Democratic Ramp Secret Sharing

Olav Geil Department of Mathematical Sciences
Aalborg University

Abstract

In this work we revisit the fundamental findings by Chen et al. in [5] on general information transfer in linear ramp secret sharing schemes to conclude that their method not only gives a way to establish worst case leakage [5, 25] and best case recovery [5, 19], but can also lead to additional insight on non-qualifying sets for any prescribed amount of information. We then apply this insight to schemes defined from monomial-Cartesian codes and by doing so we demonstrate that the good schemes from [14, Sec. IV] have a second layer of security. Elaborating further, when given a designed recovery number, in a new construction the focus is entirely on ensuring that the access structure possess desirable second layer security, rather on what is the worst case information leakage in terms of number of participants. The particular structure of largest possible sets being not able to determine given amount of information suggests that we call such schemes democratic.

Keywords: Access structure, democratic secret sharing, monomial-Cartesian codes, ramp secret sharing scheme, relative generalized Hamming weight

1 Introduction

A secret sharing scheme is a cryptographic method for sharing a secret among a group of participants in such a way that only certain subsets can gain full information on it. The data provided by the dealer to a participant is referred to as a share and sets of participants which are able to recover the secret by pooling their data are said to be authorized or qualified. The concept was introduced by Shamir in his seminal paper [29] where he describes what is now known as Shamir’s secret sharing scheme. His scheme which is based on univariate polynomials is perfect meaning that subsets that are not authorized possess no information on the secret. Furthermore, Shamir’s scheme is a thresshold scheme, meaning it is the size of a set of shares which indicates if it is authorized or not.

The concept has been generalized in a variety of directions leading to much more complex constructions than the one by Shamir, for some examples see [21, 30, 28, 31, 6, 4, 24]. Here, we shall concentrate on linear schemes which can be characterized by having the property that the set of secrets equals ${\mathbb{F}}_{q}^{\ell}$ (i.e. consists of vectors of length $\ell$ over the finite field ${\mathbb{F}}_{q}$ ) whereas the shares provided to the $n$ participants $\{1,\ldots,n\}$ each belongs to ${\mathbb{F}}_{q}$ in such a way that for two given secrets and corresponding sets of shares a linear combination of the sets of shares is an allowed set of shares for the same linear combination of the secrets. As we shall recall later in the paper, a linear scheme has the advantage that an authorized set can fastly recover the secret by means of simple linear algebra. Shamir’s scheme is an example of a linear scheme where the size of the secret is the same as that of the shares, i.e. $\ell=1$ . Schemes for which $\ell>1$ are said to be ramp, but sometimes the name is used for the entire set of linear schemes to emphasize that $\ell$ may not need to equal $1$ . As we shall recall later in the paper linear schemes with $\ell=1$ are precisely those linear schemes which are perfect. Some of the earliest examples of (non-perfect) ramp secret sharing schemes were described by Blakley and Meadows in [3] and by Yamamoto in [32], including the natural extension of thresshold schemes to a ramp version where the size of a set of participants indicates how much information it holds. Some more recent results on ramp schemes include [26, 22, 23, 5, 9, 25, 19, 18, 27, 11]. Ramp secret sharing with $\ell>1$ is of particular interest in connection with storage of bulk data [7] and in connection with secure multiparty computation [5].

As is well-known, for ramp schemes the information held by a set of participants is discretized in the following way. Pooling their given shares a solution space $\Gamma=\vec{p}+V\subseteq{\mathbb{F}}_{q}^{\ell}$ , where $V$ is a vectorspace, can be calculated the elements of $\Gamma$ being all possible secrets producing their given shares, and no vectors outside $\Gamma$ being in accordance with the shares. One say that the set of participants have $\ell-\dim V$ $q$ -bits of information. Linearity ensures that the information held by a given set of participants is a fixed number, i.e. is independent of the given secret. Hence, for $i=0,1,\ldots,\ell$ we define $A_{i}$ to be the sets of participants holding $i$ $q$ -bits of information, but not $i+1$ $q$ -bits [23, Def. 1]. Full information on a given secret sharing scheme is equivalent to knowing $\{A_{0},A_{1},\ldots,A_{\ell}\}$ which we shall call the access structure [23]. Except for very simple cases, the task of determining the entire access structure is a very difficult. Therefore, one often only considers the following key parameters of a secret sharing scheme, namely the privacy number $t$ and the recovery number $r$ . Here, $t$ is the largest number such that no set of $t$ participants can recover any information on the secret and where $r$ is smallest possible such that any set of $r$ participants can recover the secret in full. A more refined description of the scheme is given by the parameters $t=t_{1},\ldots,t_{\ell}$ and $r_{1},\ldots,r_{\ell}=r$ , respectively, related in a similar way to partial leakage and recovery, respectively [25, 19].

A fundamental description of linear ramp schemes where provided by Chen et al. in [5]. Here, it is shown that there is a one-to-one correspondence between these structures and sets of nested linear codes, [5, Subsec. 4.2]. Moreover, by combining [5, Th. 10] with fundamental results by Forney [13] one obtains a description of the $r_{1},\ldots r_{\ell}$ and $t_{1},\ldots,t_{\ell}$ , respectively, in terms of relative generalized Hamming weights of the nested codes and their duals, respectively [5, 1, 25, 19].

In the present paper we slightly reformulate the basic result in [5, Th. 10] on information transfer and thereby obtains, what we believe is, a more direct way to establish further information on the access structure. To the best of our knowledge such general insight has not been employed in the literature although it seems fair to assume that it is known by more researchers in the area. By definition the maximal size of a set of participants not belonging to $A_{i}$ equals $r_{i}-1$ which may be significantly larger than $t_{i}$ . We call such sets maximal non- $i$ -qualifying ( $i=1,\ldots,\ell$ ) and note that when they have a systematic structure we may have a way of avoiding leakage of $i$ $q$ -bits of information also if much more than $t_{i}$ participants are allowed to pool their shares. Employing our reformulation of [5, Th. 10] we establish the systematic structure of maximal non-i-qualifying sets for a family of good secret sharing schemes based on monomial-Cartesian codes [14, Sec. IV] giving rise to a second layer of security. Inspired by this analysis we next introduce the novel concept of democratic secret sharing where the focus is entirely on establishing schemes having maximal non- $i$ -qualifying sets of a certain systematic structure which may be of interest in practical applications where one does not want to allow for “systematic discrimination” of the participants. The paper also contain, what we believe is, a simpler and more direct proof than can be found in the literature of the relationship between the numbers $t_{1},\ldots,t_{\ell},r_{1},\ldots,r_{\ell}$ and the relative generalized Hamming weights of the nested codes and of their duals. In contrast to the literature we avoid the use of the relative distance length profile (RDLP) as well as the concept of mutual information.

The paper is organized as follows. In Section 2 we treat general linear ramp secret sharing schemes and provide a self-contained proof of the mentioned reformulation of [5, Th. 10 ]. Then in Section 3 we treat the schemes from [14, Sec. IV] establishing the systematic structure of maximal non-i-qualifying sets, and next in Section 4 we introduce democratic secret sharing. Section 5 is the conclusion where we propose further research. Finally, Appendix A contains a simplified proof of the role of relative generalized Hamming weights in connection with ramp secret sharing.

2 Linear ramp secret sharing schemes

In [5][Sec. 4.2] Chen et al. presented what they call “a more fruitful approach” to linear ramp secret sharing schemes, namely the below coset construction:

Theorem 1.

The following description captures the entire set of linear ramp secret sharing schemes. Consider a set of nested linear codes $C_{2}\subseteq C_{1}\subseteq{\mathbb{F}}_{q}^{n}$ of codimension $\ell$ . Let $\{\vec{b}_{1},\ldots,\vec{b}_{k_{2}}\}$ be a basis for $C_{2}$ and $\{\vec{b}_{1},\ldots,b_{k_{2}},\vec{b}_{k_{2}+1},\ldots,\vec{b}_{k_{1}=k_{2}+% \ell}\}$ a basis for $C_{1}$ . A secret $\vec{s}=(s_{1},\ldots,s_{\ell})\in{\mathbb{F}}_{q}^{\ell}$ is encoded to $\vec{c}=(c_{1},\ldots,c_{n})=a_{1}\vec{b}_{1}+\cdots+a_{k_{2}}\vec{b}_{k_{2}}+% s_{1}\vec{b}_{k_{2}+1}+\cdots+s_{\ell}\vec{b}_{k_{1}}$ where $(a_{1},\ldots,a_{k_{2}})$ is chosen uniformly at random from ${\mathbb{F}}_{q}^{k_{2}}$ , and $c_{i}$ , $i=1,\ldots,n$ are used as shares, $c_{i}$ being given to participant $i$ from the set of participants ${\mathcal{I}}=\{1,\ldots,n\}$ .

Below we recall [5][Th. 10] which provides us with an exact measure for the uncertainty of the secret given any set of shares. This theorem uses the notion of the projection of a code $C\subseteq{\mathbb{F}}_{q}^{n}$ onto $A=\{i_{1}<\cdots<i_{\#A}\}\subseteq{\mathcal{I}}=\{1,\ldots,n\}$ which is defined by ${\mathcal{P}}_{A}\big{(}(c_{1},\ldots,c_{n})\big{)}=(p_{1},\ldots,p_{n})$ , where $p_{i}=c_{i}$ whenever $i\in A$ and $p_{i}=0$ otherwise, and where ${\mathcal{P}}_{A}(C)=\{\mathcal{P}_{A}(\vec{c})\mid\vec{c}\in C\}$ .

Theorem 2.

For a set of participants $A\subseteq{\mathcal{I}}=\{1,\ldots,n\}$ the uncertainty of the secret equals

\ell-\dim{\mathcal{P}}_{A}(C_{1})+\dim{\mathcal{P}}_{A}(C_{2}).

(1)

Here, an uncertainty of $a$ means that the amount of $q$ -bits of information that the set $A$ of participants holds equals $\ell-a$ .

