## Abstract

A multiplicative secret sharing scheme allows players to multiply two secret-shared field elements by locally converting their shares of the two secrets into an additive sharing of their product. Multiplicative secret sharing serves as a central building block in protocols for secure multiparty computation (MPC). Motivated by open problems in the area of MPC, we introduce the more general notion of d-multiplicative secret sharing, allowing to locally multiply d shared secrets, and study the type of access structures for which such secret sharing schemes exist. While it is easy to show that d-multiplicative schemes exist if no d unauthorized sets of players cover the whole set of players, the converse direction is less obvious for d≥3. Our main result is a proof of this converse direction, namely that d-multiplicative schemes do not exist if the set of players is covered by d unauthorized sets. In particular, t-private d-multiplicative secret sharing among k players is possible if and only if k>dt. Our negative result holds for arbitrary (possibly inefficient or even nonlinear) secret sharing schemes and implies a limitation on the usefulness of secret sharing in the context of MPC. Its proof relies on a quantitative argument inspired by communication complexity lower bounds.

Original language | English |
---|---|

Pages (from-to) | 580-593 |

Number of pages | 14 |

Journal | Journal of Cryptology |

Volume | 23 |

Issue number | 4 |

DOIs | |

State | Published - 1 Oct 2010 |

Externally published | Yes |

## Keywords

- Secret sharing
- Secure multiparty computation
- Secure multiplication

## ASJC Scopus subject areas

- Software
- Computer Science Applications
- Applied Mathematics