Optimal Complexity of Secret Sharing Schemes with Four Minimal Qualified Subsets ∗ Jaume Mart´ ı-Farr´ e CarlesPadr´o LeonorV´azquez November 9, 2009 Abstract The complexity of a secret sharing scheme is defined as the ratio between the maximum length of the shares and the length of the secret. This paper deals with the open prob- lem of optimizing this parameter for secret sharing schemes with general access structures. Specifically, our objective is to determine the optimal complexity of the access structures with exactly four minimal qualified subsets. Lower bounds on the optimal complexity are obtained by using the known polymatroid technique in combination with linear program- ming. Upper bounds are derived from decomposition constructions of linear secret sharing schemes. In this way, the exact value of the optimal complexity is determined for several access structures in that family. For the other ones, we present the best known lower and upper bounds. Key words: Secret sharing, Optimization of secret sharing schemes for general access structures. 1 Introduction A secret sharing scheme is a method to distribute a secret value into shares among a set of participants in such a way that only some qualified subsets of participants can recover the secret value from their shares. Secret sharing was introduced independently in 1979 by Blakley [5] and Shamir [31], and it is a very important cryptographic primitive that is used as a building block in many different cryptographic protocols. In this work we consider only unconditionally secure perfect secret sharing schemes, that is, the shares of the participants in a non-qualified subset must not provide any information at all about the secret. The qualified subsets form the access structure of the secret sharing scheme, which is a monotone increasing family of subsets of participants. That is, any superset of a qualified subset is also qualified. Then an access structure is determined by the collection of its minimal qualified subsets. Ito, Saito and Nishizeki [21] proved, in a constructive way, that every access structure admits a secret sharing scheme. Another general construction was given by Benaloh and Leichter [4]. In those schemes, the shares are much larger than the secret value. Actually, the length of the shares grows exponentially with the number of participants. This is not desirable because the security and efficiency of a system depends on the amount of information that must be kept secret. * This work was partially supported by the Spanish Ministry of Education and Science under projects TIC 2003-00866 and TSI2006-02731. 1