Efficient Secret Sharing Schemes for Access Structures

secret sharing and statistical zero knowledge n.w
1 / 47
Embed
Share

Discover the world of secret sharing and access structures in this in-depth exploration. Learn about efficient schemes, threshold conditions, and prior research, shedding light on which functions can have computationally efficient sharing algorithms. Dive into the realm of non-threshold schemes and the possibilities they offer.

  • Secret Sharing
  • Access Structures
  • Computation
  • Efficient Schemes
  • Threshold Conditions
rayaanacharya
gkan Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Secret Sharing and Statistical Zero Knowledge Vinod Vaikuntanathan Prashant Nalini Vasudevan MIT CSAIL

  2. Secret Sharing (Threshold) [Shamir79, Blakley79] s sh1 sh2 sh3 shn Sharek

  3. Secret Sharing (Threshold) s sh1 sh2 sh3 shn Sharek s Reconstructk At least k shares: can reconstruct s

  4. Secret Sharing (Threshold) s sh1 sh2 sh3 shn Sharek s Reconstructk Fewer than k shares: NO information about s

  5. Secret Sharing (Non-Threshold) [Ito-Saito-Nishizeki93] f: monotone function. f s sh1 sh2 sh3 shn Sharef

  6. Secret Sharing (Non-Threshold) 0 1 0 1 f s sh1 sh2 sh3 shn Sharef

  7. Secret Sharing (Non-Threshold) 0 1 0 1 f 1 s sh1 sh2 sh3 shn Sharef s Reconstructf

  8. Secret Sharing (Non-Threshold) 1 0 1 0 f 0 s sh1 sh2 sh3 shn Sharef s Reconstructf

  9. Q: For which functions* f can Non-Threshold Secret Sharing Schemes exist? *also called an access structure

  10. Prior Work Inefficient schemes for all monotone functions. [ISN93, SJM91, Bri89, BI93] Efficient schemes for logspace classes. [KW93, BL90] Schemes with efficient sharing for some functions that are not known to be in NC. [BI01] Several constructions for specific functions. [BR89, BW05, Sim88, ] Efficient linear schemes possible only for functions in NC. [KW93]

  11. This Work Which functions have secret sharing with a computationally efficient sharing algorithm?

  12. This Work Which functions have secret sharing with a computationally efficient sharing algorithm? Spoiler Alert: Statistical ZK!

  13. Theorem 1 Let SS be the class of functions for which there exist Non-Threshold Secret Sharing Schemes with efficient sharing, and SZK be the class of functions for which there are statistical zero knowledge proofs. Then: SS SZK

  14. SS SZK x = 101...0 P V

  15. SS SZK x = 101...0 P V s

  16. SS SZK x = 101...0 P V ShareL s sh1 sh2 sh3 shn

  17. SS SZK x = 101...0 P V ShareL s {shi| xi= 1} sh1 sh2 sh3 shn

  18. SS SZK x = 101...0 P V ShareL s {shi| xi= 1} sh1 sh2 sh3 shn s Accept if s = s.

  19. SS SZK x = 101...0 P V ShareL s Completeness: If x L {shi| xi= 1} sh1 sh2 sh3 shn ReconstructL s Accept if s = s. s

  20. SS SZK x = 101...0 P V ShareL s Soundness: If x L {shi| xi= 1} No information about s. sh1 sh2 sh3 shn s Accept if s = s.

  21. Theorem 1 Let SS be the class of functions for which there exist Non-Threshold Secret Sharing Schemes with efficient sharing, and SZK be the class of functions for which there are statistical zero knowledge proofs. Then: SS SZK What about the converse?

