Distributed Multi-User Secret Sharing

Abstract

We consider a distributed secret sharing system that consists of a dealer, n storage nodes, and m users. Each user is given access to a certain subset of storage nodes, where it can download the stored data. The dealer wants to securely convey a specific secret $\\text {s}_{\\text {j}}$ to user j via storage nodes, for $\\text {j}=1,2, {\\dots },\\text {m}$ . More specifically, two secrecy conditions are considered in this multi-user context. The weak secrecy condition is that each user does not get any information about the individual secrets of other users, while the perfect secrecy condition implies that a user does not get any information about the collection of all other users’ secrets. In this system, the dealer encodes secrets into several secret shares and loads them into the storage nodes. Given a certain number of storage nodes we find the maximum number of users that can be served in such a system and construct schemes that achieve this with perfect secrecy. We further define two major properties for such distributed secret sharing systems; communication complexity is defined as the total amount of data that users need to download in order to reconstruct their secrets; and storage overhead is defined as the total size of data loaded by the dealer into the storage nodes normalized by the total size of secrets. Lower bounds on the minimum communication complexity and the storage overhead are characterized given any n and m. We construct distributed secret sharing protocols, under certain conditions on the system parameters, that attain the lower bound on the communication complexity while providing perfect secrecy. Furthermore, we construct protocols, again under certain conditions, that simultaneously attain the lower bounds on the communication complexity and the storage overhead while providing weak secrecy, thereby demonstrating schemes that are optimal in terms of both parameters. It is shown how to modify the proposed protocols in order to construct schemes with balanced storage load and communication complexity.