@inproceedings{14457,
  abstract     = {Threshold secret sharing allows a dealer to split a secret s into n shares, such that any t shares allow for reconstructing s, but no t-1 shares reveal any information about s. Leakage-resilient secret sharing requires that the secret remains hidden, even when an adversary additionally obtains a limited amount of leakage from every share. Benhamouda et al. (CRYPTO’18) proved that Shamir’s secret sharing scheme is one bit leakage-resilient for reconstruction threshold t≥0.85n and conjectured that the same holds for t = c.n for any constant 0≤c≤1.  Nielsen and Simkin (EUROCRYPT’20) showed that this is the best one can hope for by proving that Shamir’s scheme is not secure against one-bit leakage when t0c.n/log(n).
In this work, we strengthen the lower bound of Nielsen and Simkin. We consider noisy leakage-resilience, where a random subset of leakages is replaced by uniformly random noise. We prove a lower bound for Shamir’s secret sharing, similar to that of Nielsen and Simkin, which holds even when a constant fraction of leakages is replaced by random noise. To this end, we first prove a lower bound on the share size of any noisy-leakage-resilient sharing scheme. We then use this lower bound to show that there exist universal constants c1, c2,  such that for sufficiently large n it holds that Shamir’s secret sharing scheme is not noisy-leakage-resilient for t≤c1.n/log(n), even when a c2 fraction of leakages are replaced by random noise.



},
  author       = {Hoffmann, Charlotte and Simkin, Mark},
  booktitle    = {8th International Conference on Cryptology and Information Security in Latin America},
  isbn         = {9783031444685},
  issn         = {1611-3349},
  location     = {Quito, Ecuador},
  pages        = {215--228},
  publisher    = {Springer Nature},
  title        = {{Stronger lower bounds for leakage-resilient secret sharing}},
  doi          = {10.1007/978-3-031-44469-2_11},
  volume       = {14168},
  year         = {2023},
}