Secret sharing allows a dealer to distribute a secret among several parties such that only authorized subsets of parties, specified by a (monotone) access structure, can reconstruct the secret. Recently, Sehrawat and Desmedt (COCOON 2020) introduced hidden access structures, that remain secret until some authorized subset of parties collaborate. However, that scheme assumes semi-honest parties and only supports restricted access structures. We address these shortcomings by constructing a novel access structure hiding verifiable secret sharing scheme, that supports all monotone access structures. Our scheme is the first verifiable secret sharing scheme that guarantees verifiability even when a majority of the parties are malicious. As the building blocks of our scheme, we introduce and construct: (i) a set-system $\mathcal{H}$ with greater than $\exp\left(c\frac{2(\log h)^2}{(\log\log h)}\right)+2\exp\left(c\frac{(\log h)^2}{(\log\log h)}\right)$ subsets of a set of $h$ elements. It is defined over $\mathbb{Z}_m$, where $m$ is a non-prime-power such that the size of each set in $\mathcal{H}$ is divisible by $m$ but the sizes of their pairwise intersections are not, unless one set is a subset of another, (ii) a new variant of the learning with errors (LWE) problem, called PRIM-LWE, wherein the secret matrix can be sampled such that its determinant is a generator of $\mathbb{Z}_q^*$, where $q$ is the LWE modulus. Our scheme relies on the hardness of LWE and its maximum share size for $\ell$ parties is $(1+ o(1)) \dfrac{2^{\ell}}{\sqrt{\pi \ell/2}}(2 q^{\varrho + 0.5} + \sqrt{q} + \Theta(h))$, where $q$ is the LWE modulus and $\varrho \leq 1$ is a constant. We also discuss directions for future work to reduce the share size to: \[\leq \dfrac{1}{3} \left( (1+ o(1)) \dfrac{2^{\ell}}{\sqrt{\pi \ell/2}}(2 q^{\varrho + 0.5} + 2\sqrt{q}) \right).\]

翻译：秘密共享允许交易商在多个政党中发布一个秘密, 这样只有经授权的政党子集才能重建这个秘密 。 最近, Sehrawat 和 Desmedt (COON 2020) 引入了隐藏的访问结构, 直至某些经授权的政党子集合作。 但是, 这个方案假设半诚实的政党, 并且只支持限制的访问结构 。 我们通过建立一个隐藏可核实的秘密共享方案的新访问结构来解决这些缺陷, 从而支持所有单价接入结构 。 我们的计划是第一个可核实的秘密共享方案, 即使在大多数政党为恶意的情况下, 也能够保证可核查 。 作为我们计划的构建块 : (i) 一个固定的系统 $\ mathcal{H} 。 除非 $\\\\ gr\\ h\\\ licr\ d\ d\\ t\ fretr\ fretreal a qrq{q_ rqrq} rentreal (cr) rq} 。 我们的系统规模不是固定的, $ droqral2\ max a lax_ lax_ lax_ lax_ lax lix lix lix_ lix 美元 美元, lix lixx lix lixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx