How to Share a Secret Amos Beimel
Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad
02/11/2010BGU - Graduate Day3 Applications Original motivation: Secure storage Building box for cryptographic protocols Secure multiparty computation Threshold cryptography Byzantine agreement Access control Private information retrieval Attribute-based encryption Generalized oblivious transfer
02/11/2010BGU - Graduate Day4 –Input: secret –Choose at random a bit –Share of P 1 : –Share of P 2 : 2-out-of-2 Secret Sharing Scheme
02/11/2010BGU - Graduate Day5 Shamir’s t-out-of-n Secret Sharing Scheme –Input: secret s –Choose at random a polynomial p(x)=s+r 1 x+r 2 x 2 +…+ r t-1 x t-1 –Share of P j : s j = p(j ) s
Open Question: Generalized Secret Sharing Not all sets are equal. There is a collection of authorized sets –Correctness: Every authorized set can recover s. –Privacy: Every unauthorized set cannot learn s. Are there efficient schemes for every ? –number of parties: n –Upper bound 2 O(n) –Lower bound n 2 /log n Open problem: 02/11/2010BGU - Graduate Day6