{"title":"The Capacity Region of Distributed Multi-User Secret Sharing Under Perfect Secrecy","authors":"Jiahong Wu;Nan Liu;Wei Kang","doi":"10.1109/TIFS.2024.3484666","DOIUrl":null,"url":null,"abstract":"We study the problem of distributed multi-user secret sharing (DMUSS), involving a main node, N storage nodes, and K users. Every user has access to the contents of a certain subset of storage nodes and wants to decode an independent secret message. With knowledge of K secret messages, the main node strategically places encoded shares in the storage nodes, ensuring two crucial conditions: (i) each user can recover its own secret message from the storage nodes that it has access to; (ii) each user is unable to acquire any information regarding the collection of \n<inline-formula> <tex-math>$K-1$ </tex-math></inline-formula>\n secret messages for all the other users. The rate of each user is defined as the size of its secret message normalized by the size of a storage node. We characterize the capacity region of the DMUSS problem, which is the closure of the set of all achievable rate tuples that satisfy the correctness and perfect secrecy conditions. The converse proof relies on a bound from the traditional single-secret sharing regime. In the achievability proof, we firstly design the linear decoding functions, based on the fact that each secret message needs to be recovered from a single set of storage nodes. It turns out that the perfect secrecy condition holds if K matrices, whose entries are extracted from the decoding functions, are full rank. We prove that the decoding functions can be constructed explicitly if the rate tuple satisfies the converse and the field size is not less than K. At last, the encoding functions are obtained by solving the system of linear decoding functions, where some shares are equal to the randomness and the other shares are linear combinations of the secret messages and the randomness.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9954-9969"},"PeriodicalIF":6.3000,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10731875/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
Abstract
We study the problem of distributed multi-user secret sharing (DMUSS), involving a main node, N storage nodes, and K users. Every user has access to the contents of a certain subset of storage nodes and wants to decode an independent secret message. With knowledge of K secret messages, the main node strategically places encoded shares in the storage nodes, ensuring two crucial conditions: (i) each user can recover its own secret message from the storage nodes that it has access to; (ii) each user is unable to acquire any information regarding the collection of
$K-1$
secret messages for all the other users. The rate of each user is defined as the size of its secret message normalized by the size of a storage node. We characterize the capacity region of the DMUSS problem, which is the closure of the set of all achievable rate tuples that satisfy the correctness and perfect secrecy conditions. The converse proof relies on a bound from the traditional single-secret sharing regime. In the achievability proof, we firstly design the linear decoding functions, based on the fact that each secret message needs to be recovered from a single set of storage nodes. It turns out that the perfect secrecy condition holds if K matrices, whose entries are extracted from the decoding functions, are full rank. We prove that the decoding functions can be constructed explicitly if the rate tuple satisfies the converse and the field size is not less than K. At last, the encoding functions are obtained by solving the system of linear decoding functions, where some shares are equal to the randomness and the other shares are linear combinations of the secret messages and the randomness.
我们研究的分布式多用户秘密共享(DMUSS)问题涉及一个主节点、N 个存储节点和 K 个用户。每个用户都能访问某个存储节点子集的内容,并希望解码一个独立的密文。在知道 K 个密文后,主节点会有策略地将编码共享放到存储节点中,以确保两个关键条件:(i) 每个用户都能从其可访问的存储节点中恢复自己的密文;(ii) 每个用户都无法获得有关所有其他用户的 $K-1$ 密文集合的任何信息。每个用户的速率定义为其秘密信息的大小与存储节点大小的归一化。我们描述了 DMUSS 问题的容量区域,即满足正确性和完全保密条件的所有可实现速率图元集合的闭合区域。反向证明依赖于传统的单秘密共享机制的约束。在可实现性证明中,我们首先设计了线性解码函数,其依据是每条秘密信息都需要从一组存储节点中恢复。结果表明,如果从解码函数中提取的 K 矩阵的条目是满级的,则完美保密条件成立。最后,我们通过求解线性解码函数系统得到了编码函数,其中一些份额等于随机性,另一些份额是密文和随机性的线性组合。
期刊介绍:
The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features