Given a linear code $C$ and $A\subseteq{\mathcal{I}}=\{1,\ldots,n\}$ recall the notation $C_{A}=\{\vec{c}\in C\mid c_{i}=0{\mbox{ for all }}i\in\bar{A}\}$ where $\bar{A}={\mathcal{I}}\backslash A$ . Then by applying Forney’s first duality lemma [13][Lem. 1], i.e. the result:

\dim C=\dim C_{\bar{A}}+\dim{\mathcal{P}}_{A}(C),

(2)

one can immediately translate Theorem 2 into Theorem 3 below which in our opinion is more operational when trying to detect which particular groups of participants can recover how much. This theorem uses the notion of the support ${\mbox{Supp}}(D)$ of a vector space $D\subseteq{\mathbb{F}}_{q}^{n}$ being the indices for which the corresponding entry of at least one word in $D$ is non-zero. For the sake of self containment we provide a direct proof.

Theorem 3.

Let $A=\{i_{1}<\cdots<i_{m}\}\subseteq{\mathcal{I}}$ . Assume $c_{i_{1}}^{\prime}\ldots,c_{i_{m}}^{\prime}$ is a set of realizable shares in those positions. I.e. there exists at least one word $\vec{c}=(c_{1},\ldots,c_{n})=a_{1}\vec{b}_{1}+\cdots+a_{k_{2}}\vec{b}_{k_{2}}+% s_{1}\vec{b}_{k_{2}+1}+\cdots+s_{\ell}\vec{b}_{k_{2}=k_{1}+\ell}$ , such that $c_{i_{1}}=c^{\prime}_{i_{1}},\ldots,c_{i_{m}}=c^{\prime}_{i_{m}}$ . The amount of possible secrets $(s_{1},\ldots,s_{\ell})$ as above equals $q^{s}$ where

	$\displaystyle s$	$\displaystyle=$	$\displaystyle\dim(C_{1})_{\bar{A}}-\dim(C_{2})_{\bar{A}}$		(3)
		$\displaystyle=$	$\displaystyle\max\{\dim D\mid D\subseteq C_{1},D\cap C_{2}=\{\vec{0}\},{\mbox{% Supp}}(D)\subseteq\bar{A}\}$		(4)

Proof.

Consider the generator matrix

G=\left[\begin{array}[]{c}\vec{b}_{1}\\ \vdots\\ \vec{b}_{k_{2}}\\ \vec{b}_{k_{2}+1}\\ \vdots\\ \vec{b}_{k_{1}=k_{2}+\ell}\end{array}\right]

and let $G^{\prime}$ be the submatrix consisting of columns $i_{1},\ldots,i_{m}$ . Let $\vec{p}\in{\mathbb{F}}_{q}^{k_{1}}$ be a particular solution to $\vec{m}G^{\prime}=(c_{i_{1}}^{\prime},\ldots,c_{i_{m}}^{\prime})$ . Then the set of possible vectors $\vec{m}$ such that $\vec{m}G^{\prime}=(c_{i_{1}}^{\prime},\ldots,c_{i_{m}}^{\prime})$ equals $\vec{p}+V$ where $V$ is the (left) kernel of $G^{\prime}$ , i.e. $V$ is isomorphic to ${(C_{1})}_{\bar{A}}$ . However, we are only intereseted in the space consisting of the restriction of $\vec{m}=(\vec{a},\vec{s})$ to the last $\ell$ coordinates, or in other words to calculate $s$ from $\dim({C_{1}})_{\bar{A}}$ we should subtract $\dim{(C_{2})}_{\bar{A}}$ . ∎

Expression (4) is particular well-suited for investigations in connection with schemes defined from polynomial algebras (Riemann-Roch spaces in connection with algebraic curves, polynomial rings in several variables, etc.).

Example 1.

Assume $\{\alpha_{1},\ldots,\alpha_{n}\}\subseteq{\mathbb{F}}_{q}^{m}$ and let ${\mbox{ev}}:{\mathbb{F}}_{q}[X_{1},\ldots,X_{m}]\rightarrow{\mathbb{F}}_{q}^{n}$ be given by ${\mbox{ev}}(F)=(F(\alpha_{1}),\ldots,F(\alpha_{n}))$ . Further, write $C_{2}={\mbox{Span}}_{\mathbb{F}_{q}}\{{\mbox{ev}}(M_{1}),\ldots,{\mbox{ev}}(M_% {k_{2}})\}$ and $C_{1}={\mbox{Span}}_{\mathbb{F}_{q}}\{{\mbox{ev}}(M_{1}),\ldots,{\mbox{ev}}(M_% {k_{1}})\}$ , where the $M_{i}$ ’s are monomials with $M_{a}\prec M_{b}$ for $a<b$ and where $\prec$ is a fixed monomial ordering, and where we assume $\dim C_{2}=k_{2}<\dim C_{1}=k_{1}$ . Then for a given $A=\{i_{1}<\cdots<i_{x}\}$ by (4) the information held by the set of corresponding participants equal $\ell$ minus the maximal number of polynomials having different leading monomials from $\{M_{k_{2}+1},\ldots,M_{k_{1}}\}$ with support in $\{M_{1},\ldots,M_{k_{1}}\}$ and having $\alpha_{i_{1}},\ldots,\alpha_{i_{x}}$ as common roots.

In the next two sections we shall pursue this particular example and elaborate further on it, and by using simple methods from the theory of multivariate polynomials obtain interesting results.

Remark 4.

A set of participants $i_{1}<\cdots<i_{m}$ can determine all possible secrets in accordance with their shares by first determining $\{\vec{m}\mid\vec{m}G^{\prime}=(c_{i_{1}}^{\prime},\ldots,c_{i_{m}}^{\prime})\}$ using simple linear algebra. Then they disregard the first $k_{2}$ coordinates of each vector, and finally remove duplicates. In particular it is clear that information quantifies in $q$ -bits, and that perfect linear ramp secret sharing schemes are exactly those with $\ell=1$ .

From Theorem 2 it was concluded in [5][Cor. 4] that full privacy is ensured when $\#A<d(C_{2}^{\perp})$ and that full recovery is guaranteed when $\#A>n-d(C_{1})$ . I.e. $t\geq d(C_{2}^{\perp})-1$ and $r\geq n-d(C_{1})+1$ . Recall from [19][Def. 2] the following more refined parameters

Definition 5.

A ramp secret sharing scheme is said to have $(t_{1},\ldots,t_{\ell})$ -privacy and $(r_{1},\ldots,r_{\ell})$ -reconstruction if for $m=1,\ldots,\ell$ $t_{m}$ is largest possible and $r_{m}$ is smallest possible such that

•

no set of $t_{m}$ participants can recover $m$ $q$ -bits of information about $\vec{s}$
•

any set of $r_{m}$ participants can recover $m$ $q$ -bits of information about $\vec{s}$ .

Clearly, $t=t_{1}$ and $r=r_{\ell}$ .

Starting in [5, 1, 10, 25] and concluding with [19] such parameters were exactly described in terms of relative generalized Hamming weights, the proofs taking the departure in Theorem 2, i.e. [5][Th. 10], and involving the concept of the relative dimension/length profile (RDLP) as well as that of mutual information.

Definition 6.

For a set of nested linear codes $C_{2}\subseteq C_{1}\subseteq{\mathbb{F}}_{q}^{n}$ , and for $t=1,\ldots,\ell=\dim C_{1}-\dim C_{2}$ the $t$ th relative generalized Hamming weight is

M_{t}(C_{1},C_{2})=\min\{\#{\mbox{Supp}}(D)\mid D\subseteq C_{1},D\cap C_{2}=% \{\vec{0}\},\dim D=t\}.

Theorem 7.

Consider a linear ramp secret sharing scheme defined from nested codes $C_{2}\subseteq C_{1}\subseteq{\mathbb{F}}_{q}^{n}$ of codimension $\ell$ . The privacy and reconstruction numbers satisfy $t_{m}=M_{m}(C_{2}^{\perp},C_{1}^{\perp})-1$ , $r_{m}=n-M_{\ell-m+1}(C_{1},C_{2})+1$ for $m=1,\ldots,\ell$ .

For the sake of self containment we provide in Appendix A a simple and direct proof avoiding the use of RDLP as well as that of mutual information.

By the very definition of $r_{i}$ , for $i=1,\ldots,\ell$ , the largest sets $A\subseteq I$ , that do not revel $i$ $q$ -bits of information, are of size exactly $r_{i}-1=n-M_{\ell-i+1}(C_{1},C_{2})$ . When such sets have a systematic structure they may provide a second layer of security, which we in the next two sections shall demonstrate to be the case for families of secret sharing schemes based on monomial-Cartesian codes.

Definition 8.

A set $A\subseteq I$ is called non- $i$ -qualifying if from the entries corresponding to $A$ one is not able to recover $i$ $q$ -bits of information. The sets of largest possible size among the non- $i$ -qualifying sets are called maximal non- $i$ -qualifying. Equivalently, $A$ is maximal non- $i$ -qualifying if $A\in A_{i-1}$ and $\#A=n-M_{\ell-i+1}(C_{1},C_{2})$ .

3 Schemes based on monomial-Cartesian codes

In [14] two families of schemes based on monomial-Cartesian codes were shown to have significantly better parameters $t$ and $r$ than what can be produced by considering more naive coset constructions over the same polynomial algebra, e.g. nested generalized Reed-Muller codes. These improved schemes either have relatively large $\ell$ ([14, Sec. 3]) or have relatively small $\ell$ ([14, Sec. 4]). In the present section we show that the latter family supports the second layer of security alluded at in Section 1 and in Section 2. Inspired by this insight in the section to follow we shall present a novel (a third) construction of so-called democratic ramp schemes based on particular monomial-Cartesian codes. Such schemes can have $\ell$ of both relatively small, relatively medium or reatively large size.

