On d-multiplicative secret sharing

Omer Barkol, Yuval Ishai, Enav Weinreb

Research output: Contribution to journalArticlepeer-review

28 Scopus citations

Abstract

A multiplicative secret sharing scheme allows players to multiply two secret-shared field elements by locally converting their shares of the two secrets into an additive sharing of their product. Multiplicative secret sharing serves as a central building block in protocols for secure multiparty computation (MPC). Motivated by open problems in the area of MPC, we introduce the more general notion of d-multiplicative secret sharing, allowing to locally multiply d shared secrets, and study the type of access structures for which such secret sharing schemes exist. While it is easy to show that d-multiplicative schemes exist if no d unauthorized sets of players cover the whole set of players, the converse direction is less obvious for d≥3. Our main result is a proof of this converse direction, namely that d-multiplicative schemes do not exist if the set of players is covered by d unauthorized sets. In particular, t-private d-multiplicative secret sharing among k players is possible if and only if k>dt. Our negative result holds for arbitrary (possibly inefficient or even nonlinear) secret sharing schemes and implies a limitation on the usefulness of secret sharing in the context of MPC. Its proof relies on a quantitative argument inspired by communication complexity lower bounds.

Original languageEnglish
Pages (from-to)580-593
Number of pages14
JournalJournal of Cryptology
Volume23
Issue number4
DOIs
StatePublished - 1 Oct 2010
Externally publishedYes

Keywords

  • Secret sharing
  • Secure multiparty computation
  • Secure multiplication

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Applied Mathematics

Fingerprint

Dive into the research topics of 'On d-multiplicative secret sharing'. Together they form a unique fingerprint.

Cite this