Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements

Authors: Mihir Bellare (University of California, San Diego, USA.), Wei Dai (University of California, San Diego, USA.), Phillip Rogaway (University of California, Davis, USA.)

Volume: 2020
Issue: 4
Pages: 461–490

Download PDF

Abstract: Aiming to strengthen classical secret-sharing to make it a more directly useful primitive for human endusers, we develop definitions, theorems, and efficient constructions for what we call adept secret-sharing. Our primary concerns are the properties we call privacy, authenticity, and error correction. Privacy strengthens the classical requirement by ensuring maximal confidentiality even if the dealer does not employ fresh, uniformly random coins with each sharing. That might happen either intentionally—to enable reproducible secretsharing—or unintentionally, when an entropy source fails. Authenticity is a shareholder’s guarantee that a secret recovered using his or her share will coincide with the value the dealer committed to at the time the secret was shared. Error correction is the guarantee that recovery of a secret will succeed, also identifying the valid shares, exactly when there is a unique explanation as to which shares implicate what secret. These concerns arise organically from a desire to create general-purpose libraries and apps for secret sharing that can withstand both strong adversaries and routine operational errors.

Keywords: Adept secret-sharing, computational secret sharing, cryptographic definitions, secret sharing

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.