Reduced access structures with four minimal qualified subsets on six participants

In this paper, we discuss a point about applying known decomposition techniques in their most general form. Three versions of these methods, which are useful for obtaining upper bounds on the optimal information ratios of access structures, are known as: Stinson's $λ$-decomposition, $(λ, ω)$-decomposition and $λ$-weighted-decomposition, where the latter two are generalizations of the first one. We continue by considering the problem of determining the exact values of the optimal information ratios of the reduced access structures with exactly four minimal qualified subsets on six participants, which remained unsolved in Marti-Farre et al.'s paper [Des. Codes Cryptogr. 61 (2011), 167-186]. We improve the known upper bounds for all the access structures, except four cases, determining the exact values of the optimal information ratios. All three decomposition techniques are used while some cases are handled by taking full advantage of the generality of decompositions.


Introduction
A secret sharing scheme is a method that allows a secret to be shared among a set of participants and it was independently proposed by Shamir [27] and Blakley [3] in 1979. Their method, known as threshold secret sharing, is performed in a way that any subset of participants of size more than a certain threshold can recover the secret while any other subset of participants learn nothing about the secret. A natural generalization of threshold secret sharing was proposed by Ito et al. [16] to allow more general structures of subsets to learn the secret, while keeping the secret information theoretically hidden from all other subsets. The collection of qualified subsets is called an access structure, which is supposed to be monotone increasing, i.e., any superset of a qualified subset must be qualified.
One of the major problems in secret sharing is to minimize the ratio of the largest share size to the secret size, known as the information ratio, initially introduced in [6,4,23]. This measure is also referred to as complexity and its inverse is called information rate in the literature. The optimal information ratio of an access structure is defined as the infimum information ratios of all secret sharing schemes realizing it. Despite the long history of the subject, there are significant gaps between known lower and upper bounds on the optimal information ratio of many access structures (for example, see [32,18,8]), with very few ones settled (see [10,9] for two notable examples).
The optimal information ratio for some concrete access structures have been studied in several papers (for example, see [32,18,20,21,24,13,9]). Lower bounds on the optimal information ratios of the access structures can be derived by using the entropy method as initially described in [7]. This method can be automated using linear programming (LP) technique [26] and, very recently has enjoyed substantial improvements [12]. The common approach for finding upper bounds on the optimal information ratio of such access structures is to utilize the so-called decomposition techniques, initially introduced by Stinson under the name of λdecomposition [29]. Later, two generalizations of the technique were introduced, called (λ, ω)-decomposition [33] and λ-weighted-decomposition [30].
We highlight the contributions of the paper below: • On taking full advantage of the generality of decomposition techniques. Most of the papers in the literature have worked with a restricted and less general variant of the definition of λ-decomposition. Going a little bit ahead, the λdecomposition allows sub-access structures to be subsets of the original access structure. We were able to identify only three papers ( [29,25,22]) in the literature that provided a definition of λ-decomposition in its most general form. All other papers, e.g., see [18,30,20,21,31], have presented a definition in which the minimal sub-access structures are considered to be subsets of the original minimal access structure. Actually, the former three papers have actually applied the technique in its less general variant. Consequently, this limited view on the method has resulted in devising less efficient secret sharing schemes in several cases, including reduced access structures with four minimal subsets [22]. We discuss this issue in further details in Section 3. Similar remarks about (λ, ω) and λ-weighted-decomposition techniques are also argued in the same section. • Results on reduced access structures on 6 participants with 4 minimal subsets.
In [22], Martí-Farré et al. have studied the optimal information ratio of the access structures with four minimal qualified subsets. Although the exact values of the optimal information ratio were determined in several cases, for some other ones, an upper and a lower bounds were only obtained. In particular, among the all 77 non-isomorphic such access structures on six participants, only 44 cases were fully resolved and the other 33 were remained unsolved. Fourteen cases are immediately resolved by taking the currently known results into account and using a simple observation: if there is a linear secret sharing scheme for an access structure with a certain information ratio, then there is a linear scheme for its dual (to be defined later) with the same information ratio [17]. All three decomposition techniques are used for handling the remaining access structures: 7 cases are resolved using the Stinson's λ-decomposition technique [29], 4 cases are tackled by applying (λ, ω)-decomposition [33] and 4 other cases are resolved using the λ-weighted-decomposition [30]. Four access structures remains unsolved, two of which are duals of two renowned open graph access structures with six participants [32]. We point out that some of our decompositions are achieved by taking full advantage of decomposition techniques, which were discussed above. • (λ, ω)-decomposition and duality. A theorem -which relates the dual of a (λ, ω)-decomposition for a given access structure to a (λ , ω )-decomposition for the dual of the decomposed access structure-is discussed in Section 3.2, which might be interesting on its own.