We start by recalling some results from [17, 14]. Consider a general Cartesian product point set

S=S_{1}\times\cdots\times S_{m}=\{\alpha_{1},\ldots,\alpha_{n}\}\subseteq{% \mathbb{F}}_{q}^{m},

and write $s_{i}=\#S_{i}$ . Clearly, $n=s_{1}\cdots s_{m}$ . It is well-known that the vanishing ideal of $S$ becomes $I=\langle G_{1}(X_{1}),\ldots,G_{m}(X_{m})\rangle\subseteq{\mathbb{F}}_{q}[X_{% 1},\ldots X_{m}]$ where $G_{i}(X_{i})=\prod_{a\in S_{i}}(X_{i}-a)$ for $i=1,\ldots,m$ , and we write $R={\mathbb{F}}_{q}[X_{1},\ldots,X_{m}]/I$ . The evaluation map ${\mbox{ev}}:R\rightarrow{\mathbb{F}}_{q}^{n}$ given by ${\mbox{ev}}(F+I)=(F(\alpha_{1}),\ldots,F(\alpha_{n}))$ is a homomorphism and when restricted to

{\mbox{Span}}_{\mathbb{F}_{q}}\{X_{1}^{i_{1}}\cdots X_{m}^{i_{m}}+I\mid 0\leq i% _{v}<s_{v},v=1,\ldots,m\}

it becomes a vectorspace isomorphism. Given an arbitrary (but fixed) monomial ordering $\prec$ we write

\Delta(s_{1},\ldots,s_{m})=\{X_{1}^{i_{1}}\cdots X_{m}^{i_{m}}\mid 0\leq i_{v}% <s_{v},v=1,\ldots,m\}=\{N_{1},\ldots,N_{n}\}

where the enumeration is according to $\prec$ . Obviously, then

\{{\mbox{ev}}(M+I)\mid M\in\Delta(s_{1},\ldots,s_{n})\}

constitutes a basis for ${\mathbb{F}}_{q}^{n}$ . The codes we consider are of the form

C(L)=C(I,L)={\mbox{ev}}({\mbox{Span}}_{\mathbb{F}_{q}}\{M+I\mid M\in L\}),

where $L\subseteq\Delta(s_{1},\ldots,s_{m})$ and therefore $\dim C(L)=\#L$ . The notation $C(I,L)$ is in accordance with [12], but we shall in the remainder of the paper simply write $C(L)$ as $I$ is always clear from the context. Given a set of polynomials $\{F_{1},\ldots,F_{s}\}$ with support in $\Delta(s_{1},\ldots,s_{m})$ write ${\mbox{lm}}(F_{j})=X_{1}^{i_{1}^{(j)}}\cdots X_{m}^{i_{m}^{(j)}}$ , $j=1,\ldots,s$ , which we assume are pairwise different. The size of the support of ${\mbox{Span}}_{\mathbb{F}_{q}}\{{\mbox{ev}}(F_{1}+I),\ldots,{\mbox{ev}}(F_{s}+% I)\}$ is at least equal to

			$\displaystyle\#\{M\in\Delta(s_{1},\ldots,s_{m})\mid M{\mbox{ is divisible by % some }}X_{1}^{i_{1}^{(j)}}\cdots X_{m}^{i_{m}^{(j)}}\}$		(5)
		$\displaystyle=$	$\displaystyle\#\big{(}\cup_{j=1}^{s}\{X_{1}^{h_{1}}\cdots X_{m}^{h_{m}}\mid i_% {1}^{(j)}\leq h_{1}\leq s_{1},\ldots,i_{m}^{(j)}\leq h_{m}\leq s_{m}\}\big{)}.$		(6)

This fact corresponds to a particular incidence of the footprint bound ([16]), namely [17, Cor. 1] which is stated for the case $s_{1}=\cdots=s_{m}=q$ , but which immediately carries over to the general case. For a different and later proof of (5) see [2, Eq. 4] or [8, Eq. 5]. The bound (5) is sharp in the sence that if we write $S_{i}=\{\beta_{1}^{(i)},\ldots,\beta_{s_{i}}^{(i)}\}$ then for the set of polynomials of the form

F_{j}=\prod_{v=1}^{i_{1}^{(j)}}(X_{1}-\beta_{v}^{(1)})\cdots\prod_{v=1}^{i_{m}% ^{(j)}}(X_{m}-\beta_{v}^{(m)}),j=1,\ldots,s

(7)

equality holds regarding the predicted support size.

Given $L_{2}\subseteq L_{1}\subseteq\Delta(s_{1},\ldots,s_{m})$ , to estimate the relative generalized Hamming weights $M_{v}(C,L_{1}),C(L_{2}))$ one can apply (5), but to estimate $M_{v}(C(L_{2})^{\perp},C(L_{1})^{\perp})$ one needs the Feng-Rao bound for dual codes. We collect such information in Theorem 10 below, but first we introduce two functions.

Definition 9.

D(X_{1}^{i_{1}}\cdots X_{m}^{i_{m}})=\prod_{t=1}^{m}(s_{t}-i_{t}){\mbox{ and }% }D^{\perp}(X_{1}^{i_{1}}\cdots X_{m}^{i_{m}})=\prod_{t=1}^{m}(i_{t}+1),

and more generally, for $K\subseteq\Delta(s_{1},\ldots,s_{m})$

	$\displaystyle D(K)$	$\displaystyle=$	$\displaystyle\#\{N\in\Delta(s_{1},\ldots,s_{m})\mid N{\mbox{ is divisible by % some }}M\in K\},$
	$\displaystyle D^{\perp}(K)$	$\displaystyle=$	$\displaystyle\#\{N\in\Delta(s_{1},\ldots,s_{m})\mid N{\mbox{ divides some }}M\in K\}.$

The following theorem corresponds to [14][Th. 16].

Theorem 10.

Let $S=S_{1}\times\cdots\times S_{m}\subseteq{\mathbb{F}}_{q}^{m}$ as above, and consider $L_{2}\subset L_{1}\subseteq\Delta(s_{1},\ldots,s_{m})$ . The codes $C(L_{1})$ and $C(L_{2})$ are of length $n$ and the codimension equals $\ell=\#L_{1}-\#L_{2}$ . For $v=1,\ldots,\#L_{1}-\#L_{2}$ we have

	$\displaystyle M_{v}(C(L_{1}),C(L_{2}))\geq\min\{{\mbox{$D$}}(K)\mid K\subseteq% \{N_{u},\ldots,N_{n}\}\cap L_{1},\#K=v\},$		(8)
	$\displaystyle M_{v}(C(L_{2})^{\perp},C(L_{1})^{\perp})\geq\min\{D^{\perp}(K)% \mid K\subseteq\{N_{1},\ldots N_{u^{\perp}}\}\backslash L_{2},\#K=v\},\$		(9)

where $u=\min\{i\mid N_{i}\in L_{1}\backslash L_{2}\}$ and $u^{\perp}=\max\{i\mid N_{i}\in L_{1}\}$ .

To establish bounds on the numbers $t_{1},\ldots,t_{\ell}$ and $r_{1},\ldots r_{\ell}$ , respectively, for the secret sharing scheme defined from $C_{2}=C(L_{2})\subseteq C_{1}=C(L_{1})$ , by Theorem 7 we only need to apply (9) and (8), respectively.

Furthermore, when given $A\subseteq{\mathcal{I}}$ , according to Theorem 3, the amount of possible secrets corresponding to a given share vector $(c^{\prime}_{i_{1}},\ldots,c^{\prime}_{i_{\#A}})$ of $A\subseteq{\mathcal{I}}$ equals $q^{s}$ where

$\displaystyle s$	$\displaystyle=$	$\displaystyle\max\{\nu\mid F_{1}(\vec{a})=\cdots=F_{\nu}(\vec{a})=0{\mbox{ for% all }}{\vec{a}}\in A,$	(10)
		$\displaystyle{\mbox{ \ \hskip 25.6073pt \ \ }}{\mbox{lm}}(F_{1})\prec\cdots% \prec{\mbox{lm}}(F_{\nu}),$
		$\displaystyle{\mbox{ \ \hskip 25.6073pt \ }}{\mbox{ and for }}i=1,\ldots,\nu{% \mbox{ it holds that }}{\mbox{Supp}}(F_{i})\subseteq L_{1},$
		$\displaystyle{\mbox{ \ \hskip 25.6073pt \ }}{\mbox{ but for any non-trivial % linear combination }}F{\mbox{ of }}F_{1},\ldots,F_{\nu}$
		$\displaystyle{\mbox{ \ \hskip 25.6073pt \ }}{\mbox{ it holds that }}M\notin L_% {2}{\mbox{ for some }}M\in{\mbox{Supp}}(F)\}$

Here, the support ${\mbox{Supp}}(F)$ of a polynomial $F(X_{1},\ldots,X_{m})=\sum_{i_{1},\ldots,i_{m}}a_{i_{1},\ldots,i_{m}}X_{1}^{i_% {1}}\cdots X_{m}^{i_{m}}$ is the set of monomials $X_{1}^{i_{1}}\cdots X_{m}^{i_{m}}$ for which the coefficient $a_{i_{1},\ldots i_{m}}$ is non-zero. Observe, that the latter requirement in (10) ensures that

D={\mbox{Span}}_{\mathbb{F}_{q}}\{{\mbox{ev}}(F_{1}+I),\ldots,{\mbox{ev}}(F_{% \nu}+I)\}\cap C(I,L_{2})=\{\vec{0}\}.

If $L_{2}\subseteq L_{1}$ has been chosen in such a way that all monomials in $L_{1}\backslash L_{2}$ are larger with respect to $\prec$ than all monomials in $L_{2}$ then (10) simplifies to

$\displaystyle s$	$\displaystyle=$	$\displaystyle\max\{\nu\mid F_{1}(\vec{a})=\cdots=F_{\nu}(\vec{a})=0{\mbox{ for% all }}{\vec{a}}\in A,$	(11)
		$\displaystyle{\mbox{ \ \hskip 25.6073pt \ \ }}{\mbox{lm}}(F_{1}),\cdots,{% \mbox{lm}}(F_{\nu}){\mbox{ are pairwise different and belong to }}L_{1}% \backslash L_{2},$
		$\displaystyle{\mbox{ \ \hskip 25.6073pt \ }}{\mbox{ and for }}i=1,\ldots,\nu{% \mbox{ it holds that }}{\mbox{Supp}}(F_{i})\subseteq L_{1}\}.$

The construction of the good family of schemes in [14, Sec. 4] requires that $L_{2}=\{N_{1},\ldots,N_{\#L_{2}}\}$ and that $L_{1}=\{N_{1},\ldots,N_{\#L_{1}}\}$ which in particular implies that we can apply (11). The idea behind the construction is that in (8) as well as in (9) one only needs to consider $K\subseteq L_{1}\backslash L_{2}$ , and by doing so, one can control the parameters $t_{1},\ldots,t_{\ell}$ and $r_{1},\ldots,r_{\ell}$ . Furthermore, by the very definition of a monomial ordering this implies that for any $N\in L_{1}\backslash L_{2}$ (in general for any $N\in L_{1}$ ) one has that all divisors of $N$ belong to $L_{1}$ . This implies the existense of polynomials of the form (7) having $N$ as leading monomial and with the support being contained in $L_{1}$ , and thereby that the estimate on $r_{i}$ , $i=1,\ldots,\ell$ is sharp. We start by giving an example.

