Secret sharing schemes based on the dual of Golay codes

Abstract

Linear codes are an important class of codes in coding theory and have been extensively studied due to their significant applications (including the design of secret sharing schemes) in practical systems. Interesting linear codes having several different real-world applications are the so-called Golay codes. Secret sharing schemes play a fundamental role in cryptography and have numerous applications in security systems. One approach to constructing secret sharing schemes is based on linear codes, especially for minimal linear codes and self-dual codes. Several minimal linear codes based on Boolean cryptographic functions and vectorial Boolean functions have been found. This paper proposes two secret sharing schemes based on the dual of the [23,12,7]₂ and [11,6,5]₃ Golay codes, respectively, where these two Golay codes are neither minimal nor self-dual. We determine the minimal access structures of our schemes by using the two Golay codes’ combinatorial properties. To our surprise, our schemes are 3-democratic. This is interesting since our schemes are not threshold secret sharing schemes, and previous works propose some democratic secret sharing schemes that are based on the dual of minimal linear codes. On the other hand, we find that our schemes’ minimal access structures contradict a result of Dougherty et al. (ITW 2008). We then revise the minimal access structures of the secret sharing schemes based on the [24,12,8]₂ and [12,6,6]₃ extended Golay codes, respectively, and we further discuss the democracies of these two schemes.

Appendices

Appendix : A

Dougherty et al. [11] pointed that there were 253 minimal codewords having weight 16 in \(\mathcal {G}_{24}\). We will show that this statement contradicts our Lemmas 1 and 2. Assume that c^(16,24) is a minimal codeword of weight 16 in \(\mathcal {G}_{24}\), and its support is denoted by

$$supp(\mathbf{c}^{(16,24)})=\{0,x_{1},\ldots,x_{15}\}\in B_{0}^{(16,24)},$$

where \(0<x_{1}<\dots <x_{14}<x_{15}\). Consequently, we get a codeword c in \(\mathcal {G}_{23}\), which is obtained by deleting the last coordinate of c^(16,24).

If x₁₅≠ 23, we have \(supp(\mathbf {c}^{(16,24)})=supp(\mathbf {c})\in B_{0}^{(16,23)}\). By Lemma 2, the codeword c is not a minimal codeword in \(\mathcal {G}_{23}\), and hence there is a \(\mathbf {c}^{(8,23)}\in \mathcal {G}_{23}\) such that supp(c^(8,23)) \(\in B_{0}^{(8,23)}\) and supp(c^(8,23)) ⊂ supp(c). Since \(\mathcal {G}_{23}\) is obtained by puncturing \(\mathcal {G}_{24}\), there is a codeword \(\mathbf {c}^{(8,24)}\in \mathcal {G}_{24}\) satisfying supp(c^(8,24)) = supp(c^(8,23)). Thus we have

$$0\in supp(\mathbf{c}^{(8,24)})=supp(\mathbf{c}^{(8,23)})\subset supp(\mathbf{c})=supp(\mathbf{c}^{(16,24)}),$$

which implies c^(16,24) is not a minimal codeword in \(\mathcal {G}_{24}\) if 23∉supp(c^(16,24)).

If x₁₅ = 23, we have \(supp(\mathbf {c})\in B_{0}^{(15,23)}\) and supp(c^(16,24)) = supp(c) ∪{23}. According to Lemma 1, the codeword c is not a minimal codeword in \(\mathcal {G}_{23}\), and hence there is a codeword \(\mathbf {a})\in \mathcal {G}_{23}\) such that \(supp(\mathbf {a})\in B_{0}^{(7,23)}\cup B_{0}^{(8,23)}\) and supp(a) ⊂ supp(c). Moreover, there is a codeword \(\mathbf {a}^{(8,24)}\in \mathcal {G}_{24}\) satisfying

$$supp(\mathbf{a}^{(8,24)})=supp(\textbf{a})\cup \{23\},$$

which shows that

$$0\in supp(\mathbf{a}^{(8,24)})=supp(\textbf{a})\cup \{23\}\subset supp(\mathbf{c})\cup \{23\}=supp(\mathbf{c}^{(16,24)}),$$

and hence c^(16,24) is not a minimal codeword in \(\mathcal {G}_{24}\) if 23 ∈ supp(c^(16,24)).

To conclude this discussion, c^(16,24) is not a minimal codeword in \(\mathcal {G}_{24}\). This contradicts the assumption that c^(16,24) is a minimal codeword.

Appendix : B

We will prove that any two different normalized codewords of weight 6 in \(\mathcal {G}_{11}\) have different supports. Similarly, we can prove the case for codewords of weight 5. Assume that \(\mathbf {c}_{1}^{(6,11)}\) and \( \mathbf {c}_{2}^{(6,11)}\) are two different normalized codewords of weight 6 in \(\mathcal {G}_{11}\) such that \(supp(\mathbf {c}_{1}^{(6,11)})=supp(\mathbf {c}_{2}^{(6,11)})\). Since the first coordinate of these two codewords are 1, we have

$$1\leq \text{wt}(\mathbf{c}_{1}^{(6,11)}-\mathbf{c}_{2}^{(6,11)})\leq 5.$$

From the weight enumerator of \({\mathcal {G}_{11}}\) we obtain that \(\text {wt}(\mathbf {c}_{1}^{(6,11)}-\mathbf {c}_{2}^{(6,11)}))=5\). As a result, wt(c^(6,11) + c^(5,11)) = 2, which is a contradiction to the weight enumerator of \({\mathcal {G}_{11}}\). This completes the proof.