gay, Kerenidis, and Wee [CRYPTO 2015] is optimal. Furthermore, we show that for every 0 ≤\β < 1 there exist a graph with at most n 1+\β edges and a graph with at least n 2-n1+\β edges such that the total share size in any linear secret-sharing scheme realizing the associated forbidden graph access structures is Ω (n 1+\β). Finally, we show that for every 0 ≤\β < 1 there exist a graph with at most n1+\β edges and a graph with at least n 2-n1+\β edges such that the size of the share of at least one party in any linear secret-sharing scheme realizing these forbidden graph access structures is Ω (n 1+\β). This shows that our constructions are optimal (up to poly-logarithmic factors).

Original language | English |
---|---|

Pages (from-to) | 2083-2100 |

Number of pages | 18 |

Journal | IEEE Transactions on Information Theory |

Volume | 68 |

Issue number | 3 |

DOIs | |

State | Published - 1 Mar 2022 |

## Keywords

- Conditional disclosure of secrets
- Monotone span program
- Secret-sharing
- Share size

## ASJC Scopus subject areas

- Information Systems
- Computer Science Applications
- Library and Information Sciences