Lecture Notes in Secret Sharing

Preface These are basically the lecture notes for the short course Applications of Combinatorics to 2012. With the objective of covering a full course on secret sharing, additional content will be added in subsequent versions of these lecture notes. Secret sharing, which was independently introduced in 1979 by Shamir [49] and Blak-ley [6], is one of the most widely studied topics in information-theoretic cryptography. In a secret sharing scheme, a secret value is distributed into shares among a set of participants is such a way that only some qualified coalitions of participants can recover the secret value from their shares. One can think immediately on possible applications of secret sharing. The first one, proposed by the pioneering authors [6, 49], was safe storage of cryptographic keys. Nevertheless, a number of much less obvious applications of secret sharing to different kinds of cryptographic protocols have appeared. Arguably, the most interesting one is secure multiparty Similarly to other topis in cryptography, research in secret sharing has attracted a lot of attention. Shortly after its introduction, difficult open problems appeared, and the attempts to solve them have involved several areas of mathematics. We focus here mainly on the ones involving matroid theory. Unfortunately, no textbook on secret sharing has appeared yet, but two excellent surveys [1, 54] are available. The reader is referred to [20, 56] for basic textbooks on cryptography. The textbooks on matroid theory by Oxley [44] and by Welsh [57] may be useful too. 5 6 CONTENTS