Efficient integer span program for hierarchical threshold access structure

https://doi.org/10.1016/j.ipl.2013.05.009Get rights and content

Highlights

  • We propose an efficient integer span program that realizes the hierarchical threshold access structure.

  • Our construction is the first efficient one for non-threshold access structure, to the best knowledge of the authors.

  • Some efficient non-threshold black-box secret sharing schemes and linear integer secret sharing schemes can be constructed by our construction.

Abstract

Integer span program (ISP) is a monotone span program (MSP) over Z, which is introduced by Cramer and Fehr in CRYPTO 2002. ISP can be used to construct black-box secret sharing scheme (BBSSS) and linear integer secret sharing scheme (LISSS). The efficiency of ISPs is a very important research objective, as efficient ISP can be used to construct efficient BBSSS and efficient LISSS. Until now, only efficient ISPs that realize threshold access structure have been constructed, but not efficient ISPs realizing other access structures. The main contribution of this paper is that we propose an efficient ISP that realizes the hierarchical threshold access structure, to the best knowledge of the authors, which is the first efficient one for non-threshold access structure. Accordingly, with the proposed construction of efficient ISP realizing hierarchical threshold access structure, the construction of efficient non-threshold BBSSSs and LISSSs for a useful family of access structures is presented.

Introduction

Integer span program (ISP), i.e., monotone span program (MSP) over Z, is a very useful primitive, since it can be used to construct black-box secret sharing scheme (BBSSS) [12], [11], [5], [7] and linear integer secret sharing scheme (LISSS) [8]. The relations between ISP and BBSSS were given by Cramer and Fehr [5]. There are many applications of BBSSS, such as threshold RSA [12], [11], black-box ring multiparty computation [6], and zero-knowledge [4]. The relations between ISP and LISSS were given by Damgård and Thorbek [8]. LISSS can be used to build secure distributed protocols for exponentiation in any group [8], [10] and zero-knowledge [9].

ISP was introduced by Cramer and Fehr [5] to construct BBSSS. Cramer and Fehr argued that there exists an ISP for every access structure. But the existing methods for constructing corresponding ISPs are inefficient. The efficiency of ISPs and secret sharing schemes is usually measured by the ratio between the number of the rows of the monotone span matrix and the number of participants. Efficient construction of ISPs, which have the ratios being polynomial on the number of participants is of interested to this work. The efficiency of ISP is very important because only efficient ISPs have the real applications in practice. Nowadays, only efficient ISP realizing threshold access structure was constructed by Desmedt and Frankel [11], and Cramer and Fehr [5], especially, Cramer and Fehrʼs construction is optimal. But efficient ISPs with the realization of other access structures are yet to be proposed. Efficient MSPs realizing non-threshold access structures are of great importance and have attracted a great amount of research interest. There are several reports of research on efficient MSPs over finite fields, including [2], [3], [13], [14], [15], [16], [18], [19], [20], [21]. But the construction of efficient ISPs for non-threshold access structures is still missing.

In this paper, an efficient ISP realizing hierarchical threshold access structure is constructed, which can be used to construct efficient BBSSS and efficient LISSS for hierarchical threshold access structure. We extend the approach that was proposed by Cramer and Fehr [5] to introduce the concept of weak MSPs, which can be used to construct ISP for hierarchical threshold access structure. One of the main contributions of this work is that a method of constructing efficient ISPs by using MSPs over finite fields [20] and rational field is proposed. The proposed method may be applied to construct efficient ISPs for other access structures.

The paper is organized as follows. Section 2 gives an introduction on related notations and definitions about ISP, as well as the theory of Birkhoff interpolation. Section 3 introduces the definitions about weak MSPs, and identifies the relations among these definitions. The important result is presented in Section 4, an efficient ISP realizing hierarchical threshold is constructed by using MSPs over finite fields [20] and rational fields.

Section snippets

The notions about integer span program

The following notation convention is adopted in this work: Vectors are denoted by boldface letters, while their components are denoted with the corresponding italic-type indexed letter. We start by defining an access structure which is a collection of authorized sets that can reconstruct the secret.

Definition 1 Access structure

Let U={u1,,un} be the set of participants. A collection Γ2U is monotone if VΓ and VW imply that WΓ. An access structure is a monotone collection Γ2U of nonempty subsets of U. Sets in Γ are

Weak monotone span program

This section presents an introduction on some new definitions, which extend the definition of MSP introduced by Cramer and Fehr [5] followed by the relations among these definitions.

Definition 6

I-weak MSP

M=(Λ,M,ψ,ε) is a I-weak MSP for Γ, if there exist ϑ1,ϑ2Λ{0} such that for all VU the following holds.

  • If VΓ, then ϑ1εimMVT.

  • If VΓ, then there exists κ=(κ1,,κe)TkerMV with κ1=ϑ2.

If Λ=Z, M is called a I-weak ISP for Γ.

Definition 7

II-weak MSP

M=(Λ,M,ψ,ε) is a II-weak MSP for Γ, if there exists ϑΛ{0} such that for all VU the

Integer span program for hierarchical threshold access structures

This section presents a way of constructing efficient ISP that realizes Γ0. From the above section, it is known that if it is possible to construct coprime II-weak MSPs for Γ0 over R, then it is possible to construct an ISP for Γ0. We first give an approach to construct a weak MSP for Γ0 over Z.

Conclusions

This work proposed an approach to construct efficient ISPs for hierarchical threshold access structures. The proposed approach can also be used to construct efficient ISPs for other access structures. However, the size of our construction of ISP is not minimal, the issue of constructing ISPs for hierarchical threshold structure with minimal sizes remains to be investigated.

References (21)

  • K. Atkinson et al.

    A partial characterization of poised Hermite–Birkhoff interpolation problems

    SIAM J. Numer. Anal.

    (1969)
  • A. Beimel

    Secure schemes for secret sharing and key distribution

    (June 1996)
  • A. Beimel et al.

    Characterizing ideal weighted threshold secret sharing

    SIAM J. Discrete Math.

    (2008)
  • R. Cramer et al.

    On the amortized complexity of zero-knowledge protocols

  • R. Cramer et al.

    Optimal black-box secret sharing over arbitrary abelian groups

  • R. Cramer et al.

    Efficient multi-party computation over rings

  • R. Cramer et al.

    Primitive sets over number fields and black-box secret sharing

  • I. Damgård et al.

    Linear integer secret sharing and distributed exponentiation

  • I. Damgård et al.

    Non-interactive proofs for integer multiplication

  • I. Damgård et al.

    Efficient, robust and constant-round distributed RSA key generation

There are more references available in the full text version of this article.

Cited by (0)

1

Research supported in part by the Guangzhou Research Infrastructure Development Fund (No. 2012224-12), the Guangdong Nature Science Fund (No. S2012030006242), the Guangdong-CAS Cooperation Fund (No. 2011A090100003), the Guangdong Emerging Industry Key Technology R&D Fund (No. 2011A010801007), the Guangzhou Zhujiang Science and Technology Future Fellow Fund (No. 2011J2200089), and the MOE-China Mobile Research Fund (No. MCM20121051).

View full text
Crown copyright © 2013 Published by Elsevier B.V. All rights reserved.