Strong Security of the Strongly Multiplicative Ramp Secret Sharing Based on Algebraic Curves

Secret sharing [1] is a well-established topic in the information security [2]. It attracts renewed interest after Cramer et al. [3] revealed that any linear secret sharing with the so-called multiplicative (or strongly multiplicative) property can be used for the secure multiparty computation. Later, the multiplicative properties were generalized to the ramp secret sharing [4], [5]. In [5, Section 4], the authors also provided two explicit constructions of the strongly multiplicative ramp secret sharing based on algebraic curves, which can be regarded as algebraic geometric generalizations of the McEliece-Sarwate ramp secret sharing [6] based on the Reed-Solomon codes. A set W of shares is said to be forbidden if W has no information about the secret vector s, and said to be qualified if s can be reconstructed from W [7]. W is said to be intermediate if it is neither qualified nor forbidden. The ramp secret sharing allows the existence of intermediate sets, while the perfect secret sharing prohibits the intermediate sets. The merit of ramp secret sharing is that the sizes of shares can be smaller than that of the secret. In ramp secret sharing [8]–[10], an intermediate set may have critical partial information about the secret, as follows: Suppose that the secret is a 17-letter string “username:password”, and an intermediate set W has partial information of 8 letters. The set W may be able to reconstruct “password”, which is very undesirable. In order to prevent such a situation, Yamamoto [7], [9] defined the notion of strong security for the ramp secret sharing, which requires any substring of the secret must not be reconstructed by an intermediate set (a formal definition is given later). An explicit construction with the strong security had remain unknown for many years, but recently Nishiara and Takizawa