Papers
Topics
Authors
Recent
Search
2000 character limit reached

Additive Secret Sharing Schemes

Updated 21 January 2026
  • Additive Secret Sharing Schemes are cryptographic primitives that partition a secret into multiple shares such that only the sum reveals the secret, ensuring perfect secrecy.
  • They enable efficient secure multiparty computation via local arithmetic operations and constant-round protocols, supporting both classical and quantum network applications.
  • Code-theoretic and combinatorial extensions offer fine-grained access control, benefiting privacy-preserving applications like secure cloud computing and machine learning.

Additive Secret Sharing Schemes (ASS) partition a secret xx from an algebraic domain (field or ring) into multiple shares x1,…,xnx_1, \ldots, x_n such that only the sum (or modular sum) of all shares yields xx, and no subset of n−1n - 1 or fewer shares provides information about xx in the information-theoretic sense. This approach underpins secure multiparty computation and numerous cryptographic protocols, due to its homomorphic properties and composable security guarantees. ASS is realized across classical settings, with generalizations to quantum network architectures and code-theoretic structures for controlling access, correctness, and efficiency.

1. Algebraic Foundation and Construction

ASS can be instantiated over arbitrary rings or fields. For x∈Fx \in \mathbb{F}, the share-generation protocol selects n−1n-1 independent, uniformly random values x1,…,xn−1∈Fx_1,\ldots,x_{n-1} \in \mathbb{F}, then computes xn=x−∑j=1n−1xjx_n = x - \sum_{j=1}^{n-1} x_j (addition modulo the group operation in F\mathbb{F}). Each party x1,…,xnx_1, \ldots, x_n0 receives x1,…,xnx_1, \ldots, x_n1, ensuring x1,…,xnx_1, \ldots, x_n2 and that any strict subset is uniformly distributed and completely hides x1,…,xnx_1, \ldots, x_n3 (Xia et al., 2020, Xiong et al., 2020):

x1,…,xnx_1, \ldots, x_n4

x1,…,xnx_1, \ldots, x_n5

Correctness is immediate, and perfect secrecy against any coalition of size x1,…,xnx_1, \ldots, x_n6 is guaranteed by the uniform masking property.

Extensions of ASS leverage the structure of additive codes over finite fields such as x1,…,xnx_1, \ldots, x_n7, enabling non-threshold access structures and advanced combinatorial control over authorized sets (Kim et al., 2017). In this setting, the codeword generation associates the secret with a linear equation over x1,…,xnx_1, \ldots, x_n8 solved by a random vector x1,…,xnx_1, \ldots, x_n9, and shares are determined by a generator matrix xx0.

2. Computation on Secret Shares

ASS shares support a rich suite of arithmetic operations with minimal interaction. Addition and subtraction are purely local due to the linearity of the sharing:

  • Local addition/subtraction: Each party computes xx1 to obtain a share of xx2.
  • Secure multiplication: Requires pre-processing with Beaver triples. A trusted third party generates random xx3, shares them, and parties compute local masks and exchange masked differences. One round of interaction with xx4 communication suffices (Xia et al., 2020, Xiong et al., 2020):

xx5

Protocols generalize to matrix and vector operations entry-wise and allow efficient parallel composition (Xia et al., 2020).

For nonlinear functions (exponentiation, logarithm, division, comparison), switching between ASS and Multiplicative Secret Sharing (MSS) via secure resharing enables constant-round protocols. Trigonometric and inverse trigonometric functions exploit polynomial identities and Taylor expansion, implemented via compositions of the basic constant-round primitives (Xiong et al., 2020).

3. Security, Composability, and Model

ASS achieves information-theoretic (UC-) security against semi-honest adversaries, both in the classical and quantum settings. The simulation argument shows that the view of any adversarial party can be perfectly simulated by an independent uniform draw, revealing no information about the secret (Xiong et al., 2020, Xia et al., 2020). In the Abstract Cryptography framework, the ideal functionality xx6 receives the secret, distributes randomized shares, and aborts upon adversarial instruction. Security proofs for quantum protocols integrate security reductions to composable QKD and hybrid arguments (Grilo et al., 28 Apr 2025).

