Abstract
A multiplicative secret sharing scheme allows players to multiply two secret-shared field elements by locally converting their shares of the two secrets into an additive sharing of their product. Multiplicative secret sharing serves as a central building block in protocols for secure multiparty computation (MPC). Motivated by open problems in the area of MPC, we introduce the more general notion of d-multiplicative secret sharing, allowing to locally multiply d shared secrets, and study the type of access structures for which such secret sharing schemes exist. While it is easy to show that d-multiplicative schemes exist if no d unauthorized sets of players cover the whole set of players, the converse direction is less obvious for d≥3. Our main result is a proof of this converse direction, namely that d-multiplicative schemes do not exist if the set of players is covered by d unauthorized sets. In particular, t-private d-multiplicative secret sharing among k players is possible if and only if k>dt. Our negative result holds for arbitrary (possibly inefficient or even nonlinear) secret sharing schemes and implies a limitation on the usefulness of secret sharing in the context of MPC. Its proof relies on a quantitative argument inspired by communication complexity lower bounds.
Original language | English |
---|---|
Pages (from-to) | 580-593 |
Number of pages | 14 |
Journal | Journal of Cryptology |
Volume | 23 |
Issue number | 4 |
DOIs | |
State | Published - 1 Oct 2010 |
Externally published | Yes |
Keywords
- Secret sharing
- Secure multiparty computation
- Secure multiplication
ASJC Scopus subject areas
- Software
- Computer Science Applications
- Applied Mathematics