Quantum secret sharing (QSS) allows a dealer to distribute a secret quantum state among a set of parties so that certain subsets can reconstruct the secret, while unauthorized subsets obtain no information. While QSS was introduced over twenty years ago, previous works focused only on existence of perfectly secure schemes, and the share size of the known schemes is exponential even for access structures computed by polynomial size monotone circuits. This stands in contrast to the classical case, where efficient computationally-secure schemes have been long known for all access structures in $\mathsf{monotone~P}$, and one can even obtain shares which are much shorter than the secret which is impossible with perfect security. In this work, we initiate the study of computationally-secure QSS and show that computational assumptions help significantly in building QSS schemes. We present a simple compiler and use it to obtain a large variety results: We construct polynomial-time QSS schemes under standard assumptions for a rich class of access structures. This includes many access structures for which previous results in QSS required exponential share size. We also construct QSS schemes for which the size of the shares is significantly smaller than the size of the secret. As in the classical case, this is impossible with perfect security. We also use our compiler to obtain results beyond computational QSS. In the information-theoretic setting, we improve the share size of perfect QSS schemes for a large class of access structures to $1.5^{n+o(n)}$, improving upon best known schemes and matching the best known result for general access structures in the classical case. Finally, we show construct efficient schemes for all access structures in $\mathsf{P}$ and $\mathsf{NP}$ when the quantum secret sharing scheme is given multiple of copies of the secret.

翻译：量子秘密共享（QSS）允许分发者将秘密量子态分配给一组参与方，使得特定子集能重构秘密，而未经授权的子集无法获取任何信息。尽管QSS在二十多年前就已提出，但先前的研究仅关注完美安全方案的存在性，且已知方案的份额大小对于多项式规模单调电路计算的访问结构而言仍是指数级的。这与经典情况形成鲜明对比——经典情形中，对于$\mathsf{monotone~P}$中所有访问结构，高效的密码学安全方案早已存在，甚至可得到比秘密本身更短的份额（这在完美安全下无法实现）。本文首次系统研究密码学安全的QSS，证明计算假设能显著推动QSS方案构建。我们提出一个简单编译器，并据此获得多种结果：在标准假设下，为丰富类别的访问结构构造了多项式时间的QSS方案，包括许多先前QSS需要指数级份额大小的访问结构；同时构造了份额大小显著小于秘密长度的QSS方案（与经典情形一致，完美安全下无法实现）。此外，我们利用该编译器获得超越计算安全QSS的结果：在信息论场景下，将大量访问结构的完美QSS方案份额大小改进至$1.5^{n+o(n)}$，优于已知最佳方案并匹配经典情形中一般访问结构的最佳已知结果。最后，我们展示了当量子秘密共享方案持有秘密的多个副本时，可为$\mathsf{P}$和$\mathsf{NP}$中的所有访问结构构造高效方案。