Composable security is crucial: composed executions in classical or quantum networks aggregate distinguishing advantages additively. For quantum Qline-based networks, protocols tolerate abort conditions and achieve xx7-security with xx8, where xx9 is the number of honest parties and n−1n - 10 the hash length (Grilo et al., 28 Apr 2025).

4. Access Structures and Code-Theoretic Extensions

Classical ASS implements threshold access structures: any n−1n - 11 shares suffice, but n−1n - 12 are useless. Code-based additive schemes on n−1n - 13 realize richer access structures, controlled by combinatorial designs in the dual additive code. Reconstruction requires two steps using trace inner products with vectors from three distinguished dual-code families n−1n - 14, mapping to lookup values that uniquely determine the secret (Kim et al., 2017):

  • Support-based access: Coalitions authorized only if they possess shares corresponding to codewords covering distinct blocks in n−1n - 15 and n−1n - 16.
  • Cheater detection: Minimum code weight n−1n - 17 detects up to n−1n - 18 cheating participants.
  • Minimal authorized sets: Defined by pairs of supports from different code-design families—yielding non-threshold but highly structured authorization.

Self-dual codes (e.g., hexacode, dodecacode, n−1n - 19) yield generalized xx0-designs, controlling coalition sizes and intersection properties.

5. Quantum-Assisted Distribution and Advanced Protocols

Quantum network architectures, notably the Qline model, support efficient ASS distribution at scale. Instead of requiring xx1 QKD links, the Qline allows distribution via xx2 quantum links, using chained phase rotations and basis measurements, with classical sifting, error correction, and privacy amplification steps (Grilo et al., 28 Apr 2025):

  • Prepare-and-measure protocol: Single source emits BB84-type qubits sequentially through xx3 intermediate phase-rotation nodes, terminating in a detector node. The protocol amalgamates random subset broadcasts, error estimation, syndrome announcement, correctness hashes, and privacy amplification.
  • Multiparty cryptographic primitives: Secure anonymous veto (Dining Cryptographers) and symmetric key establishment are realized as compositions of independent ASS distributions of zero.
  • Performance: For xx4 parties and xx5 Mbit share size, xx6 quantum measurements yield security advantage xx7 in under xx8 minutes.

Network and communication costs are significantly lower compared to classical QKD-based ASS.

6. Efficiency, Communication Complexity, and Practical Impact

ASS protocols offer constant or small round complexity for all basic and most advanced functions (Xia et al., 2020, Xiong et al., 2020):

Protocol Rounds Communication per party
Secure multiplication 1 xx9
Matrix multiplication 1 x∈Fx \in \mathbb{F}0
Secure division 3 x∈Fx \in \mathbb{F}1
Trigonometric ops 1 x∈Fx \in \mathbb{F}2

Preprocessing (e.g., Beaver triple generation) can be highly efficient and batched, with rates above x∈Fx \in \mathbb{F}3 triples/sec in practical experiments.

A plausible implication is that ASS with optimized secure computation protocols and quantum-assisted distribution is suitable for high-throughput privacy-preserving machine learning, cloud computing, and multi-party cryptography, delivering drastically reduced latency and communication overheads compared to classical bit-decomposition or homomorphic encryption-based approaches.

7. Comparative Analysis and Applications

ASS differs from Shamir’s threshold secret sharing in reconstruction (unconditional sum versus polynomial interpolation) and supports wider access patterns via additive codes (Kim et al., 2017). Anonymous veto, secure key establishment, privacy-preserving cloud computation (image retrieval, secure neural inference), and efficient MPC all leverage the additive linearity and constant-round computation model (Xia et al., 2020, Xiong et al., 2020, Grilo et al., 28 Apr 2025).

Security is predicated on the semi-honest assumption in classical models and on composable QKD security and quantum hardware integrity in quantum distribution regimes. Code-theoretic extensions provide granular coalition controls, and quantum distribution architectures reduce infrastructure costs and simplify scaling.

In summary, ASS constitutes a foundational cryptographic primitive, supporting scalable and efficient secure computation and secret sharing, with ongoing expansions into quantum networks and combinatorial code-theoretic architectures.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Additive Secret Sharing Schemes (ASS).