We consider the following basic question: to what extent are standard secret sharing schemes and protocols for secure multiparty computation that build on them resilient to leakage? We focus on a simple local leakage model, where the adversary can apply an arbitrary function of a bounded output length to the secret state of each party, but cannot otherwise learn joint information about the states. We show that additive secret sharing schemes and high-threshold instances of Shamir’s secret sharing scheme are secure under local leakage attacks when the underlying field is of a large prime order and the number of parties is sufficiently large. This should be contrasted with the fact that any linear secret sharing scheme over a small characteristic field is clearly insecure under local leakage attacks, regardless of the number of parties. Our results are obtained via tools from Fourier analysis and additive combinatorics. We present two types of applications of the above results and techniques. As a positive application, we show that the “GMW protocol” for honest-but-curious parties, when implemented using shared products of random field elements (so-called “Beaver Triples”), is resilient in the local leakage model for sufficiently many parties and over certain fields. This holds even when the adversary has full access to a constant fraction of the views. As a negative application, we rule out multiparty variants of the share conversion scheme used in the 2-party homomorphic secret sharing scheme of Boyle et al. (in: Crypto, 2016).

我们考虑以下基本问题：在多大程度上基于安全性进行泄露的安全多方计算标准秘密共享方案和协议？我们关注简单的局部泄漏模型，对手可以将有界输出长度的任意函数应用于各方的秘密状态，但不能以其他方式学习有关状态的联合信息。我们显示，当基础字段具有大素数阶且当事方数量足够大时，附加的秘密共享方案和Shamir秘密共享方案的高阈值实例在局部泄漏攻击下是安全的。这应该与以下事实形成对比：在较小的特征字段上，任何线性秘密共享方案在本地泄漏攻击下都明显不安全，而与参与方数量无关。我们的结果是通过傅立叶分析和加性组合法的工具获得的。我们介绍了以上结果和技术的两种应用。作为积极的应用，我们表明，诚实但好奇的参与者使用的“ GMW协议”在使用随机字段元素的共享乘积（所谓的“海狸三元组”）实施时，对于足够多的参与者和某些领域的本地泄漏模型具有弹性。即使对手有完全访问恒定比例的视图。作为否定的申请，我们排除了Boyle等人的2方同态秘密共享方案中使用的股份转换方案的多方变体。（in：Crypto，2016）。