Quadratic Secret Sharing and Conditional Disclosure of Secrets

There is a huge gap between the upper and lower bounds on the share size of secret-sharing schemes for n-party access structures; consistent with our current knowledge the optimal share size can be anywhere between polynomial and exponential in n. For linear secret-sharing schemes, the share size for almost all n-party access structures is exponential in n. We would like to study larger classes of secret-sharing schemes with two goals: 1) prove lower bounds for larger classes of secret-sharing schemes; and 2) construct efficient secret-sharing schemes. Given this motivation, Paskin-Cherniavsky and Radune (ITC'20) introduced a new class of secret-sharing schemes in which the shares are generated by applying degree-d polyno-mials to the secret and some random field elements. We define and study two additional classes of polynomial secret-sharing schemes: 1) schemes in which the reconstruction of the secret is done using polynomials; and 2) schemes in which both sharing and reconstruction are done by polynomials. Our main result is a construction of secret-sharing schemes and conditional disclosure of secrets protocols with quadratic sharing and reconstruction that are more efficient than linear secret-sharing schemes. To complement our results, we prove lower bounds on the share size for schemes with polynomial reconstruction. Finally, we give an evidence that schemes with polynomial sharing are probably stronger than schemes with polynomial reconstruction.