Coding Theorems for a (2,2)-Threshold Scheme with Detectability of Impersonation Attacks

In this paper, we discuss coding theorems on a \((2, 2)\)--threshold scheme in the presence of an opponent who impersonates one of the two shareholders in an asymptotic setup. We consider a situation where \(n\) secrets \(S^n\) from a memoryless source is blockwisely encoded to two shares and the two shares are decoded to \(S^n\) with permitting negligible decoding error. We introduce correlation level of the two shares and characterize the minimum attainable rates of the shares and a uniform random number for realizing a \((2, 2)\)--threshold scheme that is secure against the impersonation attack by an opponent. It is shown that, if the correlation level between the two shares equals to an \(\ell \ge 0\), the minimum attainable rates coincide with \(H(S)+\ell\), where \(H(S)\) denotes the entropy of the source, and the maximum attainable exponent of the success probability of the impersonation attack equals to \(\ell\). We also give a simple construction of an encoder and a decoder using an ordinary \((2,2)\)--threshold scheme where the two shares are correlated and attains all the bounds.