Definitions and preliminaries
2.1. Secret sharing schemes. In this section, we introduce the basic notations and definitions. We refer the reader to [28] for an old survey and further details on the topic and to [1] for a more recent one.
Access structures. Let P = {p 1 , . . . , p n } be a set of participants. A collection of subsets Γ ⊆ 2 P is called an access structure on P if it is monotone increasing, i.e., for every A ∈ Γ and A ⊆ B it holds that B ∈ Γ. The sets in Γ and Γ c = 2 P \ Γ are, respectively, called qualified and forbidden sets. A qualified set A ∈ Γ is called minimal if any proper subset of it is a forbidden set. A forbidden set B ∈ Γ c is called maximal if any proper superset of it is a qualified set. The collection of all minimal qualified subsets and that of all maximal forbidden sets are denoted by Γ − and Γ + , respectively. We refer to Γ − as the minimal access structure of Γ.
Formal definition. Initial steps towards formalizing the definition of a secret sharing scheme and its security was taken in [19,6,7,5]. Bellow, we present a definition which captures the information theoretical security.
Definition 1 (secret sharing scheme). A secret sharing scheme on P, is a triplet Σ = (S, R, Π), where S and R are independent random variables with supports S and R, respectively, satisfying H(S) > 0, and Π : S × R → S 1 × . . . × S n is a map, in which S i is the support of the random variable S i induced by Π(S, R) = (S 1 , . . . , S n ). We refer to Π, S and R as the sharing map, secret space and randomness space.
To share a secret s ∈ S, presumably sampled from S, a randomness r is sampled from R and the vector of shares Π(s, r) = (s 1 , . . . , s n ) is computed. Then, each share s j is privately transmitted to the participant p j . For a set A ⊆ P, we denote the random variable S A as the restriction of Π(S, R) to the entries that correspond to the members of A.
Definition 2 (realization of an access structure). Let Σ be a secret sharing scheme and let Γ be an access structure both defined on P. We say that Σ is a secret sharing scheme for Γ, or Γ realizes Σ, if the following two hold: (1) The secret can be reconstructed by qualified sets; that is, for all A ∈ Γ, it holds that H(S|S A ) = 0, (2) The secret is remained perfectly hidden from the forbidden sets; that is, for all B / ∈ Γ, it holds that H(S|S B ) = H(S).
Information ratio. Let Σ be a secret sharing scheme on P. The information ratio of a participant p i ∈ P in Σ, denoted by σ pi (Σ), is defined by σ pi (Σ) = H(S i )/H(S) and the information ratio of the scheme Σ is defined by σ(Σ) = max p∈P σ p (Σ). We refer to the vector σ(Σ) = (σ p (Σ)) p∈P as the contribution vector or, following [18], convec for short. Let Γ be an access structure on P. The optimal information ratio of the access structure Γ is defined by σ(Γ) = inf σ(Σ), where the infimum is taken over all secret sharing schemes Σ for Γ.
Ideal and linear schemes, and dual access structures. A secret sharing scheme Σ with σ(Σ) = 1 is called ideal. An access structure Γ is called ideal, if there is an ideal scheme for it. A secret sharing scheme is said to be linear if the sets S, R, S 1 , . . . , S n are all vector spaces of finite dimension over a finite field F and the sharing map is linear on F. In some papers (e.g., [2]), if the dimension of the secret space of a linear secret sharing scheme is larger than one, the scheme is referred to as multi-linear. We do not make such a distinction in this paper. The dual access structure of an access structure Γ on P, denoted by Γ * , is defined by Γ It is proved in [17] that if Σ is a linear secret sharing scheme for Γ, then there exists a linear secret sharing scheme Σ * for Γ * with the same convec, and consequently σ(Σ) = σ(Σ * ).

