Optimal Computational Secret Sharing

Abstract

In (t, n)-threshold secret sharing, a secret S is distributed among n participants such that any subset of size t can recover S, while any subset of size t-1 or fewer learns nothing about it. For information-theoretic secret sharing, it is known that the share size must be at least as large as the secret, i.e., |S|. When computational security is employed using cryptographic encryption with a secret key K, previous work has shown that the share size can be reduced to |S|t + |K|. In this paper, we present a construction achieving a share size of |S| + |K|t. Furthermore, we prove that, under reasonable assumptions on the encryption scheme -- namely, the non-compressibility of pseudorandom encryption and the non-redundancy of the secret key -- this share size is optimal.

0

Turn this paper into a full lesson

ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.

Discussion (0)

Sign in to join the discussion.

Loading comments…