Applications of Combinatorics to Information-Theoretic Cryptography

3 4 CONTENTS Preface Cryptology, as the scientific study of secure communications, began in World War II. Ever since the foundational work by Shannon [50], and especially after the introduction of public key cryptography in the seventies [21, 46], applications to cryptology have appeared from an increasing number of areas in mathematics. Combinatorics is one of them. For instance, the difficulty of determining the existence of Hamiltonian cycles in a graph has been used to design zero-knowledge proofs, but the most remarkable applications of combinatorics to cryptology appear in the so-called information-theoretic cryptography. The best known and most widely used cryptographic algorithms and protocols for encryption, digital signatures, or authentication base their security on the difficulty of some computational problems. This is the case for both public key cryptography and symmetric cryptography. Nevertheless, several cryptographic protocols are based on the fact that the information hold by the adversaries does not enable them to violate the security requirements. One-time pad encryption and authentication codes [51] are important examples. Secret sharing, which was independently introduced in 1979 by Shamir [49] and Blak-ley [6], is one of the most widely studied topics in information-theoretic cryptography. In a secret sharing scheme, a secret value is distributed into shares among a set of participants is such a way that only some qualified coalitions of participants can recover the secret value from their shares. One can think immediately on possible applications of secret sharing. The first one, proposed by the pioneering authors [6, 49], was safe storage of cryptographic keys. Nevertheless, a number of much less obvious applications of secret sharing to different kinds of cryptographic protocols have appeared. Arguably, the most interesting one is secure multiparty Similarly to other topis in cryptography, research in secret sharing has attracted a lot of attention. Shortly after its introduction, difficult open problems appeared, and the attempts to solve them have involved several areas of mathematics. We focus here mainly on the ones involving matroid theory. Unfortunately, no textbook on secret sharing has appeared yet, but two excellent surveys [1, 54] are available. The reader is referred to [20, 56] for basic textbooks on cryptography. The textbooks on matroid theory by Oxley [44] and by Welsh [57] may be useful too. 5 6 CONTENTS