Example 2.

In this example we consider an incidence of the family of schemes with relatively small $\ell$ treated in [14, Sec. 4]. Consider $S_{1},S_{2}\subseteq{\mathbb{F}_{q}}$ where $\#S_{1}=\#S_{2}=6$ (and consequently $q\geq 7$ ). Choose $\prec$ to be the graded lexicographic ordering on the monomials in two variables. I.e. $X_{1}^{i_{1}}X_{2}^{i_{2}}\prec X_{1}^{j_{1}}X_{2}^{j_{2}}$ if $i_{1}+i_{2}<j_{1}+j_{2}$ , or if $i_{1}+i_{2}=j_{1}+j_{2}$ , but $j_{1}<j_{2}$ . Enumerating the elements of $\Delta(s_{1},s_{2})$ according to $\prec$ and choosing $L_{2}=\{N_{1},\ldots,N_{17}\}$ and $L_{1}$ as $L_{2}\cup\{N_{18},N_{19}\}$ the situation is as in Figure 1.

\begin{array}[]{cccccc}N_{21}&N_{26}&N_{30}&N_{33}&N_{35}&N_{36}\\ {\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{15}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&N_{20}&N_{25}&N_{29}&N_{32}&N_{34}\\ {\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{10}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{14}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.92pt{\vbox to10.84pt{\pgfpicture\makeatletter% \hbox{\hskip 8.46248pt\lower-5.41887pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{}{{ {}{}}}{ {}{}} {{}{{}}}{{}{}}{}{{}{}} {{}\pgfsys@rect{-8.26248pt}{-5.21887pt}{16.52496pt}{10.43774pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{19}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{ {}{}{}}}{}{}\hss}\pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }% \pgfsys@endscope\hss}}\lxSVG@closescope\endpgfpicture}}\! }}&N_{24}&N_{28}&N_{31}\\ {\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{6}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{9}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{13}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.92pt{\vbox to10.84pt{\pgfpicture\makeatletter% \hbox{\hskip 8.46248pt\lower-5.41887pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{}{{ {}{}}}{ {}{}} {{}{{}}}{{}{}}{}{{}{}} {{}\pgfsys@rect{-8.26248pt}{-5.21887pt}{16.52496pt}{10.43774pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{18}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{ {}{}{}}}{}{}\hss}\pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }% \pgfsys@endscope\hss}}\lxSVG@closescope\endpgfpicture}}\! }}&N_{23}&N_{27}\\ {\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{3}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{5}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{8}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{12}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{17}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&N_{22}\\ {\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{1}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{2}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{4}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to16.46pt{\vbox to16.46pt{\pgfpicture\makeatletter% \hbox{\hskip 8.231pt\lower-8.231pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{8.031pt}{0.0% pt}\pgfsys@curveto{8.031pt}{4.43546pt}{4.43546pt}{8.031pt}{0.0pt}{8.031pt}% \pgfsys@curveto{-4.43546pt}{8.031pt}{-8.031pt}{4.43546pt}{-8.031pt}{0.0pt}% \pgfsys@curveto{-8.031pt}{-4.43546pt}{-4.43546pt}{-8.031pt}{0.0pt}{-8.031pt}% \pgfsys@curveto{4.43546pt}{-8.031pt}{8.031pt}{-4.43546pt}{8.031pt}{0.0pt}% \pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke\pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-5.96248pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{7}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{11}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}&{\text{ \leavevmode\hbox to18.78pt{\vbox to18.78pt{\pgfpicture\makeatletter% \hbox{\hskip 9.39067pt\lower-9.39067pt\hbox to0.0pt{\pgfsys@beginscope% \pgfsys@invoke{ }\definecolor{pgfstrokecolor}{rgb}{0,0,0}% \pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }\pgfsys@color@rgb@fill{0}{0}% {0}\pgfsys@invoke{ }\pgfsys@setlinewidth{0.4pt}\pgfsys@invoke{ }\nullfont\hbox to% 0.0pt{\pgfsys@beginscope\pgfsys@invoke{ }{{}}\hbox{\hbox{{\pgfsys@beginscope% \pgfsys@invoke{ }{{}{{{}}}{{}}{}{}{}{}{}{}{}{}{}{{}\pgfsys@moveto{9.19067pt}{0% .0pt}\pgfsys@curveto{9.19067pt}{5.07593pt}{5.07593pt}{9.19067pt}{0.0pt}{9.1906% 7pt}\pgfsys@curveto{-5.07593pt}{9.19067pt}{-9.19067pt}{5.07593pt}{-9.19067pt}{% 0.0pt}\pgfsys@curveto{-9.19067pt}{-5.07593pt}{-5.07593pt}{-9.19067pt}{0.0pt}{-% 9.19067pt}\pgfsys@curveto{5.07593pt}{-9.19067pt}{9.19067pt}{-5.07593pt}{9.1906% 7pt}{0.0pt}\pgfsys@closepath\pgfsys@moveto{0.0pt}{0.0pt}\pgfsys@stroke% \pgfsys@invoke{ } }{{{{}}\pgfsys@beginscope\pgfsys@invoke{ }\pgfsys@transformcm{1.0}{0.0}{0.0}{1% .0}{-7.36249pt}{-2.51443pt}\pgfsys@invoke{ }\hbox{{\definecolor{pgfstrokecolor% }{rgb}{0,0,0}\pgfsys@color@rgb@stroke{0}{0}{0}\pgfsys@invoke{ }% \pgfsys@color@rgb@fill{0}{0}{0}\pgfsys@invoke{ }\hbox{{$N_{16}$}} }}\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope}}} \pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope{{{}}}{}{}\hss}% \pgfsys@discardpath\pgfsys@invoke{\lxSVG@closescope }\pgfsys@endscope\hss}}% \lxSVG@closescope\endpgfpicture}}\! }}\end{array}

Figure 1: The situation in Example 2: The monomial in position

(i,j)

equals

X_{1}^{i}X_{2}^{j}

L_{2}

corresponds to the circled monomials and

L_{1}

equals

L_{2}

plus the boxed monomials.

\begin{array}[]{cccccc}6&5&4&3&2&1\\ 12&10&8&6&4&2\\ 18&15&12&9&6&3\\ 24&20&16&12&8&4\\ 30&25&20&15&10&5\\ 36&30&24&18&12&6\end{array}{\mbox{ \ \ \ \ \ \ \ }}\begin{array}[]{cccccc}6&12% &18&24&30&36\\ 5&10&15&20&25&30\\ 4&8&12&16&20&24\\ 3&6&9&12&15&18\\ 2&4&6&8&10&12\\ 1&2&3&4&5&6\end{array}

Figure 2: In the array on the left hand side we have

D(N)

and on the right hand side

D^{\perp}(N)

for all

N\in\Delta(6,6)

The scheme clearly has $n=36$ partipants and operates with secrets of $\ell=2$ $q$ -bits, and it is clear that

$\displaystyle t_{1}$	$\displaystyle=$	$\displaystyle M_{1}(C_{2}^{\perp},C_{1}^{\perp})-1\geq\min\{D^{\perp}(N_{18}),% D^{\perp}(N_{19})\}-1=11$
$\displaystyle t_{2}$	$\displaystyle=$	$\displaystyle M_{2}(C_{2}^{\perp},C_{1}^{\perp})-1\geq D^{\perp}(\{N_{18},N_{1% 9}\})-1=15-1=14$
$\displaystyle r_{1}$	$\displaystyle=$	$\displaystyle n-M_{2}(C_{1},C_{2})+1=36-D(\{N_{18},N_{19}\})+1=36-15+1=22$
$\displaystyle r_{2}$	$\displaystyle=$	$\displaystyle n-M_{1}(C_{1},C_{2})+1=36-\min\{D(N_{18}),D(N_{19})\}+1=36-12+1=% 25.$

Note, that the choice of $L_{1}\backslash L_{2}=\{N_{19},N_{18}\}$ ensures good parameters of the scheme as both $D^{\perp}(N_{19})$ and $D^{\perp}(N_{18})$ are strictly larger than $D^{\perp}(X_{1}^{i}X_{2}^{j})$ for any other monomial on the diagonal $i+j=5$ . The same thing holds for the function $D$ . In this way the values of $t_{i}$ and $r_{i}$ are simultaneously optimized.
Now enumerate $S_{\nu}=\{\beta_{1}^{(\nu)},\ldots,\beta_{6}^{(\nu)}\}$ , $\nu=1,2$ , and identify $\beta_{s}^{(\nu)}$ , $s=1,\ldots,6$ with an organization that we shall denote $O_{s}^{(\nu)}$ . I.e. in total we have $2\cdot 6=12$ organizations $O_{1}^{(1)},\ldots,O_{6}^{(1)},O_{1}^{(2)},\ldots,O_{6}^{(2)}$ , and each participant $(\beta_{i}^{(1)},\beta_{j}^{(2)})$ is a representative of exactly the two organizations $O_{i}^{(1)}$ and $O_{j}^{(2)}$ . Consider the polynomials $F_{1}=\prod_{i=1}^{3}(X_{1}-\beta_{i}^{(1)})\prod_{j=1}^{2}(X_{2}-\beta_{j}^{(% 2)})$ and $F_{2}=\prod_{i=1}^{2}(X_{1}-\beta_{i}^{(1)})\prod_{j=1}^{3}(X_{2}-\beta_{j}^{(% 2)})$ which have different leading monomials both belonging to $L_{1}\backslash L_{2}$ and with all monomials in their support belonging to $L_{1}$ . The set of non-roots of $F_{1}$ are $T_{1}=\{\beta_{4}^{(1)},\ldots,\beta_{6}^{(1)}\}\times\{\beta_{3}^{(2)},\ldots% ,\beta_{6}^{(2)}\}$ and similarly the non-roots of $F_{2}$ are $T_{2}=\{\beta_{3}^{(1)},\ldots,\beta_{6}^{(1)}\}\times\{\beta_{4}^{(2)},\ldots% ,\beta_{6}^{(2)}\}$ . Hence, if $A$ does not contain an element from $T_{1}$ then $F_{1}$ has all of $A$ as roots, and similarly if $A$ does not contain an element from $T_{2}$ then $F_{2}$ has all of $A$ as roots. In both cases $A$ can recover at most $1$ $q$ -bit of information. Both sets are of size $r_{\ell}-1=24$ and therefore maximal non- $2$ -qualifying. This describes some kind of democratic property in that by leaving out representatives from any $3$ out of the first type of organizations who are simultaneously representatives from any fixed $4$ out of the second type of organizations one cannot recover the entire secret, and similarly with $4$ out of the first type and $3$ out of the second type.
The elements which are not common roots of $F_{1}$ and $F_{2}$ are $T_{1}\cup T_{2}$ . Hence, if $A$ does not contain an element from $T_{1}\cup T_{2}$ then $A$ cannot recover any information. By inspection such $A$ is maximal non- $1$ -qualifying, i.e. they are of size $r_{1}-1=21$ . Again we can interpret this as some kind of democratic property, in that given any set of $4$ organizations of the first type and any set of $4$ organizations of the second type one cannot leave out more than one participant representing one from each set if one wants to recover any information.
As the established maximal non- $i$ -qualifying sets have a nice systematic structure and are of size significantly larger than the bound on $t_{i}$ we have established a second layer of security.

