Asymptotically Good Ideal Linear Secret Sharing with Strong Multiplication over Any Fixed Finite Field

This work deals with “MPC-friendly” linear secret sharing schemes (LSSS), a mathematical primitive upon which secure multi-party computation (MPC) can be based and which was introduced by Cramer, Damgaard and Maurer (EUROCRYPT 2000). Chen and Cramer proposed a special class of such schemes that is constructed from algebraic geometry and that enables efficient secure multi-party computation over fixed finite fields (CRYPTO 2006). We extend this in four ways. First, we propose an abstract coding-theoretic framework in which this class of schemes and its (asymptotic) properties can be cast and analyzed. Second, we show that for every finite field Fq, there exists an infinite family of LSSS over Fq that is asymptotically good in the following sense: the schemes are “ideal,” i.e., each share consists of a single Fq-element, and the schemes have t-strong multiplication on n players, where the corruption tolerance 3t n−1 tends to a constant ν(q) with 0 < ν(q) < 1 when n tends to infinity. Moreover, when |Fq| tends to infinity, ν(q) tends to 1, which is optimal. This leads to explicit lower bounds on τ̂(q), our measure of asymptotic optimal corruption tolerance. We achieve this by combining the results of Chen and Cramer with a dedicated field-descent method. In particular, in the F2-case there exists a family of binary t-strongly multiplicative ideal LSSS with 3t n−1 ≈ 2.86% when n tends to infinity, a one-bit secret and just a one-bit share for every player. Previously, such results were shown for Fq with q ≥ 49 a square. Third, we present an infinite family of ideal schemes with t-strong multiplication that does not rely on algebraic geometry and that works over every finite field Fq. Its corruption tolerance vanishes, yet still 3t n−1 = Ω(1/(log log n) logn). Fourth and finally, we give an improved non-asymptotic upper bound on corruption tolerance.