基于多变量多项式的门限函数秘密分享方案

A Multivariate Polynomial Based Threshold Function Secret Sharing Scheme

为了提高分布式环境下私密信息存取协议的效率,Boyle等人在2015年欧密会上提出了函数秘密分享(Function Secret Sharing,FSS)概念并给出了具体构造.传统秘密分享方案在参者之间分享的秘密为具体数值,而FSS方案中分享的秘密为函数.Boyle等人基于伪随机生成器构造了一类FSS方案,它们均为计算意义下安全的,即只能抵抗计算能力有限的敌手攻击.本文利用有限域上多变量多项式构造了完善安全的门限FSS方案.其设计技巧是将FSS方案中秘密函数在公开点处函数值的计算转换为公开函数在秘密点处函数值的计算.经过分析发现该方案的通信复杂度与重构门限值r和私密门限值t之间的比值相关;当重构门限值与私密门限值之间的比值较大时,该方案可以实现较低的通信复杂度.此外,该方案可以同时满足函数秘密分享的简洁性、压缩性和函数私密性.这些良好的性能与性质使得该方案可更好地适用于设计各类私密信息存取协议.

Functional Secret Sharing(FSS)is a cryptographic primitive introduced by Boyle et al.at Eurocrypt 2015 and motivated by increasing the efficiency of private information access.Unlike the traditional secret sharing,in which the secret shared among participants is a certain value,the secret shared in FSS is a function.The existing FSS schemes designed by Boyle et al.are constructed based on pseudo-random generators,those schemes are computationally secure and they can only resist the adversaries with limited computing power.In this paper,a threshold FSS scheme with perfect security is constructed by using multi-variable polynomial techniques over finite fields.The core technique is to convert the calculation of the function value of the secret function at the public point in the FSS to the calculation of the function value of the public function at the secret point.It is found that the communication complexity of the proposed scheme is related to the ratio of the reconstruction threshold r and the privacy threshold t.This communication complexity is lower if the ratio is larger.The proposed FSS scheme has the properties such as simplicity,compressibility,and function privacy.The good performance and properties show that the proposed scheme is suitable to the design of some new private information access protocols.