In the above example we considered a case with two variables and $s_{1}=s_{2}$ . For such case choosing the graded lexicographic ordering is the optimal choice as along the diagonal

\{X_{1}^{i_{1}}X_{2}^{i_{2}}\mid i_{1}+i_{2}=e\}

where, $e$ is any fixed integer in $[0,2(q-1)]$ , and $q$ is the field size, the values of both $D$ and $D^{\perp}$ are highest possible at the center, and decreases symmetrically the larger the distance is to the center (i.e. the further $i_{1}$ becomes from $i_{2}$ ). We now state a theorem describing such case in general. The results regarding $r_{i}$ , and $t_{i}$ are a direct adaption of [14, Th. 27], whereas the treatment of maximal non- $i$ -qualifying sets with the corresponding kind of democratic property is new.

Theorem 11.

Consider $S_{1},S_{2}\subseteq{\mathbb{F}}_{q}$ with $s=\#S_{1}=\#S_{2}$ . Let $\prec$ be the graded lexicographic ordering with $X_{1}\prec X_{2}$ . Consider $0\leq i_{1}<i_{2}\leq s-1$ and let

	$\displaystyle L_{1}$	$\displaystyle=$	$\displaystyle\{N\in\Delta(s,s)\mid N\preceq X_{1}^{i_{1}}X_{2}^{i_{2}}\}$
	$\displaystyle L_{2}$	$\displaystyle=$	$\displaystyle\{N\in\Delta(s,s)\mid N\preceq X_{1}^{i_{2}}X_{2}^{i_{1}}\}.$

The secret sharing scheme defined from $C(L_{2})\subseteq C(L_{1})$ has parameters $\ell=i_{2}-i_{1}+1$ and for $m=1,\ldots,\ell$

$\displaystyle t_{m}$	$\displaystyle\geq$	$\displaystyle(i_{1}+m)(i_{2}+1)-\dfrac{m(m-1)}{2}-1$
$\displaystyle r_{m}$	$\displaystyle=$	$\displaystyle s^{2}-\left[(s-i_{1})(s-i_{2})+\sum_{t=2}^{\ell-m+1}((s-i_{1})-(% t-1))\right]+1$
	$\displaystyle=$	$\displaystyle s^{2}-(s-i_{1})(s-i_{2}+\ell-m)+\dfrac{(\ell-m+1)(\ell-m)}{2}+1$

Write $S_{\nu}=\{\beta_{1}^{(\nu)},\ldots,\beta_{s}^{(\nu)}\}$ , for $\nu=1,2$ , and $S=S_{1}\times S_{2}$ . For $w=1,\ldots,\ell$ define

T_{w}=\{\beta_{(i_{2}+2)-w}^{(1)},\ldots,\beta_{s}^{(1)}\}\times\{\beta_{i_{1}% +w}^{(2)},\ldots,\beta_{s}^{(2)}\}.

Then for any set ${\mathcal{J}}\subseteq\{1,\ldots,\ell\}$ it holds that

S\backslash\cup_{i\in{\mathcal{J}}}T_{i}

(13)

is a non- $u$ -qualifying set where $u=\ell+1-\#{\mathcal{J}}$ . When ${\mathcal{J}}=\{1,\ldots,\#{\mathcal{J}}\}$ or ${\mathcal{J}}=\{u,\ldots,\ell\}$ then (13) is a maximal non- $u$ -qualifying set.

Proof.

The parameters are established by combining [14, Th. 27] with Theorem 7. That (13) is a non- $u$ -qualifying set follows from similar arguments as in Example 2. The result regarding maximal non- $u$ -qualifying sets follows from the fact that $\#(T_{1}\cup\cdots\cup T_{\mathcal{J}})=\#(T_{u}\cup\cdots\cup T_{\ell})$ equals the content of the square bracket in (11) ∎

Remark 12.

Similar remarks concerning democratic properties as described in Example 2 apply to the construction in Theorem 11.

The situation of three or more variables is less trivial compared to Theorem 11 in which we treated the two-variable case, but still the idea behind the improved construction of nested codes can be applid in some cases. We here only treat the situation of the codimension $\ell$ being equal to $1$ which we illustrate by an example that immediately generalizes to all codimension $1$ cases.

Example 3.

Consider $S_{1},S_{2},S_{3}\subseteq{\mathbb{F}_{q}}$ with $s=\#S_{1}=\#S_{2}=\#S_{3}=4$ . Let $\prec$ be a graded lexicographic ordering and let $L_{2}=\{N\in\Delta(4,4,4)\mid N\prec X_{1}^{2}X_{2}^{2}X_{3}^{2}\}$ and $L_{1}=L_{2}\cup\{X_{1}^{2}X_{2}^{2}X_{3}^{2}\}$ . We have $M(C(L_{1}),C(L_{2}))=D(X_{1}^{2}X_{2}^{2}X_{3}^{2})=8$ and $M(C(L_{2})^{\perp},C(L_{1})^{\perp})\geq D^{\perp}(X_{1}^{2}X_{2}^{2}X_{3}^{2}% )=27$ . Note, that $X_{1}^{2}X_{2}^{2}X_{3}^{2}$ is the monomial with both highest $D^{\perp}$ - and $D$ -value among the monomials in $\Delta(4,4,4)$ of total degree $6$ , in which way we have optimized the parameters of the scheme. Hence, the secret sharing scheme based on $C(L_{2})\subseteq C(L_{1})$ has $n=64$ participants, a secret of $\ell=1$ $q$ -bit and $t\geq 26$ , $r=57$ . Write $S_{\nu}=\{\beta_{1}^{(\nu)},\beta_{2}^{(\nu)},\beta_{3}^{(\nu)},\beta_{4}^{(% \nu)}\}$ , $\nu=1,2,3$ , which we identify with $4$ different organizations $O_{1}^{(\nu)},O_{2}^{(\nu)},O_{3}^{(\nu)},O_{4}^{(\nu)}$ at level $\nu$ . In this way an element of $S=S_{1}\times S_{2}\times S_{3}$ is a member of a unique organization at each of the three levels. Now

S\backslash\big{(}\{\beta_{3}^{(1)},\beta_{4}^{(1)}\}\times\{\beta_{3}^{(2)},% \beta_{4}^{(2)}\}\times\{\beta_{3}^{(3)},\beta_{4}^{(3)}\}\big{)}

is a maximal non- $1$ -qualifying set (i.e. a set of size $56$ possessing no information). The scheme can be viewed as having some kind of democratic properties in that given an organization of size $2$ at each of the three levels by leaving out all participants who simultaneously represent these three organizations one is not able to recover any information.

As illustrated in [14, Ex. 14] already for two variables optimizing simultaneously the parameters $r_{1},\ldots,r_{\ell}$ and $t_{1},\ldots,t_{\ell}$ when given fixed $\ell$ may not be possible when the sets $S_{i}$ are of different sizes. However, with the second layer of security in mind, it makes sense to concentrate mainly on the parameters $r_{1},\ldots,r_{\ell}$ over $t_{1},\ldots,t_{\ell}$ ensuring systematic maximal non- $i$ -qualifying sets with structures similar to what is described in Theorem 11. We illustrate the idea with an example.

Example 4.

Consider $S_{1},S_{2}\subseteq{\mathbb{F}}_{q}$ with $\#S_{1}=8$ and $\#S_{2}=5$ . The $D$ and $D^{\perp}$ values of the elements of $\Delta(8,5)$ are depicted in Figure 3. Choosing $\prec$ to be the graded lexicographic ordering with $X_{1}\prec X_{2}$ and letting $L_{2}=\{N\mid N\prec X_{1}^{5}X_{2}\}$ and $L_{1}=L_{2}\cup\{X_{1}^{5}X_{2},X_{1}^{4}X_{2}^{2}\}$ we locally optimize the $D$ values as $D(X_{1}^{5}X_{2})=D(X_{1}^{4}X_{2}^{2}=12$ which is larger than $D(X_{1}^{i_{1}}X_{2}^{i_{2}})$ for any other $(i_{1},i_{2})$ with $i_{1}+i_{2}=6$ . However, the $D^{\perp}$ values are not optimized in a similar fashion as $D^{\perp}(X_{1}^{5}X_{2})=12$ and $D^{\perp}(X_{1}^{4}X_{2}^{2})=15$ , which are both smaller than $D^{\perp}(X_{1}^{3}X_{2}^{3})=16$ . We obtain $n=40$ , $\ell=2$ , $r_{1}=n-D(X_{1}^{5}X_{2},X_{1}^{4}X_{2}^{2})+1=40-15+1=26$ , $r_{2}=40-12+1=29$ , $t_{1}\geq\min\{D^{\perp}X_{1}^{5}X_{2}),D^{\perp}(X_{1}^{4}X_{2}^{2})\}-1=11$ , and $t_{2}\geq D^{\perp}(X_{1}^{5}X_{2}X_{2},X_{1}^{4}X_{2}^{2})-1=16$ . Identifying the elements of $S_{1}$ with $8$ different organizations $O_{1}^{(1)},\ldots,O_{8}^{(1)}$ and similarly the element of $S_{2}$ with $5$ different organizations $O_{1}^{(2)},\ldots,O_{5}^{(2)}$ by a bijective map each participant represents a unique organization from each of the two sets. Given any $3$ organizations from the first level and any $4$ organizations from the second level, by leaving out all participants representing simultaneously one organization from each subset, one is at most able to recover $1$ $q$ -bit of information. Similarly with $4$ organizations from the first level and $3$ from the second level. Leaving out the union of the about mentioned participants one cannot recover any information. Hence, even though the only information we have on $t_{1}$ is that it is at least $11$ , we have a series of systematic sets of size $40-12=28$ who cannot recover more than $1$ $q$ -bit of information. Similarly, even though the only information we have on $t_{2}$ is that it is at least $15$ , we have a series of systematic sets of size $40-15=25$ from who cannot reveal any information. Adapting other types of monomial ordering does not seem to help optimizing locally both $D$ and $D^{\perp}$ .

\begin{array}[]{cccccccc}8&7&6&5&4&3&2&1\\ 16&14&12&10&8&6&4&2\\ 24&21&18&15&12&9&6&3\\ 32&28&24&20&16&12&8&4\\ 40&35&30&25&20&15&10&5\end{array}{\mbox{ \ \ \ \ \ \ \ }}\begin{array}[]{% cccccccc}5&10&15&20&25&30&35&40\\ 4&8&12&16&20&24&28&32\\ 3&6&9&12&15&18&21&24\\ 2&4&6&8&10&12&14&16\\ 1&2&3&4&5&6&7&8\end{array}

Figure 3: In the array on the left hand side we have

D(N)

and on the right hand side

D^{\perp}(N)

for all

N\in\Delta(8,5)

Remark 13.

