Paper 2024/1045

Efficient Secret Sharing for Large-Scale Applications

Sarvar Patel, Google (United States)
Giuseppe Persiano, University of Salerno, Google (United States)
Joon Young Seo, Google (United States)
Kevin Yeo, Google (United States), Columbia University
Abstract

Threshold secret sharing enables distributing a message to $n$ parties such that no subset of fewer than $t$ parties can learn the message, whereas any subset of at least $t$ parties can recover the message. Despite being a fundamental primitive, secret sharing still suffers from one significant drawback, where its message reconstruction algorithm is computationally expensive for large privacy thresholds $t$. In this paper, we aim to address this significant drawback. We study general $(t,c)$-ramp secret sharing schemes where the number of parties c needed to reconstruct the secret may be larger than $t$. We present a ramp secret sharing scheme whose reconstruction time is 2-7.8x faster than prior constructions suitable against adversaries that adaptively corrupt parties. For $t = 2^{20}$, our new protocol has reconstruction time of 5 seconds whereas prior work requires nearly half a minute. We see improvements starting from as small as $t = 256$. Furthermore, we obtain correctness threshold as small as $c \ge 1.05t$. To obtain our construction, we first improve the secret sharing frameworks by Cramer et al. (EUROCRYPT'15) and Applebaum et al. (CRYPTO'23) from erasure codes. Our new framework obtains secret sharing schemes that may be used against adversaries with adaptive corruptions while requiring only weaker correctness guarantees from the underlying erasure code with a distributed generation property. Furthermore, our new framework also maintains the linear homomorphism of the prior works. Afterwards, we present a concretely efficient erasure code from random band matrices that satisfies the distributed generation property. We show that our secret sharing scheme can improve many real-world applications. In secure aggregation protocols for federated learning, we obtain up to 22% reductions in computational cost by replacing Shamir's scheme with our construction. We extend our protocol to obtain a verifiable ramp secret sharing scheme where each party can verify the consistency of the shares. Our new verifiable ramp secret sharing has 8.2-25.2x faster sharing and 2.7-23.2x faster reconstruction time compared to prior works. Finally, we present an improved distributed verifiable random function that may be used for decentralized randomness beacons.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ACM CCS 2024
DOI
10.1145/3658644.3670379
Keywords
secret sharinglinear erasure codesverifiable secret sharing
Contact author(s)
sarvar @ google com
giuper @ gmail com
jyseo @ google com
kwlyeo @ google com
History
2024-06-28: approved
2024-06-27: received
See all versions
Short URL
https://ia.cr/2024/1045
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1045,
      author = {Sarvar Patel and Giuseppe Persiano and Joon Young Seo and Kevin Yeo},
      title = {Efficient Secret Sharing for Large-Scale Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1045},
      year = {2024},
      doi = {10.1145/3658644.3670379},
      note = {\url{https://eprint.iacr.org/2024/1045}},
      url = {https://eprint.iacr.org/2024/1045}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.