International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Secret Sharing with Certified Deletion

Authors:
James Bartusek , UC Berkeley
Justin Raizes , Carnegie Mellon University
Download:
DOI: 10.1007/978-3-031-68394-7_7 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2024
Abstract: Secret sharing allows a user to split a secret into many shares so that the secret can be recovered if, and only if, an authorized set of shares is collected. Although secret sharing typically does not require any computational hardness assumptions, its security \emph{does} require that an adversary cannot collect an authorized set of shares. Over long periods of time where an adversary can benefit from multiple data breaches, this may not be a realistic assumption. We initiate the systematic study of secret sharing \emph{with certified deletion} in order to achieve security \emph{even against an adversary that eventually collects an authorized set of shares}. In secret sharing with certified deletion, a (classical) secret $s$ is split into quantum shares which can be destroyed in a manner verifiable by the dealer. We put forth two natural definitions of security. \textbf{No-signaling security} roughly requires that if multiple non-communicating adversaries delete sufficiently many shares, then their combined view contains negligible information about $s$, even if the total set of corrupted parties forms an authorized set. \textbf{Adaptive security} requires privacy of $s$ against an adversary that can continuously and adaptively corrupt new shares and delete previously-corrupted shares, as long as the total set of corrupted shares minus deleted shares remains unauthorized. Next, we show that these security definitions are achievable: we show how to construct (i) a secret sharing scheme with no-signaling certified deletion for \emph{any monotone access structure}, and (ii) a \emph{threshold} secret sharing scheme with adaptive certified deletion. Our first construction uses Bartusek and Khurana's (CRYPTO 2023) 2-out-of-2 secret sharing scheme with certified deletion as a building block, while our second construction is built from scratch and requires several new technical ideas. For example, we significantly generalize the ``XOR extractor'' of Agarwal, Bartusek, Khurana, and Kumar (EUROCRYPT 2023) in order to obtain better seedless extraction from certain quantum sources of entropy, and show how polynomial interpolation can double as a high-rate randomness extractor in our context of threshold sharing with certified deletion.
BibTeX
@inproceedings{crypto-2024-34249,
  title={Secret Sharing with Certified Deletion},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-68394-7_7},
  author={James Bartusek and Justin Raizes},
  year=2024
}