TY - JOUR

T1 - Multiplicative and verifiably multiplicative secret sharing for multipartite adversary structures

AU - Eriguchi, Reo

AU - Kunihiro, Noboru

AU - Nuida, Koji

N1 - Funding Information:
This paper was presented in part at Information-Theoretic Cryptography 2020 []. This research was partially supported by the Ministry of Internal Affairs and Communications SCOPE Grant Number 182103105, JST CREST Grant Numbers JPMJCR19F6 and JPMJCR14D6, Japan, and JSPS KAKENHI Grant Numbers JP20J20797 and JP19K22838.
Publisher Copyright:
© 2022, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.

PY - 2023

Y1 - 2023

N2 - d-Multiplicative secret sharing enables n players to locally compute additive shares of the product of d secrets from their shares. Barkol et al. (Journal of Cryptology, 2010) show that it is possible to construct a d-multiplicative scheme for any adversary structure satisfying the Qd property, in which no d sets cover the whole set of players. In this paper, we focus on multipartite adversary structures and propose efficient multiplicative and verifiably multiplicative secret sharing schemes tailored to them. First, our multiplicative scheme is applicable to any multipartite Qd-adversary structure. If the number of parts is constant, our scheme achieves a share size polynomial in the number n of players while the general construction by Barkol et al. results in exponentially large share size in the worst case. We also propose its variant defined over smaller fields. As a result, for a special class of bipartite adversary structures with two maximal points, it achieves a constant share size for arbitrary n while the share size of the first scheme necessarily incurs a logarithmic factor of n. Secondly, we devise a more efficient scheme for a special class of multipartite ones such that players in each part have the same weight and a set of players belongs to the adversary structure if and only if the sum of their weights is at most a threshold. Thirdly, if the adversary structure is Qd+1, our first scheme is shown to be a verifiably multiplicative scheme that detects incorrect outputs with probability 1. For multipartite adversary structures with a constant number of parts, it improves the worst-case share and proof sizes of the only known general construction by Yoshida and Obana (IEEE Transactions on Information Theory, 2019). Finally, we propose a more efficient verifiably multiplicative scheme by allowing small error probability δ and focusing on a more restricted class of multipartite adversary structures. Our scheme verifies computation of polynomials and can achieve a share size independent of δ while the previous construction only works for monomials and results in a share size involving a factor of log δ- 1.

AB - d-Multiplicative secret sharing enables n players to locally compute additive shares of the product of d secrets from their shares. Barkol et al. (Journal of Cryptology, 2010) show that it is possible to construct a d-multiplicative scheme for any adversary structure satisfying the Qd property, in which no d sets cover the whole set of players. In this paper, we focus on multipartite adversary structures and propose efficient multiplicative and verifiably multiplicative secret sharing schemes tailored to them. First, our multiplicative scheme is applicable to any multipartite Qd-adversary structure. If the number of parts is constant, our scheme achieves a share size polynomial in the number n of players while the general construction by Barkol et al. results in exponentially large share size in the worst case. We also propose its variant defined over smaller fields. As a result, for a special class of bipartite adversary structures with two maximal points, it achieves a constant share size for arbitrary n while the share size of the first scheme necessarily incurs a logarithmic factor of n. Secondly, we devise a more efficient scheme for a special class of multipartite ones such that players in each part have the same weight and a set of players belongs to the adversary structure if and only if the sum of their weights is at most a threshold. Thirdly, if the adversary structure is Qd+1, our first scheme is shown to be a verifiably multiplicative scheme that detects incorrect outputs with probability 1. For multipartite adversary structures with a constant number of parts, it improves the worst-case share and proof sizes of the only known general construction by Yoshida and Obana (IEEE Transactions on Information Theory, 2019). Finally, we propose a more efficient verifiably multiplicative scheme by allowing small error probability δ and focusing on a more restricted class of multipartite adversary structures. Our scheme verifies computation of polynomials and can achieve a share size independent of δ while the previous construction only works for monomials and results in a share size involving a factor of log δ- 1.

UR - http://www.scopus.com/inward/record.url?scp=85145984114&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85145984114&partnerID=8YFLogxK

U2 - 10.1007/s10623-022-01177-2

DO - 10.1007/s10623-022-01177-2

M3 - Article

AN - SCOPUS:85145984114

SN - 0925-1022

JO - Designs, Codes, and Cryptography

JF - Designs, Codes, and Cryptography

ER -