pdf icon
Volume 16 (2020) Article 2 pp. 1-18
Threshold Secret Sharing Requires a Linear-Size Alphabet
Received: November 26, 2016
Revised: May 3, 2019
Published: September 7, 2020
Download article from ToC site:
[PDF (285K)]    [PS (1329K)]    [PS.GZ (323K)]
[Source ZIP]
Keywords: secret sharing, threshold, lower bound
ACM Classification: F.1.3
AMS Classification: 68Q17, 94A60

Abstract: [Plain Text Version]

$ $

We prove that for every $n$ and $1 < t < n$ any $t$-out-of-$n$ threshold secret sharing scheme for one-bit secrets requires share size $\log(t + 1)$. Our bound is tight when $t = n - 1$ and $n$ is a prime power. In 1990 Kilian and Nisan proved the incomparable bound $\log(n - t + 2)$. Taken together, the two bounds imply that the share size of Shamir's secret sharing scheme (Comm. ACM 1979) is optimal up to an additive constant even for one-bit secrets for the whole range of parameters $1 < t < n$. More generally, we show that for all $1 < s < r < n$, any ramp secret sharing scheme with secrecy threshold $s$ and reconstruction threshold $r$ requires share size $\log((r + 1)/(r - s))$. As part of our analysis we formulate a simple game-theoretic relaxation of secret sharing for arbitrary access structures. We prove the optimality of our analysis for threshold secret sharing with respect to this method and point out a general limitation.