The Round Complexity of Verifiable Secret Sharing Revisited

The round complexity of interactive protocols is one of their most important complexity measures. In this work we prove that existing lower bounds for the round complexity of VSS can be circumvented by introducing a negligible probability of error in the reconstruction phase. Previous results show matching lower and upper bounds of three rounds for VSS, with n = 3t + 1, where the reconstruction of the secrets always succeeds, i.e. with probability 1. In contrast we show that with a negligible probability of error in the reconstruction phase: 1. There exists an efficient 2-round VSS protocol for n = 3t + 1. If we assume that the adversary is non-rushing then we can achieve a 1-round reconstruction phase. 2. There exists an efficient 1-round VSS for t = 1 and n > 3. 3. We prove that our results are optimal both in resilience and number of sharing rounds by showing: (a) There does not exist a 2-round WSS 1 (and hence VSS) for n ≤ 3t. (b) There does not exist a 1-round VSS protocol for t ≥ 2 and n ≥ 4.