d-Multiplicative Secret Sharing for Multipartite Adversary Structures

Abstract

Secret sharing schemes are said to be d-multiplicative if the i-th shares of any d secrets s(j), j ∈ [d] can be converted into an additive share of the product ∏ j∈[d] s (j). d-Multiplicative secret sharing is a central building block of multiparty computation protocols with minimum number of rounds which are unconditionally secure against possibly non-threshold adversaries. It is known that d-multiplicative secret sharing is possible if and only if no d forbidden subsets covers the set of all the n players or, equivalently, it is private with respect to an adversary structure of type Qd. However, the only known method to achieve d-multiplicativity for any adversary structure of type Qd is based on CNF secret sharing schemes, which are not efficient in general in that the information ratios are exponential in n. In this paper, we explicitly construct a d-multiplicative secret sharing scheme for any `-partite adversary structure of type Qd whose information ratio is O(n`+1). Our schemes are applicable to the class of all the `-partite adversary structures, which is much wider than that of the threshold ones. Furthermore, our schemes achieve information ratios which are polynomial in n if ` is constant and hence are more efficient than CNF schemes. In addition, based on the standard embedding of `-partite adversary structures into R, we introduce a class of `-partite adversary structures of type Qd with good geometric properties and show that there exist more efficient d-multiplicative secret sharing schemes for adversary structures in that family than the above general construction. The family of adversary structures is a natural generalization of that of the threshold ones and includes some adversary structures which arise in real-world scenarios. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques