Leakage-Resilience of the Shamir Secret-Sharing Scheme Against Physical-Bit Leakages

Hemanta K. Maji, Hai H. Nguyen, Anat Paskin-Cherniavsky, Tom Suad, Mingyuan Wang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

10 Scopus citations

Abstract

Efficient Reed-Solomon code reconstruction algorithms, for example, by Guruswami and Wootters (STOC–2016), translate into local leakage attacks on Shamir secret-sharing schemes over characteristic-2 fields. However, Benhamouda, Degwekar, Ishai, and Rabin (CRYPTO–2018) showed that the Shamir secret sharing scheme over prime-fields is leakage resilient to one-bit local leakage if the reconstruction threshold is roughly 0.87 times the total number of parties. In several application scenarios, like secure multi-party multiplication, the reconstruction threshold must be at most half the number of parties. Furthermore, the number of leakage bits that the Shamir secret sharing scheme is resilient to is also unclear. Towards this objective, we study the Shamir secret-sharing scheme’s leakage-resilience over a prime-field F. The parties’ secret-shares, which are elements in the finite field F, are naturally represented as λ -bit binary strings representing the elements { 0, 1, ⋯, p- 1 }. In our leakage model, the adversary can independently probe m bit-locations from each secret share. The inspiration for considering this leakage model stems from the impact that the study of oblivious transfer combiners had on general correlation extraction algorithms, and the significant influence of protecting circuits from probing attacks has on leakage-resilient secure computation. Consider arbitrary reconstruction threshold k⩾ 2, physical bit-leakage parameter m⩾ 1, and the number of parties n⩾ 1. We prove that Shamir’s secret-sharing scheme with random evaluation places is leakage-resilient with high probability when the order of the field F is sufficiently large; ignoring polylogarithmic factors, one needs to ensure that log | F| ⩾ n/ k. Our result, excluding polylogarithmic factors, states that Shamir’s scheme is secure as long as the total amount of leakage m· n is less than the entropy k· λ introduced by the Shamir secret-sharing scheme. Note that our result holds even for small constant values of the reconstruction threshold k, which is essential to several application scenarios. To complement this positive result, we present a physical-bit leakage attack for m= 1 physical bit-leakage from n= k secret shares and any prime-field F satisfying |F|=1modk. In particular, there are (roughly) | F| n-k+1 such vulnerable choices for the n-tuple of evaluation places. We lower-bound the advantage of this attack for small values of the reconstruction threshold, like k= 2 and k= 3, and any |F|=1modk. In general, we present a formula calculating our attack’s advantage for every k as | F| → ∞. Technically, our positive result relies on Fourier analysis, analytic properties of proper rank-r generalized arithmetic progressions, and Bézout ’s theorem to bound the number of solutions to an equation over finite fields. The analysis of our attack relies on determining the “discrepancy” of the Irwin-Hall distribution. A probability distribution’s discrepancy is a new property of distributions that our work introduces, which is of potential independent interest.

Original languageEnglish
Title of host publicationAdvances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
EditorsAnne Canteaut, François-Xavier Standaert
PublisherSpringer Science and Business Media Deutschland GmbH
Pages344-374
Number of pages31
ISBN (Print)9783030778859
DOIs
StatePublished - 2021
Event40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021 - Zagreb, Croatia
Duration: 17 Oct 202121 Oct 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12697 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021
Country/TerritoryCroatia
CityZagreb
Period17/10/2121/10/21

Keywords

  • Bézout ’s theorem
  • Discrete Fourier analysis
  • Exponential sums
  • Irwin-Hall distribution
  • Local leakage resilience
  • Physical-bit leakage
  • Random punctured Reed-Solomon codes
  • Rank-r generalized arithmetic progression

Fingerprint

Dive into the research topics of 'Leakage-Resilience of the Shamir Secret-Sharing Scheme Against Physical-Bit Leakages'. Together they form a unique fingerprint.

Cite this