On d-Multiplicative Secret Sharing

A multiplicative secret sharing scheme allows players to multiply two secret-shared field elements by locally converting their shares of the two secrets into an additive sharing of their product. Multiplicative secret sharing serves as a central building block in protocols for secure multiparty computation (MPC). Motivated by open problems in the area of MPC, we introduce the more general notion of d - multiplicative secret sharing, allowing to locally multiply d shared secrets, and study the type of access structures for which such secret sharing schemes exist. While it is easy to show that d -multiplicative schemes exist if no d unauthorized sets of players cover the whole set of players, the converse direction is less obvious for d ≥3. Our main result is a proof of this converse direction, namely that d -multiplicative schemes do not exist if the set of players is covered by d unauthorized sets. In particular, t -private d -multiplicative secret sharing among k players is possible if and only if k > dt . Our negative result holds for arbitrary (possibly inefficient or even nonlinear ) secret sharing schemes and implies a limitation on the usefulness of secret sharing in the context of MPC. Its proof relies on a quantitative argument inspired by communication complexity lower bounds.