Strong security of linear ramp secret sharing schemes with general access structures

“…Initial scheme Field size 𝑞 ′ Design [7] Partially decryptable 2𝐿 Explicit [12] Multiple assignment 𝐿 + 𝑚 * Optimization [8] Linear 𝑞 𝑂 (𝐿 In a real-world situation, there are many users having different response patterns that reflect their individual requirements, e.g., some user has access to a smaller number of servers than others. We consider a system model, in which there are non-colluding users each of whom has one of 𝑀 response patterns Φ 1 ⊇ • • • ⊇ Φ 𝑀 .…”

“…Iwamoto and Yamamoto [7] proposed an explicit method to make a given ramp scheme for a general access structure strongly secure, assuming that the initial scheme satisfies a special property of partial decryptability. Then Eriguchi and Kunihiro [8] gave probabilistic methods assuming that the initial scheme satisfies linearity, which is a more common property of secret sharing. However, their methods are non-constructive and there is no method to verify the resulting scheme is indeed strongly secure except for the brute-force approach, which involves checking exponentially many matrices for non-singularity.…”

“…In this section, we give a more detailed explanation of Table 1. We compare our transformations in Theorems 1 and 2 with [7], [8], [12] in terms of the assumption on an initial scheme, the design of transformations, and the field size.…”

“…(1) Assumption on an Initial Scheme Theorems 1, 2, and [8] only require that an initial scheme be linear, which is satisfied by most of the previously proposed secret sharing schemes. To be precise, let Σ be an F 𝑞 -linear ramp secret sharing scheme realizing an 𝐿-level access structure A 𝐿 = (Γ 𝑗 ) 0≤ 𝑗 ≤𝐿 .…”

“…However, it still works since 𝑛 is fairly small in application to distributed data storage (e.g., 𝑛 = 6) and also since once 𝑻 is found, we can efficiently share and reconstruct secrets using the resulting strongly secure scheme. Our constructions being explicit and providing a deterministic algorithm are preferable to the non-constructive methods of [8], which fail to find 𝑻 with non-zero probability. Moreover, they provide no method to verify the resulting scheme is indeed strongly secure except for the brute-force approach of checking whether all the linear codes C 𝐴 (Σ 𝑻 ) are MDS.…”

Linear Algebraic Approach to Strongly Secure Ramp Secret Sharing for General Access Structures with Application to Symmetric PIR

“…Initial scheme Field size 𝑞 ′ Design [7] Partially decryptable 2𝐿 Explicit [12] Multiple assignment 𝐿 + 𝑚 * Optimization [8] Linear 𝑞 𝑂 (𝐿 In a real-world situation, there are many users having different response patterns that reflect their individual requirements, e.g., some user has access to a smaller number of servers than others. We consider a system model, in which there are non-colluding users each of whom has one of 𝑀 response patterns Φ 1 ⊇ • • • ⊇ Φ 𝑀 .…”

“…Iwamoto and Yamamoto [7] proposed an explicit method to make a given ramp scheme for a general access structure strongly secure, assuming that the initial scheme satisfies a special property of partial decryptability. Then Eriguchi and Kunihiro [8] gave probabilistic methods assuming that the initial scheme satisfies linearity, which is a more common property of secret sharing. However, their methods are non-constructive and there is no method to verify the resulting scheme is indeed strongly secure except for the brute-force approach, which involves checking exponentially many matrices for non-singularity.…”

“…In this section, we give a more detailed explanation of Table 1. We compare our transformations in Theorems 1 and 2 with [7], [8], [12] in terms of the assumption on an initial scheme, the design of transformations, and the field size.…”

“…(1) Assumption on an Initial Scheme Theorems 1, 2, and [8] only require that an initial scheme be linear, which is satisfied by most of the previously proposed secret sharing schemes. To be precise, let Σ be an F 𝑞 -linear ramp secret sharing scheme realizing an 𝐿-level access structure A 𝐿 = (Γ 𝑗 ) 0≤ 𝑗 ≤𝐿 .…”

“…However, it still works since 𝑛 is fairly small in application to distributed data storage (e.g., 𝑛 = 6) and also since once 𝑻 is found, we can efficiently share and reconstruct secrets using the resulting strongly secure scheme. Our constructions being explicit and providing a deterministic algorithm are preferable to the non-constructive methods of [8], which fail to find 𝑻 with non-zero probability. Moreover, they provide no method to verify the resulting scheme is indeed strongly secure except for the brute-force approach of checking whether all the linear codes C 𝐴 (Σ 𝑻 ) are MDS.…”

Linear Algebraic Approach to Strongly Secure Ramp Secret Sharing for General Access Structures with Application to Symmetric PIR