As Theorem 11 generalizes Example 2 it is straightforward to generalize Example 4 to cover all cases of point sets $S_{1}\times S_{2}$ . We leave the details for the reader.

4 Democratic schemes

In this section we optimize the second layer of security whilst paying no interest in the worst case information leakage in terms of number of participants. I.e. we are interested in the second layer of security and in the reconstruction numbers $r_{1},\ldots,r_{\ell}$ , but downplay the interest in the numbers $t_{1},\ldots,t_{\ell}$ . Our new construction is designed to have very systematic maximal non- $u$ -qualifying sets for any $u=1,\ldots,\ell$ , the systematic form giving rise to democratic properties along the same line as those described in the previous section. A particular advantage of the new construction is that in contrast to the construction of [14, Sec. 4] as treated in Section 3, it allows for a great variety of possible values of $\ell$ , including small, medium sized or large. The codes are defined by the same evaluation map ${\mbox{ev}}:R\rightarrow{\mathbb{F}}_{q}^{n}$ as in Section 3, but we shall employ a different monomial ordering. We gain extra freedom by no longer requiring that all monomials in $L_{2}$ are smaller than the remaining monomials in $L_{1}$ with respect to the applied monomial ordering. To deal with this new situation we introduce the following definition.

Definition 14.

Let $S_{1},\ldots,S_{m}\subseteq{\mathbb{F}}_{q}$ and write $s_{1}=\#S_{1},\ldots,s_{m}=\#S_{m}$ . Choose integers $0\leq v_{1}<j_{1}<s_{1},\ldots,0\leq v_{m}<j_{m}<s_{m}$ , and let

L_{1}=\{X_{1}^{i_{1}}\cdots X_{m}^{i_{m}}\mid 0\leq i_{1}\leq j_{1},\ldots,0% \leq i_{m}\leq j_{m}\}

and $L_{2}=L_{1}\backslash\Box$ where

\Box=\{X_{1}^{i_{1}}\cdots X_{m}^{i_{m}}\mid v_{1}\leq i_{1}\leq j_{1},\ldots,% v_{m}\leq i_{m}\leq j_{m}\}.

Consider the lexicographic ordering $\prec$ with $X_{m}\prec\cdots\prec X_{2}\prec X_{1}$ ., and write $N_{\mbox{min}}=X_{1}^{v_{1}}\cdots X_{m}^{v_{m}}$ (which is the minimal element of $\Box$ with respect to $\prec$ ), and define

\Diamond=\{M\in L_{1}\mid N_{\mbox{min}}\preceq M\}.

If for all $i=1,\ldots,\ell=\#\Box$ it holds that among those $K\subseteq\Diamond$ of size $i$ a $K^{\prime}\subseteq\Box$ exists with $D(K^{\prime})$ being minimal then the secret sharing scheme defined from $C_{2}=C(L_{2})\subseteq C(L_{1})=C_{1}$ is called democratic.

Example 5.

In this example we illustrate the notation $\Box$ and $\Diamond$ from Definition 14 in the case of $m=2$ and $s_{1}=6$ , $s_{2}=5$ , $j_{1}=3$ , $j_{2}=3$ , $v_{1}=1$ , and $v_{2}=2$ . Figure 4 illustrates the situation.

\begin{array}[]{cccccc}\cdot&\cdot&\cdot&\cdot&\cdot&\cdot\\ \cdot&-&-&-&\cdot&\cdot\\ \cdot&-&-&-&\cdot&\cdot\\ \cdot&\cdot&+&+&\cdot&\cdot\\ \cdot&\cdot&+&+&\cdot&\cdot\end{array}

Figure 4: The situation in Example 5. Monomials marked with “

-

” correspond to

\Box

. Adding the monomials marked with “

+

” one obtains

\Diamond

Remark 15.

When $C_{1}=C(L_{2})\subseteq C(L_{1})=C_{2}$ are defined as in Definition 14 then we only need to consider in (10) as leading monomials those that belong to $\Diamond$ . The very last condition of Definition 14 then implies that we can actually apply (11), as indeed $\Box=L_{1}\backslash L_{2}$ . Hence, to calculate the relative generalized Hamming weights $M_{t}(C_{1},C_{2})$ and from that the reconstruction numbers $r_{1},\ldots,r_{\ell}$ , we can employ (11) although the conditions of [14, Sec. 4] are not satisfied.

Theorem 16.

Let $C(L_{2})\subseteq C(L_{1})$ define a democratic secret sharing scheme as in Definition 14. We have $r_{1}=s_{1}\cdots s_{m}-(s_{1}-v_{1})\cdots(s_{m}-v_{m})+1$ and $r_{\ell}=s_{1}\cdots s_{m}-(s_{1}-j_{1})\cdots(s_{m}-j_{m})+1$ . For $i=1,\ldots,m$ consider pointsets $T_{\max}^{(i)}\subseteq S_{i}$ with $\#T_{\max}^{(i)}=s_{i}-v_{i}$ and $T_{\min}^{(i)}\subseteq S_{i}$ with $\#T_{\min}^{(i)}=s_{i}-j_{i}$ . Then $(S_{1}\times\cdots\times S_{m})\backslash(T_{\max}^{(1)}\times\cdots\times T_{% \max}^{(m)})$ is a maximal non- $1$ -qualifying set and $(S_{1}\times\cdots\times S_{m})\backslash(T_{\min}^{(1)}\times\cdots\times T_{% \min}^{(m)})$ is a maximal non- $\ell$ -unqualifying set. The latter describes the only such sets.

Proof.

The main part of the theorem follows from Remark 15. To prove the last result we must establish that the only non-zero polynomials $F(X_{1},\ldots,X_{m})$ with ${\mbox{Supp}}(F)\subseteq L_{1}$ and having exactly $D(X_{1}^{j_{1}}\cdots X_{m}^{j_{m}})$ non-roots, are all of the form

\prod_{\alpha_{1}\in S_{1}\backslash T_{\min}^{(1)}}(X_{1}-\alpha_{i})\cdots% \prod_{\alpha_{m}\in S_{m}\backslash T_{\min}^{(m)}}(X_{m}-\alpha_{m}).

Clearly, such a polynomial must have $X_{1}^{j_{1}}\cdots X_{m}^{j_{m}}$ as leading monomial as this monomial is the only in $L_{1}$ of such a small value. By inspection the last result of the theorem is then a direct consequence of [15, Th. 7] (where some care must be taken as the $D$ are used in a slightly different meaning there). ∎

Proposition 17.

Let the notation be as in Definition 14 with $s_{1}-j_{1}=\cdots=s_{m}-j_{m}$ and $j_{1}-v_{1}=\cdots=j_{m}-v_{m}$ then the scheme is democratic. For $m=2$ a sufficient condition for being democratic is that $s_{1}-j_{1}\geq s_{2}-j_{2}$ with $j_{1}-v_{1}\leq j_{2}-v_{2}+1$ .

Proof.

We only proof the latter result. We first observe that for $D(K)$ to be minimal among those $K\in\Diamond$ with $\#K=i$ it clearly holds that if $N\in K$ then all $M\in\Diamond$ which are divisible by $N$ also belong to $K$ . For a given $i$ with $1\leq i\leq\ell=\#\Box$ consider the possible $K\subseteq\Diamond$ , $\#K=i$ , with $D(K)$ being minimal. Among such sets let $K$ be chosen to contain the minimal possible number of elements outside $\Box$ . If this number equals $0$ then we are through. Hence, assume this is not the case. Without loss of generality we may assume that $K\cap\Box$ consists of full line segments $X_{1}^{i_{1}}X_{2}^{v_{2}},X_{1}^{i_{1}}X_{2}^{v_{2}+1},\ldots,X_{1}^{i_{1}}X_% {2}^{j_{2}}$ for $i_{1}=a,\ldots,j_{1}$ plus possibly some partial line segment $X_{1}^{a-1}X_{2}^{b},X_{1}^{a-1}X_{2}^{b+1},\ldots,X_{1}^{a-1}X_{2}^{j_{2}}$ . Here, $v_{1}+1\leq a\leq j_{1}$ and $v_{2}+1\leq b\leq j_{2}$ . If $K\cap\Box$ contains the mentioned partial line segment then remove from $K$ the smallest element according to $\prec^{\prime}$ , where $\prec^{\prime}$ is the lexicographic ordering with $X_{1}\prec^{\prime}X_{2}$ . By assumption this monomial belongs to $\Diamond\backslash\Box$ . Then replace it with $X_{1}^{a-1}X_{2}^{b_{1}}$ to obtain a new $K$ with the same $D$ -value (or smaller), but having less elements outside $\Box$ . But this is in contradiction with our assumption that the original $K$ was chosen to have the smallest number of elements outside $\Box$ . Hence, the partial line segment cannot exist. But then if $X_{1}^{c}X_{2}^{d}$ is the smallest element in $\Diamond\backslash\Box$ with respect to $\prec^{\prime}$ , then by removing from $K$ the line segment $X_{1}^{c}X_{2}^{d},X_{1}^{c+1}X_{2}^{d},\ldots,X_{1}^{j_{1}}X_{2}^{d}$ and adding instead the line segment $X_{1}^{a-1}X_{2}^{j_{1}-j_{2}+c},X_{1}^{a-1}X_{2}^{j_{1}-j_{2}+c+1},\ldots,X_{% 1}^{a-1}X_{2}^{j_{2}}$ we obtain a new $K$ having fewer elements outside $\Box$ and being of $D$ -value smaller than or equal to that of the previous $K$ . Again, this is a contradiction. ∎

Example 6.