Decomposition constructions.
In this section, we review three decomposition techniques for constructing secret sharing schemes from [29,33,30]. These techniques are useful for constructing a new secret sharing scheme from a number of given schemes, under some specified conditions.
We present a definition of the λ-decomposition technique [29] which can be found in several papers and we believe it should be considered as the standard definition. We refer to Section 3 for further discussion.
Definition 3 (λ-decomposition). Let Γ be an access structure on P and let λ be a positive integer. The collection {Γ 1 , . . . , Γ t } of access structures is called a λ-decomposition of Γ if the following two hold: . When all the sub-access structures Γ j are ideal, we call the decomposition ideal; otherwise, it is referred to as non-ideal.
Suppose that there exists a finite field F such that for every Γ j , j ∈ [t], there exist a (not necessarily linear) secret sharing scheme with secret space F and convec σ j = (σ j p ) p∈P . Then, there exist a secret sharing scheme Σ for Γ with convec 1 λ t j=1 σ j over the secret space F λ .
Definition 4 ((λ, ω)-decomposition). Let Γ be an access structure on P, and let λ, ω be positive integers such that λ > ω. A (λ, ω)-decomposition of Γ consists of a collection {Γ 1 , . . . , Γ t } of access structures on P such that the following requirements are satisfied: (1) If A ∈ Γ + , then it holds that A ∈ Γ j for at most ω distinct values of j ∈ [t].
(2) If A ∈ Γ − , then it holds that A ∈ Γ j for at least λ distinct values of j ∈ [t]. When all the sub-access structures Γ j are ideal, we call the decomposition ideal; otherwise, it is referred to as non-ideal. Theorem 2 ( [33]). Let Γ be an access structure on P and {Γ 1 , . . . , Γ t } be a (λ, ω)decomposition of Γ. Assume that there exists a finite field F such that for every Γ j , j ∈ [t], there exist a (not necessarily linear) secret sharing scheme with secret space F and convec σ j = (σ j p ) p∈P . Then, there exist a secret sharing scheme Σ for Γ with convec 1 [30]. Instead of defining a weighted access structure as it was originally presented in [30], we present a simpler definition, similar to the notion of an access function in [11]. Even though it might be more suitable to call a weighted access structure an unnormalized rational-value access function, we stick to the original terminology.
Definition 5 (weighted access structure). A weighted access structure on P is a map W : 2 P → Z ≥0 such that W (∅) = 0 and for every We refer to W (P) as the weight of W .
Let us describe how a weighted access structure W on the participants set P can be represented minimally. Let w = W (P) and, for every w as the minimal weighted access structure of W . In this paper, the minimal weighted access structure is symbolically represented by . Definition 6 (realization of a weighted access structure). Let Σ be a secret sharing scheme and let W be a weighted access structure, both defined on P. We say that Σ is a secret sharing scheme for W , or Σ realizes W , if for every subset A ⊆ P, it holds that H(S|S A ) = (1 − W (A) W (P) )H(S). Definition 7 (λ-weighted-decomposition). Let Γ be an access structure on P and λ be a positive integer. A λ-weighted-decomposition of Γ consists of a collection {W 1 , . . . , W t } of weighted access structures such that the following requirements are satisfied: (1) If A ∈ Γ + , then it holds that W j (A) = 0, for every j ∈ [t] (equivalently, Γ + ⊆ W j 0 , where W j 0 is the set of all subsets of weight 0).
). Let Γ be an access structure on P, and {W 1 , . . . , W t } be a λ-weighted-decomposition of Γ. Assume that there exists a finite field F such that each weighted sub-access structure W j , of weight w j , j ∈ [t], is realized by a (not necessarily linear) secret sharing scheme with convec σ j = (σ j p ) p∈P over the secret space F w j . Moreover, suppose that in the jth scheme, any subset A ⊆ P can obtain W j (A) out of the w j secrets (of course, without gaining any information about the remaining w j − W j (A) secrets). Then, there exist a secret sharing scheme Σ for Γ with convec 1 λ t j=1 w j σ j over the secret space F λ . 2.3. Reduced access structures. In this section, we explain the reduction procedure for access structures, with a certain number of minimal subsets, as it has been introduced in [22]. The optimal information ratio of such access structures is invariant under this reduction.

