Optimal Threshold Padlock Systems

In 1968, Liu described the problem of securing documents in a shared secret project. In an example, at least six out of eleven participating scientists need to be present to open the lock securing the secret documents. Shamir proposed a mathematical solution to this physical problem in 1979, by designing an efficient k-out-of-n secret sharing scheme based on Lagrange’s interpolation. Liu and Shamir also claimed that the minimal solution using physical locks is clearly impractical and exponential in the number of participants. In this paper we relax some implicit assumptions in their claim and propose an optimal physical solution to the problem of Liu that uses physical padlocks, but the number of padlocks is not greater than the number of participants. Then, we show that no device can do better for k-out-of-n threshold padlock systems as soon as k ⩾ 2 n , which holds true in particular for Liu’s example. More generally, we derive bounds required to implement any threshold system and prove a lower bound of O ( log ( n ) ) padlocks for any threshold larger than 2. For instance we propose an optimal scheme reaching that bound for 2-out-of-n threshold systems and requiring less than 2 log 2 ( n ) padlocks. We also discuss more complex access structures, a wrapping technique, and other sublinear realizations like an algorithm to generate 3-out-of-n systems with 2.5 n padlocks. Finally we give an algorithm building k-out-of-n threshold padlock systems with only O ( log ( n ) k − 1 ) padlocks. Apart from the physical world, our results also show that it is possible to implement secret sharing over small fields.