International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On Secret Sharing Schemes, Matroids and Polymatroids

Authors:
Jaume Martí-Farré
Carles Padró
Download:
URL: http://eprint.iacr.org/2006/077
Search ePrint
Search Google
Abstract: The complexity of a secret sharing scheme is defined as the ratio between the maximum length of the shares and the length of the secret. The optimization of this parameter for general access structures is an important and very difficult open problem in secret sharing. We explore in this paper the connections of this open problem with matroids and polymatroids. Matroid ports were introduced by Lehman in 1964. A forbidden minor characterization of matroid ports was given by Seymour in 1976. These results are previous to the invention of secret sharing by Shamir in 1979. Important connections between ideal secret sharing schemes and matroids were discovered by Brickell and Davenport in 1991. Their results can be restated as follows: every ideal secret sharing scheme defines a matroid, and its access structure is a port of that matroid. In spite of this, the results by Lehman and Seymour and other subsequent results on matroid ports have not been noticed until now by the researchers interested in secret sharing. Lower bounds on the optimal complexity of access structures can be found by taking into account that the joint Shannon entropies of a set of random variables define a polymatroid. We introduce a new parameter, which is denoted by $\kappa$, to represent the best lower bound that can be obtained by this method. We prove that every bound that is obtained by this technique for an access structure applies to its dual structure as well. By using the aforementioned result by Seymour we obtain two new characterizations of matroid ports. The first one refers to the existence of a certain combinatorial configuration in the access structure, while the second one involves the values of the parameter $\kappa$ that is introduced in this paper. Both are related to bounds on the optimal complexity. As a consequence, we generalize the result by Brickell and Davenport by proving that, if the length of every share in a secret sharing scheme is less than 3/2 times the length of the secret, then its access structure is a matroid port. This generalizes and explains a phenomenon that was observed in several families of access structures. Finally, we present a construction of linear secret sharing schemes for the ports of the Vamos matroid and the non-Desargues matroid, which do not admit any ideal secret sharing scheme. We obtain in this way upper bounds on their optimal complexity. These new bounds are a contribution on the search of examples of access structures whose optimal complexity lies between 1 and 3/2.
BibTeX
@misc{eprint-2006-21570,
  title={On Secret Sharing Schemes, Matroids and Polymatroids},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / Secret sharing, Ideal secret sharing schemes, Ideal access structures, Secret sharing representable matroids, Information rate.},
  url={http://eprint.iacr.org/2006/077},
  note={This is an extended version of the paper that appeared in TCC 2007 cpadro@ma4.upc.edu 14425 received 27 Feb 2006, last revised 30 Jun 2009},
  author={Jaume Martí-Farré and Carles Padró},
  year=2006
}