The Torsion-Limit for Algebraic Function Fields and Its Application to Arithmetic Secret Sharing
نویسندگان
چکیده
An (n, t, d, n−t)-arithmetic secret sharing scheme (with uniformity) for Fq over Fq is an Fq-linear secret sharing scheme where the secret is selected from Fq and each of the n shares is an element of Fq. Moreover, there is t-privacy (in addition, any t shares are uniformly random in Fq) and, if one considers the d-fold “component-wise” product of any d sharings, then the d-fold component-wise product of the d respective secrets is (n− t)-wise uniquely determined by it. Such schemes are a fundamental primitive in information-theoretically secure multi-party computation. Perhaps counter-intuitively, secure multi-party computation is a very powerful primitive for communication-efficient two-party cryptography, as shown recently in a series of surprising results from 2007 on. Moreover, the existence of asymptotically good arithmetic secret sharing schemes plays a crucial role in their communication-efficiency: for each d ≥ 2, if A(q) > 2d, where A(q) is Ihara’s constant, then there exists an infinite family of such schemes over Fq such that n is unbounded, k = Ω(n) and t = Ω(n), as follows from a result at CRYPTO’06. Our main contribution is a novel paradigm for constructing asymptotically good arithmetic secret sharing schemes from towers of algebraic function fields. It is based on a new limit that, for a tower with a given Ihara limit and given positive integer , gives information on the cardinality of the -torsion sub-groups of the associated degree-zero divisor class groups and that we believe is of independent interest. As an application of the bounds we obtain, we relax the condition A(q) > 2d from the CRYPTO’06 result substantially in terms of our torsion-limit. As a consequence, this result now holds over nearly all finite fields Fq. For example, if d = 2, it is sufficient that q = 8, 9 or q ≥ 16.
منابع مشابه
Construction of Arithmetic Secret Sharing Schemes by Using Torsion Limits
Recent results of Cascudo, Cramer, and Xing on the construction of arithmetic secret sharing schemes are improved by using some new bounds on the torsion limits of algebraic function fields. Furthermore, new bounds on the torsion limits of certain towers of function fields are given.
متن کاملLarge scale geometry, compactifications and the integral Novikov conjectures for arithmetic groups
The original Novikov conjecture concerns the (oriented) homotopy invariance of higher signatures of manifolds and is equivalent to the rational injectivity of the assembly map in surgery theory. The integral injectivity of the assembly map is important for other purposes and is called the integral Novikov conjecture. There are also assembly maps in other theories and hence related Novikov and i...
متن کاملAn Axisymmetric Torsion Problem of an Elastic Layer on a Rigid Circular Base
A solution is presented to a doubly mixed boundary value problem of the torsion of an elastic layer, partially resting on a rigid circular base by a circular rigid punch attached to its surface. This problem is reduced to a system of dual integral equations using the Boussinesq stress functions and the Hankel integral transforms. With the help of the Gegenbauer expansion formula of the Bessel f...
متن کاملAn Efficient Threshold Verifiable Multi-Secret Sharing Scheme Using Generalized Jacobian of Elliptic Curves
In a (t,n)-threshold secret sharing scheme, a secret s is distributed among n participants such that any group of t or more participants can reconstruct the secret together, but no group of fewer than t participants can do. In this paper, we propose a verifiable (t,n)-threshold multi-secret sharing scheme based on Shao and Cao, and the intractability of the elliptic curve discrete logar...
متن کاملRevisiting the Karnin, Greene and Hellman Bounds
The algebraic setting for threshold secret sharing scheme can vary, dependent on the application. This algebraic setting can limit the number of participants of an ideal secret sharing scheme. Thus it is important to know for which thresholds one could utilize an ideal threshold sharing scheme and for which thresholds one would have to use nonideal schemes. The implication is that more than one...
متن کامل