We study the arithmetic circuit complexity of threshold secret sharing schemes by characterizing the graph-theoretic properties of arithmetic circuits that compute the shares. Using information inequalities, we prove that any unrestricted arithmetic circuit (with arbitrary gates and unbounded fan-in) computing the shares must satisfy superconcentrator-like connectivity properties. Specifically, when the inputs consist of the secret and $t-1$ random elements, and the outputs are the $n$ shares of a $(t, n)$-threshold secret sharing scheme, the circuit graph must be a $(t, n)$-concentrator; moreover, after removing the secret input, the remaining graph is a $(t-1, n)$-concentrator. Conversely, we show that any graph satisfying these properties can be transformed into a linear arithmetic circuit computing the shares of a threshold secret sharing scheme, assuming a sufficiently large field. As a consequence, we derive upper and lower bounds on the arithmetic circuit complexity of computing the shares in threshold secret sharing schemes.

翻译：我们通过刻画计算份额的算术电路的图论性质，研究了阈值秘密共享方案的算术电路复杂度。利用信息不等式，我们证明了计算份额的任意无限制算术电路（具有任意门和无限扇入）必须满足类超集中器的连通性。具体而言，当输入由秘密和$t-1$个随机元素组成，输出为$(t, n)$-阈值秘密共享方案的$n$份份额时，电路图必须是一个$(t, n)$-集中器；此外，在移除秘密输入后，剩余的图是一个$(t-1, n)$-集中器。反之，我们证明任何满足这些性质的图都可以转化为计算阈值秘密共享方案份额的线性算术电路，前提是域足够大。由此，我们推导出了在阈值秘密共享方案中计算份额的算术电路复杂度的上界和下界。