## Abstract

There is a huge gap between the upper and lower bounds on the share size of secret-sharing schemes for arbitrary n-party access structures, and consistent with our current knowledge the optimal share size can be anywhere between polynomial in n and exponential in n. For linear secret-sharing schemes, we know that the share size for almost all n-party access structures must be exponential in n. Furthermore, most constructions of efficient secret-sharing schemes are linear. We would like to study larger classes of secret-sharing schemes with two goals. On one hand, we want to prove lower bounds for larger classes of secret-sharing schemes, possibly shedding some light on the share size of general secret-sharing schemes. On the other hand, we want to construct efficient secret-sharing schemes for access structures that do not have efficient linear secret-sharing schemes. Given this motivation, Paskin-Cherniavsky and Radune (ITC’20) defined and studied a new class of secret-sharing schemes in which the shares are generated by applying degree-d polynomials to the secret and some random field elements. The special case d= 1 corresponds to linear and multi-linear secret-sharing schemes. We define and study two additional classes of polynomial secret-sharing schemes: (1) schemes in which for every authorized set the reconstruction of the secret is done using polynomials and (2) schemes in which both sharing and reconstruction are done by polynomials. For linear secret-sharing schemes, schemes with linear sharing and schemes with linear reconstruction are equivalent. We give evidence that for polynomial secret-sharing schemes, schemes with polynomial sharing are probably stronger than schemes with polynomial reconstruction. We also prove lower bounds on the share size for schemes with polynomial reconstruction. On the positive side, we provide constructions of secret-sharing schemes and conditional disclosure of secrets (CDS) protocols with quadratic sharing and reconstruction. We extend a construction of Liu et al. (CRYPTO’17) and construct optimal quadratic k-server CDS protocols for functions with message size O(N^{(}^{k}^{-}^{1}^{)}^{/}^{3}). We show how to transform our quadratic k-server CDS protocol to a robust CDS protocol, and use the robust CDS protocol to construct quadratic secret-sharing schemes for arbitrary access structures with share size O(2 ^{0.705}^{n}); this is better than the best known share size of O(2 ^{0.7576}^{n}) for linear secret-sharing schemes and worse than the best known share size of O(2 ^{0.585}^{n}) for general secret-sharing schemes.

Original language | English |
---|---|

Title of host publication | Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings |

Editors | Tal Malkin, Chris Peikert |

Publisher | Springer Science and Business Media Deutschland GmbH |

Pages | 748-778 |

Number of pages | 31 |

ISBN (Print) | 9783030842512 |

DOIs | |

State | Published - 2021 |

Event | 41st Annual International Cryptology Conference, CRYPTO 2021 - Virtual, Online Duration: 16 Aug 2021 → 20 Aug 2021 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 12827 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Conference

Conference | 41st Annual International Cryptology Conference, CRYPTO 2021 |
---|---|

City | Virtual, Online |

Period | 16/08/21 → 20/08/21 |