  22. Secret Sharing (Generalized) [Beimel-Ishai01] f sh10 sh20 sh30 shn0 s Sharef sh2 1 sh11 sh31 shn1

  23. Secret Sharing (Generalized) f sh10 sh20 sh30 shn0 s Sharef sh2 1 sh11 sh31 shn1 s Reconstructf

  24. Secret Sharing (Generalized) 0 1 0 1 f sh10 sh20 sh30 shn0 s Sharef sh2 1 sh11 sh31 shn1

  25. Secret Sharing (Generalized) 0 1 0 1 f 1 sh10 sh20 sh30 shn0 s Sharef sh2 1 sh11 sh31 shn1 s Reconstructf

  26. Secret Sharing (Generalized) 1 0 1 0 f 0 sh10 sh20 sh30 shn0 s Sharef sh11 sh21 sh31 shn1 s Reconstructf

  27. Q: For which functions f can Generalized Secret Sharing Schemes exist?

  28. Theorem 2 Let GSS be the class of functions for which there exist Generalised Secret Sharing Schemes with efficient sharing, and SZKL be the class of functions for which there are statistical zero knowledge proofs with logspace verifiers and simulators. Then: SZKL GSS

  29. Generic SZKL Protocol Every L in SZKL has an SZKL protocol of the following form. [SV00] x P V

  30. Generic SZKL Protocol Every L in SZKL has an SZKL protocol of the following form. [SV00] x P V {0,1} s

  31. Generic SZKL Protocol Every L in SZKL has an SZKL protocol of the following form. [SV00] x P V {0,1} s y(s,x)

  32. Generic SZKL Protocol Every L in SZKL has an SZKL protocol of the following form. [SV00] x P V {0,1} s y(s,x) s Accept if s = s.

  33. Generic SZKL Protocol Every L in SZKL has an SZKL protocol of the following form. [SV00] x P V {0,1} s y(s,x) Can predict s if and only if x L. s Accept if s = s.

  34. SZKL GSS Have: x V

  35. SZKL GSS Have: x s V

  36. SZKL GSS Have: x s y V

  37. SZKL GSS Have: x s y V P if x L s

  38. SZKL GSS Have: x s y V P if x L s Want: sh1 0 sh2 0 shn 0 s ShareL sh1 1 sh2 1 shn 1

  39. SZKL GSS Have: x s y V P if x L s Want: sh1 0 sh2 0 shn 0 s ShareL sh1 1 sh2 1 shn 1 x = 1 0 0

  40. SZKL GSS Have: x s y V P if x L s Want: sh1 0 sh2 0 shn 0 ReconstructL s ShareL sh1 1 sh2 1 shn 1 if x L s x = 1 0 0

  41. SZKL GSS GC Garble s V gi10 gi20 gin0 gi11 gi21 gin1

  42. SZKL GSS GC Garble Evaluate s V y gi10 gi20 gin0 gi11 gi21 gin1 x = 1 0 0

  43. SZKL GSS GC Garble Evaluate s V y gi10 gi20 gin0 gi11 gi21 gin1 P x = 1 0 0 s if x L

  44. SZKL GSS GC Garble Evaluate s V y gi10 gi20 gin0 gi11 gi21 gin1 P x = 1 0 0 s Information-theoretic constructions for NC1. Can use Decomposable Randomised Encodings for L. [IK00, IW14] if x L

  45. SZKL GSS x = 1 0 0 GC, gi10 GC, gi20 GC, gin0 s ShareL GC, gi11 GC, gi21 GC, gin1 Evaluate ReconstructL if x L s y P

  46. Some Implications Secret sharing schemes with efficient sharing and reconstruction for the following languages: Bounded Degree Graph Non-Isomorphism. Gap CVP for constant-dimensional lattices. Co-Primality (this was done even earlier, in [BI01]). These problems are in P, but are not known to be in NC.

  47. Future Directions Extend results about GSS to SS. Is monotone SZKL SS? Which functions have secret sharing schemes with efficient sharing and efficient reconstruction?

Related


Efficient Masked Ciphers Cryptanalysis 2020 Insights

Efficient Masked Ciphers Cryptanalysis 2020 Insights

yar_sa
Efficient Multiparty Computation for Matrix Rings against Malicious Adversaries

Efficient Multiparty Computation for Matrix Rings against Malicious Adversaries

mck_vin
Efficient Batch Verification in Statistical Zero-Knowledge

Efficient Batch Verification in Statistical Zero-Knowledge

levi_974

More Related Content