The secret sharing scheme with $\Box$ and $\Diamond$ as in Example 5 is democratic.

Example 7.

Let notation be as in Definition 14 with $q>10$ , and choose $S_{1},S_{2}\subseteq{\mathbb{F}}_{q}$ of equal size $s_{1}=s_{2}=10$ . Let $v_{1}=v_{2}=2$ and $j_{1}=j_{2}=5$ . We have $n=100$ and $\ell=16$ . Consider arbitrary $T_{1}^{(i)},\ldots,T_{4}^{(i)}\subseteq S_{i}$ , $i=1,2$ of corresponding sizes $5,6,7,8$ (in that order). We have $M_{16}(C_{1},C_{2})=D(\{X_{1}^{i_{1}}X_{2}^{i_{2}}\mid 2\leq i_{1}\leq 5,2\leq i% _{2}\leq 5\})=64$ , $r_{1}=n-M_{16}(C_{1},C_{2})+1=37$ and $(S_{1}\times S_{2})\backslash(T_{4}^{(1)}\times T_{4}^{(2)})$ is a maximal $1$ -non-qualifying set. Hence, leaving out all members of $T_{4}^{(1)}\times T_{4}^{(2)}$ one cannot obtain any information. We next see that $M_{16-z}(C_{1},C_{2})=64-z$ for $z=1,2,3$ . To see this note that the relative generalized Hamming weights constitute a strictly increasing sequence, and that one cannot dicrease the value of $D$ by more than the number $z$ of removed elements from $\{X_{1}^{i_{1}}X_{2}^{i_{2}}\mid 2\leq i_{1}\leq 5,2\leq i_{2}\leq 5\}$ in the argument of $D$ as long as $z<4$ . Next $M_{12}(C_{1},C_{2})=D(\{X_{1}^{i_{1}}X_{2}^{i_{2}}\mid 3\leq i_{1}\leq 5,2\leq i% _{2}\leq 5\})=D(\{X_{1}^{i_{1}}X_{2}^{i_{2}}\mid 2\leq i_{1}\leq 5,3\leq i_{2}% \leq 5\})=M_{16}(C_{1},C_{2})-8=56$ (a jump in $1+4=5$ from $M_{13}(C_{1},C_{2})$ ). Continuing this way we see that removing $4+z$ from $\{X_{1}^{i_{1}}X_{2}^{i_{2}}\mid 2\leq i_{1}\leq 5,2\leq i_{2}\leq 5\}$ , $z=1,2$ the $D$ -value decrease by at most $4+z$ , and therefore $M_{16-(4+z)}(C_{1},C_{2})=M_{16}-(4+z)$ . Next, we can remove $4+3$ elements in such a way that the corresponding $D$ is smallest possible as follows $M_{9}(C_{1},C_{2})=D(\{X_{1}^{i_{1}}X_{2}^{i_{2}}\mid 3\leq i_{1}\leq 5,3\leq i% _{2}\leq 5\})=M_{16}(C_{1},C_{2})-7-4-4=49$ . Continuing this way see that $M_{9-z}(C_{1},C_{2})=M_{9}(C_{1},C_{2})-z$ for $z=1,2$ and that $M_{6}(C_{1},C_{2})=M_{9-3}(C_{1},C_{2})=M_{9}(C_{1},C_{2})-3-4=42$ . Next, in a similar fashion $M_{6-1}(C_{1},C_{2})=M_{6}(C_{1},C_{2})-1=41$ , but $M_{6-2}(C_{1},C_{2})=M_{6}-2-4=36$ . Finally, $M_{3}(C_{1},C_{2})=M_{4}(C_{1},C_{2})-1=35$ , $M_{2}(C_{1},C_{2})=M_{4}(C_{1},C_{2})-2-4=30$ , and $M_{1}(C_{1},C_{2})=M_{2}(C_{1},C_{2})-1-4=25$ . Regarding maximal $i$ -non-qualifying sets we have the following picture. Including from $T_{4}^{(1)}\times T_{4}^{(2)}$ , exactly $z$ members one can at most obtain $z$ $q$ -bits of information, $z=1,2,3$ . Including no members of $T_{3}^{(1)}\times T_{4}^{(2)}$ or $T_{4}^{(1)}\times T_{3}^{(2)}$ one can obtain (at most) $4$ $q$ -bits of information. Including from $T_{3}^{(1)}\times T_{4}^{(2)}$ or $T_{4}^{(1)}\times T_{3}^{(2)}$ at most $z=1,2$ members one can at most obtain $4+z$ $q$ -bits of information. Including no members of $T_{3}^{(1)}\times T_{3}^{(2)}$ one can at most obtain $7$ $q$ -bits of information. Including from $T_{3}^{(1)}\times T_{3}^{(2)}$ at most $z=1,2$ members one can at most obtain $7+z$ $q$ -bits of information. Including no elements from $T_{2}^{(1)}\times T_{3}^{(2)}$ or $T_{3}^{(1)}\times T_{2}^{(2)}$ one can obtain (at most) $10$ $q$ -bits of information. Including at most one element from either of these sets, one can at most obtain $11$ $q$ -bits of information. Including no elements from $T_{2}^{(1)}\times T_{2}^{(2)}$ one can (at most) obtain $12$ $q$ -bits of information. Including at most one element from $T_{2}^{(1)}\times T_{2}^{(2)}$ one can (at most) obtain $13$ $q$ -bits of information. Including no elements from $T_{1}^{(1)}\times T_{2}^{(2)}$ or $T_{2}^{(1)}\times T_{1}^{(2)}$ one can (at most) obtain $14$ $q$ -bits of information. Finally, including no elements from $T_{1}^{(1)}\times T_{1}^{(2)}$ one can (at most) obtain $15$ $q$ -bits of information.

Example 8.

This is a continuation of Example 7. Let instead $v_{1}=v_{2}=3$ and $j_{1}=j_{2}=6$ and let the sizes of $T_{1}^{(i)},T_{2}^{(i)},T_{3}^{(i)}$ , and $T_{4}^{(i)}$ be $4,5,6$ and $7$ (in that order) for $i=1,2$ . We again obtain maximal $16$ -unqualified, maximal $13$ -unqualified,maximal $8$ -unqualified and maximal $1$ -unqualified sets as described in the previous example. By leaving out Cartesian product pointsets of size $4\cdot 4$ , $5\cdot 5$ , $6\cdot 6$ , and $7\cdot 7$ , respectively, one is not able to obtain all information, $13$ $q$ -bits of information, $8$ $q$ -bits of information and $1$ $q$ -bit of information, respectively. Now increasing all of $v_{1},v_{2},j_{1},j_{2}$ by $1$ one cannot leave out any Cartesian product pointset of size $3\cdot 3$ , $4\cdot 4$ , $5\cdot 5$ , and $6\cdot 6$ , respectively, if one wants to obtain the mentioned amount of information. Increasing, again the parameters by $1$ , one cannot leave out any Cartesian product pointsets of size $2\cdot 2$ , $3\cdot 3$ , $4\cdot 4$ , and $5\cdot 5$ , respectively.

Theorem 18.

Consider a democratic scheme as in Definition 14 with $m=2$ (two variables), $s=s_{1}=s_{2}$ , $v=v_{1}=v_{2}$ , and $j=j_{1}=j_{2}$ . We have $n=s^{2}$ participants and the secret is of size $\ell=(j-v)^{2}$ . For $\ell\geq e\geq 1$ one can write $e$ uniquely in one of the following ways

\displaystyle e=z(z-1)-h

with

\displaystyle\sqrt{\ell}\leq z\leq 2{\mbox{ and }}0\leq h<z-1

(14)

\displaystyle e=z^{2}-h

with

\displaystyle\sqrt{\ell}\leq z\leq 1{\mbox{ and }}0\leq h\leq z-1

(15)

In situation (14) we have

M_{e}(C_{1},C_{2})=(s-j-1+z)(s-j-2+z)-h

r_{\ell-e+1}=s^{2}-(s-j-1+z)(s-j-2+z)+h+1

and by excluding any Cartesian product pointset of size $z\times(z-1)$ or $(z-1)\times z$ , but up till $h$ elements herein, one obtains at most $\ell-e$ $q$ -bits of information. In situation (15) we have

M_{e}(C_{1},C_{2})=(s-j-1+z)^{2}-h

r_{\ell-e+1}=s^{2}-(s-j-1+z)^{2}-h

and by excluding any Cartesian product pointset of size $z\times z$ , but up till $h$ elements herein, one obtains at most $\ell-e$ $q$ -bits of information. In both situations $S_{1}\times S_{2}$ with such a set removed constitutes a maximal $\ell-e$ -non-qualifying set. (if clever points are removed, otherwise not even that)

Proof.

The proof uses similar arguments as in Example 7. ∎

In a straightforward way one can generalize Theorem 18 to arbitrary $m\geq 2$ . For simplicity we here only treat the cases where entire Cartesian product pointsets are excluded.

Theorem 19.

Consider a democratic scheme as in Definition 14 with arbitrary $m\geq 2$ . Assume $s=s_{1}=\cdots=s_{m}$ , $v=v_{1}=\cdots=v_{m}$ and $j=j_{1}=\cdots=j_{m}$ . We have $s^{m}$ participants and the secret is of size $\ell=(j-v)^{m}$ . Assume $e=z^{a}(z-1)^{b}$ for some $a+b=m$ and $j-v\leq z\leq 1$ if $b=0$ or $j-v\leq z\leq 2$ if $b>0$ . Then

M_{e}(C_{1},C_{2})=(s-j-1+z)^{a}(s-j-2+z)^{b}

r_{e}(C_{1},C_{2})=s^{m}-(s-j-1+z)^{a}(s-j-2+z)^{b}+1

and by excluding any Cartesian product pointset of size $f_{1}\times\cdots\times f_{m}$ where exactly $a$ of the $f_{i}$ ’s equal $s-j-1+z$ and the remaining equal $s-j-2+z$ one obtains at most $\ell-e$ $q$ -bits of information. $S_{1}\times\cdots\times S_{m}$ with such a set removed constitutes a maximal $\ell-e$ non-qualifying set.

