Chapter Summary

Chapter Summary

Key Points

• 1.

  Threshold secret sharing is the information-theoretic way to split a secret. A $(t, n)$-scheme guarantees that any $t$ parties reconstruct exactly, and any $t - 1$ parties have zero information about the secret (perfect secrecy, not computational hiding).

• 2.

  Shamir's polynomial construction is canonical. A random degree-$(t-1)$ polynomial with secret at $p(0)$, evaluated at $n$ distinct nonzero points, delivers perfect $(t, n)$-threshold secrecy via Lagrange interpolation. Share size equals secret size — the information-theoretic minimum for perfect secrecy.

• 3.

  Blakley's hyperplane scheme and Shamir's polynomial scheme are equivalent. Both achieve perfect $(t, n)$-secrecy with the same share-entropy requirement, but Shamir's shares are a factor of $t$ smaller in representation, which is why Shamir dominates practice. CRT-based and MDS-coded variants address niche requirements without changing the core information- theoretic content.

• 4.

  Ramp secret sharing shrinks shares by the factor $g = t_2 - t_1$ at the price of graceful degradation of secrecy between the two thresholds. Perfect secrecy holds against coalitions of size $\leq t_1$; coalitions in $[t_1, t_2]$ learn a linear amount of information; coalitions $\geq t_2$ reconstruct. Ramp is the primitive that makes ByzSecAgg (Chapter 11) communication- efficient.

• 5.

  Secret sharing is the privacy primitive of this book. Additive $(n, n)$ underlies secure aggregation (Chapter 10) and CCESA (Chapter 12); Shamir underlies secure coded matrix multiplication (Chapter 5) and threshold cryptography; ramp underlies ByzSecAgg (Chapter 11); linear secret sharing over polynomial codes underlies PIR (Chapter 13). Understanding Sections 3.1–3.4 is the foundation for every later chapter.