## CryptoDB

### Paper: Nearly Optimal Robust Secret Sharing against Rushing Adversaries

Authors: Pasin Manurangsi , Google Research Akshayaram Srinivasan , UC Berkeley Prashant Nalini Vasudevan , UC Berkeley DOI: http://dx.doi.org/10.1007/978-3-030-56877-1_6 (login may be required) Search ePrint Search Google CRYPTO 2020 Robust secret sharing is a strengthening of standard secret sharing that allows the shared secret to be recovered even if some of the shares being used in the reconstruction have been adversarially modified. In this work, we study the setting where out of all the $n$ shares, the adversary is allowed to adaptively corrupt and modify up to $t$ shares, where $n = 2t+1$.\footnote{Note that if the adversary is allowed to modify any more shares, then correct reconstruction would be impossible.} Further, we deal with \emph{rushing} adversaries, meaning that the adversary is allowed to see the honest parties' shares before modifying its own shares. It is known that when $n = 2t+1$, to share a secret of length $m$ bits and recover it with error less than $2^{-\sec}$, shares of size at least $m+\sec$ bits are needed. Recently, Bishop, Pastro, Rajaraman, and Wichs (EUROCRYPT 2016) constructed a robust secret sharing scheme with shares of size $m + O(\sec\cdot\polylog(n,m,\sec))$ bits that is secure in this setting against non-rushing adversaries. Later, Fehr and Yuan (EUROCRYPT 2019) constructed a scheme that is secure against rushing adversaries, but has shares of size $m + O(\sec\cdot n^{\eps}\cdot \polylog(n,m,\sec))$ bits for an arbitrary constant $\eps > 0$. They also showed a variant of their construction with share size $m + O(\sec\cdot\polylog(n,m,\sec))$ bits, but with super-polynomial reconstruction time. We present a robust secret sharing scheme that is simultaneously close-to-optimal in all of these respects -- it is secure against rushing adversaries, has shares of size $m+O(\sec \log{n} (\log{n}+\log{m}))$ bits, and has polynomial-time sharing and reconstruction. Central to our construction is a polynomial-time algorithm for a problem on semi-random graphs that arises naturally in the paradigm of local authentication of shares used by us and in the aforementioned work.
##### BibTeX
@inproceedings{crypto-2020-30427,
title={Nearly Optimal Robust Secret Sharing against Rushing Adversaries},
publisher={Springer-Verlag},
doi={http://dx.doi.org/10.1007/978-3-030-56877-1_6},
author={Pasin Manurangsi and Akshayaram Srinivasan and Prashant Nalini Vasudevan},
year=2020
}