The Round Complexity of General VSS

The round complexity of verifiable secret sharing (VSS) schemes has been studied extensively for threshold adversaries. In particular, Fitzi et al. showed an efficient 3-round VSS for n ≥ 3t+1 [4], where an infinitely powerful adversary can corrupt t (or less) parties out of n parties. This paper shows that for non-threshold adversaries, 1. Two round VSS is possible iff the underlying adversary structure satisfies Q condition; 2. Three round VSS is possible iff the underlying adversary structure satisfies Q condition. Further as a special case of our three round protocol, we can obtain a more efficient 3-round VSS than the VSS of Fitzi et al. for n = 3t+ 1. More precisely, the communication complexity of the reconstruction phase is reduced from O(n) to O(n). We finally point out a flaw in the reconstruction phase of VSS of Fitzi et al., and show how to fix it.