Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Distributed Secret Sharing over a Public Channel from Correlated Random Variables

Remi A. Chou

TL;DR

The paper expands secret sharing beyond Shamir by jointly designing share creation and distribution over a public channel with correlated randomness and by allowing a distributed dealer (multiple sub-dealers). It derives inner and outer regions for achievable secret rates under monotone access structures, including specialized capacity results for threshold structures with pairwise keys and for all-or-nothing access with a single dealer. Two novel achievability techniques are introduced: a distributed leftover-hash approach to jointly satisfy reliability and security, and a reduction from distributed to multiple single-dealer settings. The results show linear scaling of share length with the secret and establish capacity in key special cases, providing a framework for secret sharing in wireless networks where correlated randomness arises from channel measurements. The extension to chosen secrets confirms robustness of the main results under more practical secrecy models, with potential for constructive, low-complexity schemes in future work.

Abstract

We consider a secret-sharing model where a dealer distributes the shares of a secret among a set of participants with the constraint that only predetermined subsets of participants must be able to reconstruct the secret by pooling their shares. Our study generalizes Shamir's secret-sharing model in three directions. First, we allow a joint design of the protocols for the creation of the shares and the distribution of the shares, instead of constraining the model to independent designs. Second, instead of assuming that the participants and the dealer have access to information-theoretically secure channels at no cost, we assume that they have access to a public channel and correlated randomness. Third, motivated by a wireless network setting where the correlated randomness is obtained from channel gain measurements, we explore a setting where the dealer is an entity made of multiple sub-dealers. Our main results are inner and outer regions for the achievable secret rates that the dealer and the participants can obtain in this model. To this end, we develop two new achievability techniques, a first one to successively handle reliability and security constraints in a distributed setting, and a second one to reduce a multi-dealer setting to multiple single-user dealer settings. Our results yield the capacity region for threshold access structures when the correlated randomness corresponds to pairwise secret keys shared between each sub-dealer and each participant, and the capacity for the all-or-nothing access structure in the presence of a single dealer and arbitrarily correlated randomness.

Distributed Secret Sharing over a Public Channel from Correlated Random Variables

TL;DR

The paper expands secret sharing beyond Shamir by jointly designing share creation and distribution over a public channel with correlated randomness and by allowing a distributed dealer (multiple sub-dealers). It derives inner and outer regions for achievable secret rates under monotone access structures, including specialized capacity results for threshold structures with pairwise keys and for all-or-nothing access with a single dealer. Two novel achievability techniques are introduced: a distributed leftover-hash approach to jointly satisfy reliability and security, and a reduction from distributed to multiple single-dealer settings. The results show linear scaling of share length with the secret and establish capacity in key special cases, providing a framework for secret sharing in wireless networks where correlated randomness arises from channel measurements. The extension to chosen secrets confirms robustness of the main results under more practical secrecy models, with potential for constructive, low-complexity schemes in future work.

Abstract

We consider a secret-sharing model where a dealer distributes the shares of a secret among a set of participants with the constraint that only predetermined subsets of participants must be able to reconstruct the secret by pooling their shares. Our study generalizes Shamir's secret-sharing model in three directions. First, we allow a joint design of the protocols for the creation of the shares and the distribution of the shares, instead of constraining the model to independent designs. Second, instead of assuming that the participants and the dealer have access to information-theoretically secure channels at no cost, we assume that they have access to a public channel and correlated randomness. Third, motivated by a wireless network setting where the correlated randomness is obtained from channel gain measurements, we explore a setting where the dealer is an entity made of multiple sub-dealers. Our main results are inner and outer regions for the achievable secret rates that the dealer and the participants can obtain in this model. To this end, we develop two new achievability techniques, a first one to successively handle reliability and security constraints in a distributed setting, and a second one to reduce a multi-dealer setting to multiple single-user dealer settings. Our results yield the capacity region for threshold access structures when the correlated randomness corresponds to pairwise secret keys shared between each sub-dealer and each participant, and the capacity for the all-or-nothing access structure in the presence of a single dealer and arbitrarily correlated randomness.

Paper Structure

This paper contains 52 sections, 23 theorems, 86 equations, 6 figures.

Table of Contents

  1. Introduction
  2. Related work
  3. Paper organization
  4. Notation
  5. Problem statement
  6. Results
  7. General access structures
  8. Results for an arbitrary number $D$ of sub-dealers
  9. Results for a two-sub-dealer setting, i.e., $D=2$
  10. Results for a single-dealer setting, i.e., $D=1$
  11. All-or-nothing access structure
  12. Results for an arbitrary number $D$ of sub-dealers
  13. Results for a two-sub-dealer setting, i.e., $D=2$
  14. Result for a single-dealer setting, i.e., $D=1$
  15. Threshold access structures when the source of randomness corresponds to pairwise secret keys
  16. ...and 37 more sections

Key Result

Theorem 1

We have $\mathcal{R}^{(\textup{in})}(\mathbb{A}) \subseteq \mathcal{C}(\mathbb{A})$, where where $\textup{Proj}_{(R_d)_{d\in\mathcal{D}}}$ denotes the projection on the space defined by the rates $(R_d)_{d\in\mathcal{D}}$.

Figures (6)

  • Figure 1: Traditional secret sharing with $L=3$ participants and $t=2$.
  • Figure 2: Proposed secret sharing model with two sub-dealers, three participants, and a reconstruction threshold $t=2$.
  • Figure 3: Secret sharing with $D=2$ sub-dealers, $L=3$ users, and the access structure $\mathbb{A} \triangleq \{ \{1,2\}, \{1,3\}, \{2,3\}, \{1,2,3\} \}$.
  • Figure 4: A joint security design strategy for $(S_1,S_2)$ is used in Theorem \ref{['prop1']}, whereas a successive security design strategy for $(S_1,S_2)$ is used in Theorem \ref{['th2']}.
  • Figure 5: Secret capacity for threshold access structures when $D=1$ and $L=10$.
  • ...and 1 more figures

Theorems & Definitions (50)

  • Definition 1: Monotone access structure benaloh1988generalized
  • Definition 2
  • Definition 3
  • Example 1
  • Theorem 1: Inner bound
  • proof
  • Theorem 2: Outer bound
  • proof
  • Corollary 1: Inner bound
  • Corollary 2: Outer bound
  • ...and 40 more