* z Multi-Secret Sharing Schemes EXTENDED ABSTRACT Carlo Blundo, Alfred0 De Santis, Giovanni Di Crescenzo, Antonio Giorgio Gaggia, and Ugo Vaccaro Dipartimento di Informatica ed Applicazioni, Universiti di Salerno, 84081 Baronissi (SA), Italy {carblu, ads ,giodic, antgio ,uv)@udsab.dia.unisa. it zy Abstract. A multi-secret sharing scheme is a protocol to share zyx m arbi- trarily related secrets s1,. . . , zyxw sm among a set of participants zy P. In this paper we put forward zyxwv a general theory of multi-secret sharing schemes by using an information theoretical framework. We prove lower bounds on the size of information held by each participant for various access structures. Finally, we prove the optimality of the bounds by providing protocols. 1 Introduction A secret sharing scheme is a technique to share a secret s among a set ‘ P of participants in such a way that only qualified subsets, pooling together their in- formation, can reconstruct the secret s; but subsets of participants that are not enabled to recover the secret have no information on it. Secret sharing schemes are useful in any important action that requires the concurrence of several de- signed people to be initiated, as launching a missile, opening a bank vault or even opening a safety deposit box. Secret sharing schemes are also used in man- agement of cryptographic keys and multi-party secure protocols (see [lo), [2] ). Secret sharing schemes were introduced by Shamir [lG] and Blakley [3]. They analyzed the case when only subsets A of zyxw P of cardinality IAl zyx 2 k, for a fixed integer k, can reconstruct tlie secret. These schemes are called (Ic, n) threshold schemes, where n = IPl. Subsequently, Ito, Saito, and Nishizeki [ll] and Benaloh and Leichter [l] described a more general method of secret sharing. They showed how to realize a secret sharing scheme for any access structure, where the access structure is the family of all subsets of participants that are able to reconstruct the secret. The recent siirvey by Stinson [18] contains an unified description of recent results in the area of secret sharing schemes. For different approaches to the study of secret sharing schemes, for schemes with “extended capabilities” as disenrollment, fault-tolerance, and pre-positioning and for a complete bibliogra- phy we recommend the survey article by Simmons [17]. * Partially supported by Italian Ministry of University and Research (M.U.R.S.T.) and by National Council €or Research (C.N.R.). Y.G. Desmedt (Ed.): Advances in Cryptology - CRYPT0 ’94, LNCS 839, pp. 150-163, 1994. zy 0 Springer-Verlag Berlin Heidelberg 1994