ECCC-Report TR17-189https://eccc.weizmann.ac.il/report/2017/189Comments and Revisions published for TR17-189en-usMon, 24 Sep 2018 00:25:15 +0300
Revision 1
| Conditional Disclosure of Secrets and $d$-Uniform Secret Sharing with Constant Information Rate |
Benny Applebaum,
Barak Arkis
https://eccc.weizmann.ac.il/report/2017/189#revision1Consider the following secret-sharing problem. Your goal is to distribute a long file $s$ between $n$ servers such that $(d-1)$-subsets cannot recover the file, $(d+1)$-subsets can recover the file, and $d$-subsets should be able to recover $s$ if and only if they appear in some predefined list $L$. How small can the information ratio (i.e., the number of bits stored on a server per each bit of the secret) be?
We advocate the study of such $d$-uniform access structures as a useful scaled-down version of general access structures. Our main result shows that for constant $d$, any $d$-uniform access structure admits a secret sharing scheme with a \emph{constant} asymptotic information ratio of $c_d$ that does not grow with the number of servers $n$. This result is based on a new construction of $d$-party Conditional Disclosure of Secrets (CDS) for arbitrary predicates over $n$-size domain in which each party communicates at most four bits per secret bit.
In both settings, previous results achieved a non-constant information ratio that grows asymptotically with $n$, even for the simpler (and widely studied) special case of $d=2$. Moreover, our multiparty CDS construction yields the first example of an access structure whose amortized information ratio is constant, whereas its best-known non-amortized information ratio is sub-exponential, thus providing a unique evidence for the potential power of \emph{amortization} in the context of secret sharing.
Our main result applies to exponentially long secrets, and so it should be mainly viewed as a barrier against amortizable lower-bound techniques. We also show that in some natural simple cases (e.g., low-degree predicates), amortization kicks in even for quasi-polynomially long secrets.
Finally, we prove some limited lower-bounds, point out some limitations of existing lower-bound techniques, and describe some applications to the setting of private simultaneous messages. Mon, 24 Sep 2018 00:25:15 +0300https://eccc.weizmann.ac.il/report/2017/189#revision1
Paper TR17-189
| Conditional Disclosure of Secrets and $d$-Uniform Secret Sharing with Constant Information Rate |
Benny Applebaum,
Barak Arkis
https://eccc.weizmann.ac.il/report/2017/189Consider the following secret-sharing problem. Your goal is to distribute a long file $s$ between $n$ servers such that $(d-1)$-subsets cannot recover the file, $(d+1)$-subsets can recover the file, and $d$-subsets should be able to recover $s$ if and only if they appear in some predefined list $L$. How small can the information ratio (i.e., the number of bits stored on a server per each bit of the secret) be?
We initiate the study of such $d$-uniform access structures, and view them as a useful scaled-down version of general access structures. Our main result shows that, for constant $d$, any $d$-uniform access structure admits a secret sharing scheme with a \emph{constant} asymptotic information ratio of $c_d$ that does not grow with the number of servers $n$. This result is based on a new construction of $d$-party Conditional Disclosure of Secrets (Gertner et al., JCSS '00) for arbitrary predicates over $n$-size domain in which each party communicates at most four bits per secret bit.
In both settings, previous results achieved non-constant information ratio which grows asymptotically with $n$ even for the simpler (and widely studied) special case of $d=2$. Moreover, our results provide a unique example for a natural class of access structures $F$ that can be realized with information rate smaller than its bit-representation length $\log |F|$ (i.e., $\Omega( d \log n)$ for $d$-uniform access structures) showing that \emph{amortization can beat the representation size barrier}.
Our main result applies to exponentially long secrets, and so it should be mainly viewed as a barrier against amortizable lower-bound techniques. We also show that in some natural simple cases (e.g., low-degree predicates), amortization kicks in even for quasi-polynomially long secrets. Finally, we prove some limited lower-bounds, point out some limitations of existing lower-bound techniques, and describe some applications to the setting of private simultaneous messages. Mon, 25 Dec 2017 19:03:21 +0200https://eccc.weizmann.ac.il/report/2017/189