2.3.1.
Notations. In the following, we restate some notation from [22]. For every positive integer k,

2.3.2.
Reduction procedure for access structures. For determining the optimal information ratio of the access structures with at most k minimal qualified subsets, studying the optimal information ratio of access structures Γ k (Q) with Q ⊆ U k is sufficient [22]. in which X (p, Γ) = b k−1 . . . b 1 b 0 , where b i = 1 if p ∈ A i , and b i = 0 otherwise. The access structure Γ = Γ k (P) on the set P is called the reduced form of Γ. The access structure Γ is called a reduced access structure if Γ is isomorphic to Γ. Proposition 1. Let Γ be an access structure on a set Q with exactly k minimal qualified subsets and let Γ = Γ k (P) be its reduced form. Then, σ(Γ ) = σ(Γ).

Some remarks on decomposition techniques
In this section, we first draw the reader's attention to a closer look at the definitions of different decompositions, which to the best of our knowledge, has not been discerned in the literature. Then, we provide a theorem concerning the dual of (λ, ω)-decomposition constructions.
3.1. On using decompositions in their most general form. Most of the papers in the literature refer to a variant of Definition 3 as λ-decomposition, in which the first condition is considered to be Γ j− ⊆ Γ − instead of Γ j ⊆ Γ. Obviously, this variant of the definition is less general and more restrictive. We were only able to spot three papers ( [29,25,22]) in the literature which had provided the more general definition of the λ-decomposition. Peculiarly, even these papers have restricted themselves to decompositions conforming with the less general definition, when applying the technique in practice. For ease of our reference, we highlight the following observation. Observation 1. Applying λ-decomposition technique by considering the first condition as Γ j ⊆ Γ instead of Γ j− ⊆ Γ − may be beneficial in some cases.
We remark that in practice, instead of checking the condition Γ j ⊆ Γ, the equivalent condition Γ j− ⊆ Γ is verified. In the following example, we see how Observation 1 leads to finding the optimal information ratio of an access structure using ideal λ-decomposition, while the restricted definition provably fails to do so.
Fortunately, the situation for (λ, ω)-decomposition and λ-weighted-decomposition is more satisfactory. The original papers [33,30], which have introduced the techniques, as well as the very few papers which have applied them (for example, see [34]), provide consistent definitions (i.e., equivalent to the ones given in Section 2.2). Nevertheless, it seems that a limited view on the definition has been present while applying the technique to actual access structures under study. Further explanation follows.
The definition of (λ, ω)-decomposition allows to choose any Γ j ⊆ 2 P as a subaccess structure when decomposing a given access structure Γ on P. However, in actual applications, the sub-access structures have been chosen as subsets of Γ − ∪Γ c . That is, every subset A ∈ Γ j is included either in Γ − or Γ c . Consequently, in most of the cases, many subsets (i.e., those in Γ \ Γ − ) have missed the chance to be included in sub-access structures.
Similarly, when decomposing an access structure Γ using the weighteddecomposition technique, the definition authorizes any "well-formed" minimal weighted sub-access structure W j− = (W − 1 . . . , W − w ) as long as the first condition in Definition 7 is satisfied. Equivalently, W − i 's are disjoint subsets of Γ such that for every A, B ∈ Γ, if A B, A ∈ W − k and B ∈ W − , then > k. However, in the very few examples of the applications of this technique, W − i 's have been restricted to be disjoint subsets of Γ − . That is, every subset in Γ \ Γ − is discarded to be included in W − i 's.
Of course, the intention of imposing such restrictions in the actual examples of (λ, ω)-decomposition and λ-weighted-decomposition is arguable. Our point is to highlight that considering the more general definition would be more promising. Even though we do not currently have any proof for the superiority of the more general definitions, we have the feeling that the more general definitions could be much more advantageous.
The following two examples illustrate the above points about taking full advantage of the generality of the (λ, ω)-decomposition and λ-weighted-decomposition techniques.

