TY - GEN
T1 - Secret-sharing for NP
AU - Komargodski, Ilan
AU - Naor, Moni
AU - Yogev, Eylon
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2014.
PY - 2014
Y1 - 2014
N2 - A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a “qualified” subset of parties can efficiently reconstruct the secret while any “unqualified” subset of parties cannot efficiently learn anything about the secret. The collection of “qualified” subsets is defined by a monotone Boolean function.It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing scheme. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be “qualified” and provide a witness attesting to this fact.Recently, Garg et al. [14] put forward the concept of witness encryption, where the goal is to encrypt a message relative to a statement x ∈ L for a language L ∈ NP such that anyone holding a witness to the statement can decrypt the message, however, if x ∉ L, then it is computationally hard to decrypt. Garg et al. showed how to construct several cryptographic primitives from witness encryption and gave a candidate construction.One can show that computational secret-sharing implies witness encryption for the same language. Our main result is the converse: we give a construction of a computational secret-sharing scheme for any monotone function in NP assuming witness encryption for NP and one-way functions. As a consequence we get a completeness theorem for secret- sharing: computational secret-sharing scheme for any single monotone NP-complete function implies a computational secret-sharing scheme for every monotone function in NP.
AB - A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a “qualified” subset of parties can efficiently reconstruct the secret while any “unqualified” subset of parties cannot efficiently learn anything about the secret. The collection of “qualified” subsets is defined by a monotone Boolean function.It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing scheme. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be “qualified” and provide a witness attesting to this fact.Recently, Garg et al. [14] put forward the concept of witness encryption, where the goal is to encrypt a message relative to a statement x ∈ L for a language L ∈ NP such that anyone holding a witness to the statement can decrypt the message, however, if x ∉ L, then it is computationally hard to decrypt. Garg et al. showed how to construct several cryptographic primitives from witness encryption and gave a candidate construction.One can show that computational secret-sharing implies witness encryption for the same language. Our main result is the converse: we give a construction of a computational secret-sharing scheme for any monotone function in NP assuming witness encryption for NP and one-way functions. As a consequence we get a completeness theorem for secret- sharing: computational secret-sharing scheme for any single monotone NP-complete function implies a computational secret-sharing scheme for every monotone function in NP.
UR - http://www.scopus.com/inward/record.url?scp=84916196024&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-45608-8_14
DO - 10.1007/978-3-662-45608-8_14
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84916196024
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 254
EP - 273
BT - Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings, Part II
A2 - Sarkar, Palash
A2 - Iwata, Tetsu
PB - Springer Verlag
T2 - 20th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2014
Y2 - 7 December 2014 through 11 December 2014
ER -