Remark 20.

Theorem 18 and Theorem 19 can in a straight forward manner be generalized to treat the first general case described in Proposition 17, by noting that $s_{1}-j_{1}=\cdots=s_{m}-j_{m}$ and thereby corresponds to the $s-j$ , and therefore the relative generalized Hamming weights are the same. The only changes needed is to replace $s^{m}$ with $s_{1}\cdots s_{m}$ .

We finally treat a particular secret sharing scheme fulfilling the last mentioned requirements of Proposition 17

Example 9.

This is a continuation of Example 5 and Example 6 where we treated an incidence of the second construction mentioned in Proposition 17. We have

$\displaystyle M_{6}$	$\displaystyle=$	$\displaystyle D(\Box)=16$
$\displaystyle M_{5}$	$\displaystyle=$	$\displaystyle D(\Box\backslash\{X_{1}X_{2}^{2}\})=15$
$\displaystyle M_{4}$	$\displaystyle=$	$\displaystyle D(X_{1}^{2}X_{2}^{2},X_{1}^{2}X_{2}^{3},X_{1}^{3}X_{2}^{2},X_{1}% ^{3}X_{2}^{3})=14$
$\displaystyle M_{3}$	$\displaystyle=$	$\displaystyle D(X_{1}X_{2}^{3},X_{1}^{2}X_{2}^{3},X_{1}^{3}X_{2}^{3})=10$
$\displaystyle M_{2}$	$\displaystyle=$	$\displaystyle D(X_{1}^{2}X_{2}^{3},X_{1}^{3}X_{2}^{3})=8$
$\displaystyle M_{1}$	$\displaystyle=$	$\displaystyle D(X_{1}^{3}X_{2}^{3})=6$

Let $T_{1}^{(1)},T_{2}^{(1)},T_{3}^{(1)}$ , respectively, be a subset of $S_{1}$ of cardinality $3,4,5$ , respectively, and let $T_{1}^{(2)},T_{2}^{(2)}$ , respectively, be a subset of $S_{2}$ of cardinality 2, 3, respectively. Then $(S_{1}\times S_{2})\backslash(T_{3}^{(1)}\times T_{2}^{(2)})$ is a maximal non- $1$ -qualifying set, and by adding any extra element one obtains a maximal non- $2$ -qualifying set. Further $(S_{1}\times S_{2})\backslash(T_{2}^{(1)}\times T_{2}^{(2)})$ is a maximal non- $3$ -qualifying set, $(S_{1}\times S_{2})\backslash(T_{3}^{(1)}\times T_{1}^{(2)})$ is a maximal non- $4$ -qualifying set, $(S_{1}\times S_{2})\backslash(T_{2}^{(1)}\times T_{1}^{(2)})$ is a maximal non- $5$ -qualifying set, and finally $(S_{1}\times S_{2})\backslash(T_{1}^{(1)}\times T_{1}^{(2)})$ is a maximal non- $6$ -qualifying set. Observe that a maximal non- $4$ -qualifying set cannot be expanded to a maximal non- $3$ -qualifying set. This is in contrast to the situation for the first construction mentioned in Proposition 17 where similar inclusions are always be possible.

5 Concluding remarks

We leave it as an open research question to describe additional democratic secret sharing schemes to those covered by Proposition 17 and to establish for such schemes information on maximal non- $u$ -qualifying sets. In another direction we propose it as an open research question to establish properties partly similar to the democratic properties from this paper for schemes defined from the Hermitian curve or in larger generality from the norm-trace curves. In a seperate paper we show that Theorem 3 implies that the order bound from [20] on dual codes can be employed to establish information in the primary world regarding common roots of multivariate polynomials.

Appendix A Proof of Theorem 7

Proof.

For the reconstruction numbers we observe that for any set $A$ with $\#A>n-M_{j}(C_{1},C_{2})$ the corresponding value of (4) is at most equal to $j-1$ and that some set $A$ of size $n-M_{j}(C_{1},C_{2})$ it holds that (4) equals $j$ . Therefore

r_{\ell-(j-1)}=r_{\ell-j+1}=n-M_{j}(C_{1},C_{2})+1.

Substituting $j$ with $\ell-m+1$ we obtain the desired result.
For the privacy numbers we are interested in the minimal cardinality of a set $A$ such that

m=\ell-(\dim(C_{1})_{\bar{A}}-\dim(C_{2})_{\bar{A}}),

(16)

giving which we will be able to conclude $t_{m}=\#A-1$ . By (2) we have

\ell=\dim(C_{1})_{\bar{A}}+\dim P_{A}(C_{1})-\dim(C_{2})_{\bar{A}}-\dim P_{A}(% C_{2})

and combining this with Forney’s second duality lemma [13][Lem. 2] which reads

\dim P_{A}(C)+\dim(C^{\perp})_{A}=\#A

the right hand side of (16) becomes

	$\displaystyle\dim P_{{A}}(C_{1})-\dim P_{{A}}(C_{2})$	(17)
$\displaystyle=$	$\displaystyle(\#A-\dim(C_{1}^{\perp})_{{A}})-(\#A-\dim(C_{2}^{\perp})_{{A}})$
$\displaystyle=$	$\displaystyle\dim(C_{2}^{\perp})_{{A}}-\dim(C_{1}^{\perp})_{{A}}$
$\displaystyle=$	$\displaystyle\max\{\dim D\mid D\subseteq C_{2}^{\perp},D\cap C_{1}^{\perp}=\{% \vec{0}\},{\mbox{Supp}}(D)\subseteq A\}.$

Obviously, for $\#A<M_{m}(C_{2}^{\perp},C_{1}^{\perp})$ the value in (17) is strictly less than $m$ , and for some $A$ of size $M_{m}(C_{2}^{\perp},C_{1}^{\perp})$ equality holds. This concludes the proof. ∎

References

[1] T. Bains. Generalized Hamming weights and their applications to secret sharing schemes. Master’s thesis, Univ. Amsterdam, 2008.
[2] Peter Beelen and Mrinmoy Datta. Generalized Hamming weights of affine Cartesian codes. Finite Fields and Their Applications, 51:130–145, 2018.
[3] G. R. Blakley and C. Meadows. Security of ramp schemes. In Advances in cryptology (Santa Barbara, Calif., 1984), volume 196 of Lecture Notes in Comput. Sci., pages 242–268. Springer, Berlin, 1985.
[4] S. Çalkavur, A. Bonnecaze, R. dela Cruz, and P. Solé. Code Based Secret Sharing Schemes: Applied Combinatorial Coding Theory. World Scientific, 2022.
[5] H. Chen, R. Cramer, S. Goldwasser, R. de Haan, and V. Vaikuntanathan. Secure computation from random error correcting codes. In Advances in cryptology—EUROCRYPT 2007, volume 4515 of Lecture Notes in Comput. Sci., pages 291–310. Springer, Berlin, 2007.
[6] R. Cramer and I. B. Damgård. Secure multiparty computation. Cambridge University Press, 2015.
[7] L. Csirmaz. Ramp secret sharing and secure information storage. 2009.
[8] M. Datta. Relative generalized Hamming weights of affine Cartesian codes. Designs, Codes and Cryptography, 88:1273–1284, 2020.
[9] I. M Duursma. Algebraic geometry codes: general theory. In Advances in algebraic geometry codes, pages 1–48. World Scientific, 2008.
[10] I. M. Duursma and S. Park. Coset bounds for algebraic geometric codes. Finite Fields Appl., 16(1):36–55, 2010.
[11] R. Eriguchi, N. Kunihiro, and K. Nuida. A linear algebraic approach to strongly secure ramp secret sharing for general access structures. In 2020 International Symposium on Information Theory and Its Applications (ISITA), pages 427–431. IEEE, 2020.
[12] J. Fitzgerald and R. F. Lax. Decoding affine variety codes using Gröbner bases. Des. Codes Cryptogr., 13(2):147–158, 1998.
[13] G. D. Jr. Forney. Dimension/length profiles and trellis complexity of linear block codes. IEEE Trans. Inform. Theory, 40(6):1741–1752, November 1994.
[14] C. Galindo, O. Geil, F. Hernando, and D. Ruano. Improved constructions of nested code pairs. IEEE Trans. Inform. Theory, 64(4, part 1):2444–2459, 2018.
[15] O Geil. On multivariate polynomials with many roots over a finite grid. Journal of Algebra and Its Applications, 20(08):2150136, 2021.
[16] O. Geil and T. Høholdt. Footprints or generalized Bezout’s theorem. IEEE Trans. Inform. Theory, 46(2):635–641, 2000.
[17] O. Geil and S. Martin. Relative generalized Hamming weights of q-ary Reed-Muller codes. Advances in Mathematics of Communication, 11:505–531, 2017.
[18] O. Geil, S. Martin, U. Martínez-Peñas, R. Matsumoto, and D. Ruano. On asymptotically good ramp secret sharing schemes. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 100(12):2699–2708, 2017.
[19] O. Geil, S. Martin, R. Matsumoto, D. Ruano, and Y. Luo. Relative generalized Hamming weights of one-point algebraic geometric codes. IEEE Trans. Inform. Theory, 60(10):5938–5949, 2014.
[20] T. Høholdt, J. H. van Lint, and R. Pellikaan. Algebraic geometry codes. In V. S. Pless and W. C. Huffman, editors, Handbook of Coding Theory, volume 1, pages 871–961. Elsevier, Amsterdam, 1998.
[21] M. Ito, A. Saito, and T. Nishizeki. Secret sharing scheme realizing general access structure. Electronics and Communications in Japan (Part III: Fundamental Electronic Science), 72(9):56–64, 1989.
[22] M. Iwamoto. General construction methods of secret sharing schemes and visual secret sharing schemes. PhD thesis, University Tokyo, https://ohta-lab.jp/users/misugu/research/Thesis/Thesis-iwamoto.pdf, 2004.
[23] M. Iwamoto and H. Yamamoto. Strongly secure ramp secret sharing schemes for general access structures. Information Processing Letters, 97(2):52–57, 2006.
[24] S. