学术文献库

Secret sharing provides a means to distribute shares of a secret such that any authorized subset of shares, specified by an access structure, can be pooled together to recompute the secret. The standard secret sharing model requires public access structures, which violates privacy and facilitates the adversary by revealing high-value targets. In this paper, we address this shortcoming by introducing \emph{hidden access structures}, which remain secret until some authorized subset of parties collaborate. The central piece of this work is the construction of a set-system $\mathcal{H}$ with strictly greater than $\exp\left(c \dfrac{1.5 (\log h)^2}{\log \log h}\right)$ subsets of a set of $h$ elements. Our set-system $\mathcal{H}$ is defined over $\mathbb{Z}_m$, where $m$ is a non-prime-power, such that the size of each set in $\mathcal{H}$ is divisible by $m$ but the sizes of their pairwise intersections are not divisible by $m$, unless one set is a subset of another. We derive a vector family $\mathcal{V}$ from $\mathcal{H}$ such that superset-subset relationships in $\mathcal{H}$ are represented by inner products in $\mathcal{V}$. We use $\mathcal{V}$ to "encode" the access structures and thereby develop the first \emph{access structure hiding} secret sharing scheme. For a setting with $\ell$ parties, our scheme supports $2^{\binom{\ell}{\ell/2+1}}$ out of the $2^{2^{\ell - O(\log \ell)}}$ total monotone access structures, and its maximum share size for any access structures is $(1+ o(1)) \dfrac{2^{\ell+1}}{\sqrt{π\ell/2}}$. The scheme assumes semi-honest polynomial-time parties, and its security relies on the Generalized Diffie-Hellman assumption.