(λ, ω)-decomposition and duality.
In this section, we show that the collection of the duals of a (λ, ω)-decomposition for a given access structure Γ renders a (λ , ω )-decomposition for Γ * , which in some cases, it turns out to be a λ -decomposition.

Upper bounds on the optimal information ratio
Martí-Farré et al. [22] considered the optimal information ratio of the access structures with four minimal qualified subsets. From Proposition 1, they only consider the optimal information ratio of the reduced access structures of the form Γ 4 (P) with P ⊆ U 4 . For several cases, they obtained the exact values of the optimal information ratios, and in the remaining ones, they gave upper and lower bounds. In particular, for the cases of access structures with six participants, the problem was resolved for 44 out of the total 77 non-isomorphic reduced form access structures. In this section, we resolve the problem for all the remaining reduced access structures with six participants, except four cases. More precisely, 14 access structures, appearing in Table 8, correspond to the dual access structures of graph access structures on six participants with known exact optimal information ratio. Additionally, for each of the other 15 access structures we present a secret sharing scheme, using a suitable decomposition technique, with an optimal information ratio matching the lower bounds reported in [22]. The cases that have been resolved by taking Observation 1 into account will be pointed out.
The details of decompositions for A 1 , A 8 and A 12 have been explained in Example 2, Example 3 and Example 4, respectively, and that of the other access structures can be found in Appendix A.

Result 1.
We obtain new upper bounds on the optimal information ratios of each of the access structures, presented in Table 4, using ideal λ-decomposition technique by considering Observation 1. The access structures A 5 and A 6 have been handled by applying the technique to their corresponding dual access structures.
Result 2. The result for access structure A 7 in Table 5 is obtained by applying λ-decomposition technique to its corresponding dual access structure.
Result 3. For each of the access structures in Table 6, the known upper bound on the optimal information ratio is improved by using the (λ, ω)-decomposition technique.
Result 4. We derive new upper bound on the optimal information ratio of each of the access structures in Table 7   Note 1. For all the 14 access structures given in Table 8, the corresponding dual access structures are graph access structures on six participants. The reported upper bounds in Table 8 have been presented in [32,30,15,14].

Conclusion
Stinson's λ-decomposition, and its variants, are powerful methods to compute an upper bound on the optimal information ratio of an access structure, using some sub-access structures with known secret sharing schemes. Two variants of the Stinson's definition can be found in the literature based on the property that sub-access structures must fulfill: 1) each sub-access structure must be a subset of the given access structure 2) each minimal sub-access structure must be a subset of the given minimal access structure. Despite the fact that the former variant is more general than the latter one, to the best of our knowledge, all known examples of decompositions are applications of the second variant. Surprisingly, the first definition can be found only in very few references. We argued that regarding the extensions of Stinson's method, i.e., (λ, ω)decomposition and λ-weighted-decomposition, even though the definitions are consistent in the literature -capturing the most general form-, a similar restriction might have been in mind when applying these techniques in practice as well.
In this paper, we showed that the more general definitions are probably much more advantageous than their restricted counterparts, by considering the access structures with exactly four minimal qualified subsets on six participants. Some of these access structures had remained unsolved in [22]. We have resolved all of them, except four cases, given in Table 9.
We remark that two of the four unsolved access structures are duals of two graph access structures on six participants which have been left open for a long time [32]. Moreover by using improved LP-technique in [12], for each of them, the known lower bound on optimal information ratio over all linear schemes has been improved to 8/5.