Abstract
A $(t,r)$ -function secret sharing ( $(t,r)$ -FSS) scheme allows a dealer to secret-share a function $f$ among $r$ parties as $r$ secret keys $k_{1},\ldots,k_{r}$ such that for any input $x$ the parties can compute $r$ output shares that allow the reconstruction of $f(x)$ but any $\leq t$ of the parties cannot learn any information about $f$ . FSS schemes for point functions have been constructed under the name of distributed point functions (DPFs). The existing DPFs are computationally secure and based on the existence of PRGs or OWFs. As a result, the protocols where DPFs work as building blocks are computationally secure as well. In this paper, we study information-theoretically secure $(t,r)$ -FSS (called $(t,r)$ -itFSS) and propose a generic transformation from information-theoretic private information retrieval (PIR) schemes to itFSS schemes for point functions. We measure the efficiency of itFSS with its communication complexity, which can be defined as the total length of the secret keys and the output shares, maximized over the choices of $f$ and $x$ . By instantiating the generic transformation, we obtain $(t,r)$ -itFSS schemes for a variety of choices of $(t,r)$ , which have sublinear (in the functions’ domain size) communication complexity. How to make sure that the parties’ shares of $f(x)$ do not reveal more information than what needed to compute $f(x)$ is an interesting problem. An itFSS with this property is called function-private. In this paper, we also define a parameter called the mutual rate of itFSS in order to measure the amount of information that will be leaked by the parties’ output shares. We calculate the mutual rates for several specific itFSS schemes. We also define computational function privacy and propose a 2-party itFSS scheme with computational function privacy.
Highlights
A secret sharing (SS) scheme allows a dealer to split a secret into multiple shares such that any authorized subset of the shares can recover the secret but any unauthorized subset of the shares contains absolutely no information about the secret
We measure the efficiency of an information-theoretic function secret sharing (itFSS) with its communication complexity, which can be defined as the total length of the r secret keys to the parties and the servers’ responses for computing f (α ), maximized over the choices of f and α
We study the property of function privacy
Summary
A secret sharing (SS) scheme allows a dealer to split a secret into multiple shares such that any authorized subset of the shares can recover the secret but any unauthorized subset of the shares contains absolutely no information about the secret. Motivated by the problem of securely searching and updating distributed data, Boyle et al [8] introduced the notion of function secret sharing (FSS). 3 an (r − 1, ), both for the r)-FSS scheme point functions as above The security of these FSS schemes are computational and based on the existence of pseudorandom generators (PRGs) with seed length λ. Gilboa and Ishai [16] constructed a PRG-based (1,2)-DPF (i.e., (1,2)-FSS for point functions) with key length O(λ · llog2 3), which is worse than [8]. FSS schemes for point functions (i.e., DPFs) have many interesting applications such as multi-server PIR, secure keyword search, and incremental secret sharing [8].
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
