Function Secret Sharing
نویسندگان
چکیده
Motivated by the goal of securely searching and updating distributed data, we introduce and study the notion of function secret sharing (FSS). This new notion is a natural generalization of distributed point functions (DPF), a primitive that was recently introduced by Gilboa and Ishai (Eurocrypt 2014). Given a positive integer p ≥ 2 and a class F of functions f : {0, 1} → G, where G is an Abelian group, a p-party FSS scheme for F allows one to split each f ∈ F into p succinctly described functions fi : {0, 1} → G, 1 ≤ i ≤ p, such that: (1) ∑p i=1 fi = f , and (2) any strict subset of the fi hides f . Thus, an FSS for F can be thought of as method for succinctly performing an “additive secret sharing” of functions from F . The original definition of DPF coincides with a twoparty FSS for the class of point functions, namely the class of functions that have a nonzero output on at most one input. We present two types of results. First, we obtain efficiency improvements and extensions of the original DPF construction. Then, we initiate a systematic study of general FSS, providing some constructions and establishing relations with other cryptographic primitives. More concretely, we obtain the following main results: – Improved DPF. We present an improved (two-party) DPF construction from a pseudorandom generator (PRG), reducing the length of the key describing each fi from O(λ · n2 ) to O(λn), where λ is the PRG seed length. – Multi-party DPF. We present the first nontrivial construction of a p-party DPF for p ≥ 3, obtaining a near-quadratic improvement over a naive construction that additively shares the truth-table of f . This constrcution too can be based on any PRG. – FSS for simple functions. We present efficient PRG-based FSS constructions for natural function classes that extend point functions, including interval functions and partial matching functions. – A study of general FSS. We show several relations between general FSS and other cryptographic primitives. These include a construction of general FSS via obfuscation, an indication for the implausibility of constructing general FSS from weak cryptographic assumptions such as the existence of one-way functions, a completeness result, and a relation with pseudorandom functions. ? Research supported by the European Union’s Tenth Framework Programme (FP10/2010-2016) under grant agreement no. 259426 ERC-CaC. The first and third authors were additionally supported by ISF grants 1361/10 and 1709/14 and BSF grant 2012378.
منابع مشابه
Sharing several secrets based on Lagrange's interpolation formula and Cipher feedback mode
In a multi-secret sharing scheme, several secret values are distributed among a set of n participants.In 2000 Chien et al.'s proposed a (t; n) multi-secret sharing scheme. Many storages and publicvalues required in Chien's scheme. Motivated by these concerns, some new (t; n) multi-secret sharingschemes are proposed in this paper based on the Lagrange interpolation formula for polynomials andcip...
متن کاملA NEW SECRET SHARING SCHEME ADVERSARY FUZZY STRUCTURE BASED ON AUTOMATA
In this paper,we introduce a new verifiable multi-use multi-secretsharing scheme based on automata and one-way hash function. The scheme has theadversary fuzzy structure and satisfy the following properties:1) The dealer can change the participants and the adversary fuzzy structure without refreshing any participants' real-shadow. 2) The scheme is based on the inversion of weakly invertible fin...
متن کاملSecurity Analysis of a Hash-Based Secret Sharing Scheme
Secret sharing schemes perform an important role in protecting se-cret by sharing it among multiple participants. In 1979, (t; n) threshold secret sharing schemes were proposed by Shamir and Blakley independently. In a (t; n) threshold secret sharing scheme a secret can be shared among n partic-ipants such that t or more participants can reconstruct the secret, but it can not be reconstructed b...
متن کاملA Fast Publicly Verifiable Secret Sharing Scheme using Non-homogeneous Linear Recursions
A non-interactive (t,n)-publicly veriable secret sharing scheme (non-interactive (t,n)-PVSS scheme) is a (t,n)-secret sharing scheme in which anyone, not only the participants of the scheme, can verify the correctness of the produced shares without interacting with the dealer and participants. The (t,n)-PVSS schemes have found a lot of applications in cryptography because they are suitable for<...
متن کاملComputationally secure multiple secret sharing: models, schemes, and formal security analysis
A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...
متن کاملAn Efficient Threshold Verifiable Multi-Secret Sharing Scheme Using Generalized Jacobian of Elliptic Curves
In a (t,n)-threshold secret sharing scheme, a secret s is distributed among n participants such that any group of t or more participants can reconstruct the secret together, but no group of fewer than t participants can do. In this paper, we propose a verifiable (t,n)-threshold multi-secret sharing scheme based on Shao and Cao, and the intractability of the elliptic curve discrete logar...
متن کامل