Random-Energy Secret Sharing via Extreme Synergy

TL;DR

This work derives an analytic expression for the mutual information between any two disjoint thermodynamic subsystems of the random-energy model and concludes that a special point in the phase diagram exists at which the REM-based scheme is physically optimal in its information encoding.

Abstract

The random-energy model (REM), a solvable spin-glass model, has impacted an incredibly diverse set of problems, from protein folding to combinatorial optimization to many-body localization. Here, we explore a new connection to secret sharing. We formulate a secret-sharing scheme, based on the REM, and analyze its information-theoretic properties. Our analyses reveal that the correlations between subsystems of the REM are highly synergistic and form the basis for secure secret-sharing schemes. We derive the ranges of temperatures and secret lengths over which the REM satisfies the requirement of secure secret sharing. We show further that a special point in the phase diagram exists at which the REM-based scheme is optimal in its information encoding. Our analytical results for the thermodynamic limit are in good qualitative agreement with numerical simulations of finite systems, for which the strict security requirement is replaced by a tradeoff between secrecy and recoverability. Our work offers a further example of information theory as a unifying concept, connecting problems in statistical physics to those in computation.

Figures (5)

• Figure 1: The random-energy model exhibits extremely strong and highly synergistic correlations. (a) We divide $N$ spins into three disjoint groups, $\sigma\!=\!(\sigma^m\!,\sigma^v\!,\sigma^h)$. The secret $\sigma^m$ consists of $M\!=\!mN$ spins. The other spins are the shares $\sigma^s\!=\!(\sigma^v\!,\sigma^h)$, of which $vN$ spins are visible $\sigma^v$ and $hN$ are hidden $\sigma^h$ . We consider the reconstruction of the secret $\sigma^m$ from an observation of the visible spins $\sigma^v$ . (b & c) The amount of information in the secret is quantified by its entropy $S(\sigma^m)\!\sim\!M$ bits (dashed). The information that the visible spins have about the secret is measured by their mutual information $I(\sigma^m;\sigma^v)$ (solid), here depicted as a function of the visible fraction $v$ at a fixed secret fraction $m$. (b) For the fully connected Ising model at criticality, the information increases with more visible spins. This increase diminishes as $v$ grows, indicating redundant coding of secret information. The logarithmic scaling of the information with $N$ signifies strong correlations associated with critical behaviors; away from the critical point, the information does not grow with $N$. (c) For the random-energy model in the paramagnetic phase ($T\!=\!\sqrt{2}T_c$), the information becomes positive only with enough visible spins. Moreover, the information is extensive in this case, indicating even stronger correlations than those in typical critical systems. Importantly, this extensivity means that visible spins can encode all of the secret information, thus allowing perfect secret reconstruction. This behavior is a signature of extreme synergy among the spins---that is, while individual spins leak no secret information, an adequately large collective of spins can completely reveal the secret.
• Figure 2: Mutual information between subsystems vs temperature and system composition. (a & b) The temperature dependence of the secret entropy (dashed) and the mutual information between the secret and visible spins (solid), see Fig \ref{['fig:synergy']}a. The secret entropy $S(\sigma^m)$ vanished in the frozen phase $t\!<\!1$ and grows with $t$ until it plateaus at $M$ bits [Eq \ref{['eq:marginal_entropy']}]. The information $I(\sigma^m;\sigma^v)$ exhibits similar behaviors at low temperatures, vanishing for $t\!<\!1$ and increasing with $t$ near the onset of the paramagnetic phase. But this information is bounded by either the entropy of the secret or that of visible spins whichever smaller; as a result, it saturates at $\min(m,v)N$ bits [Eq \ref{['eq:info']}]. At high temperatures, thermal noise dominates and the information decreases with $t$, approaching zero at $t\!=\!1/\sqrt{h}$. (c) This information depends on the composition of the secret, visible and hidden spins, parametrized by their fractions $(m,v,h)$ (Fig \ref{['fig:synergy']}a). For $t\!>\!1$, this ternary diagram has five regions, A-E. The information density, $I(\sigma^m;\sigma^v)/N$, is zero in A, $t^{-2}\!-\!h$ in B, $m$ in C, $v$ in D and $1\!-\!t^{-2}$ in E. For $t\!>\!\sqrt{2}$, Region E disappears. See main text for details.
• Figure 3: Phase diagram for threshold secret-sharing schemes, based on the random-energy model. (a) We split $N$ spins into an $M$-spin secret $\sigma^m$ and $n$ shares $(\tau_1,\tau_2,\dots,\tau_n)$, each with $(N\!-\!M)/n$ spins. (b) The secrecy and correctness requirements of a $(k,n)$ threshold scheme result in temperature lower and upper bounds, $t^-$ and $t^+$ respectively, see Eqs (\ref{['eq:secrecy']}-\ref{['eq:t+']}). These bounds depend on the secret length $m\!=\!M/N$ (as a proportion of the system size) and define a secure region (shaded area). Longer secrets are secure over a smaller temperature range. This range disappears completely ($t^-\!>\!t^+$) when $m\!>\!1/(n\!+\!1)$; that is, no secure scheme exists when the secret is longer than each share. (c) In the secure region, the entropy of the secret and of each share is equal to their lengths, i.e., $S(\sigma^m)\!=\!M$ and $S(\tau_i)\!=\!(N\!-\!M)/n$. We see that $S(\tau_i)\!\ge\!S(\sigma^m)$ with equality for $m\!=\!1/(n\!+\!1)$ at which $t^-\!=\!t^+\!=\!1/\sqrt{1\!-\!k/(n\!+\!1)}$.
• Figure 4: Finite-spin REMs implement secret-sharing schemes with a tradeoff between security and recoverability. (a) We show the mutual information between the secret $\sigma^m$ and $r$ distinct shares $\tau^r$ for the cases where $r$ is at the threshold (blue) and subthreshold (red). The thick lines are the average of 20 independent realizations of the REM, each depicted by thin lines. The dashed lines correspond to the thermodynamic limit ($N\!\to\!\infty$) and the shaded area to the temperature range which satisfies the requirements of a secure scheme, see Eqs (\ref{['eq:secrecy']}-\ref{['eq:t+']}). (b) We display the parametric curve of the at-threshold and subthreshold information terms, (vertical and horizontal axes, respectively). The thick curve is the average of 20 independent REMs (thin curves), and the dashed line is the corresponding parametric plot for the thermodynamic limit. This plot illustrates how far finite-spin REM secret sharing is from an information-theoretically secure scheme ($\star$). Here $N\!=\!27$, $M\!=\!5$ and $(k,n)\!=\!(2,2)$. For the thermodynamic case, we let $N\!\to\!\infty$ while fixing the ratio $M/N$.
• Figure 5: Larger REMs yield more secure secret-sharing schemes. We show the parametric curves of the at-threshold and subthreshold information terms (vertical and horizontal axes, respectively) for a five-spin secret ($M\!=\!5$) under three threshold schemes, $(k,n)\!=\!(2,2),(3,3),(2,3)$ (left to right) at various share size (see legend). In all cases, the tradeoff frontiers become closer to the ideal scheme ($\star$) with increasing share size. Here the information is the average of 20 independent REMs.