Generalized secret sharing and group-key distribution using short keys

We relate two basic primitives: generalized secret sharing and group-key distribution. We suggest cryptographic implementations for both and show that they are provably secure according to exact definitions and assumptions given in the present paper. Both solutions require small secret space (namely, short keys). We first consider secret sharing with arbitrary access structures which is a basic primitive for controlling retrieval of secret information. We consider the computational security model, where cryptographic assumptions are allowed. Our design of a general secret-sharing scheme requires considerably less secure memory (i.e., shorter keys) than before. We then introduce the notion of a (single source) group-key distribution protocol which allows a center in an integrated network to securely and repeatedly send different keys to different groups. Such a capability is of increasing importance as it is a building block for secret information dissemination to various groups of participants in the presence of eavesdropping in a network environment. There are only a few previous investigations concerning this primitive and they either require a large amount of storage of secret information (due to their information theoretic security model) or lack rigorous definitions and proofs of security. We base both primitives on pseudo-random functions. We prove that the two are related; we give a reduction showing that group-key distribution implies secret-sharing under pseudo-random functions (i.e., one-way functions)