Ústav teorie informace a automatizace

## Mini-Symposium MTR 2023 - Secret Sharing

13.03.2023

The department of Decision-Making Theory organizes a Mini-Symposium on secret sharing. The event offers three exceptional speakers: Carles Padro, Laszlo Csirmaz, and Mate Gyarmati. The Mini-Symposium is organized in a hybrid form. It is possible to participate either in person or connect virtually using the Zoom application. All three speakers will participate on-site.

The other option is to follow the online stream on YouTube.

The symposium will be held at UTIA, in Lecture hall No. 3, accessible from the lobby, on Monday, March 13, 2023, starting at 14:00 CET.

The program structure:

• 14:00 - 15:00: An Introduction to Secret Sharing, Carles Padro, Universitat Politecnica de Cataunya, Barcelona, Spain

ABSTRACT: Secret sharing consists of methods to distribute into shares a piece of secret information. Secrecy must prevail even if some shares are compromised, and the information should be safe even if some shares are lost or corrupt. It is a fundamental primitive in cryptography, and it is used in different kinds of cryptographic protocols. In this talk, secret sharing is approached from the theory of error correction codes. Beginning with simple examples arising from linear codes, connections to other areas like finite geometries, combinatorics, and information theory will be revealed.

• 15:00 - 15:30 coffee break

• 15:30 - 16:30: Unsolved problems in secret sharing, László Csirmaz, UTIA, Czech Academy of Sciences, Prague

ABSTRACT: A brief overview of my favorite problems. Some of them have been considered by many researchers, others indicate interesting or unexpected phenomena which have not been investigated thoroughly. Shamir's threshold secret-sharing method has a nice geometrical interpretation that uses finite geometry. Can it be generalized for traditional continuous geometries?

The main open question in secret sharing is the share size. Known constructions produce exponentially big shares, while we can only prove linear lower bounds.

Share size is measured using amortized cost relative to the bits in secret. When the secret is only a single bit, the amortized cost can be much smaller. How much smaller?

Secret sharing uses unconditional security, while computer communication is quite happy with computational security. How much can secret sharing gain by relaxing the unconditional security requirement?

The ultimate goal of secret sharing is to recover the secret from the shares distributed to participants. How to fight against participants who submit a wrong share or simply refuse to take part in the reconstruction process?

Finally, can secret sharing do better, and if yes, how much, if negligible errors (both in security and correctness) are tolerated?

• 16:30 - 17:00 coffee break

• 17:00 - 18:00 Secret sharing on some special families of access structures, Mate Gyarmati, Eotvos Lorand University, Budapest, Hungary

ABSTRACT: In the case of general access structures, it is extremely difficult to determine the complexity or to construct an efficient secret sharing. Furthermore, for application, some specific access structure is likely needed. Therefore, it is interesting to investigate more specific access structures.

We consider four types: structures defined by few participants; ideal structures, which have minimal complexity; graph-based access structures, for which every minimal qualified set has size two; bipartite and multipartite access structures, in which the set of participants is divided into two or more parts, and a subset of participants is qualified if it contains enough elements from all of these parts.

• 19:00 symposium dinner
24.03.2023 - 20:05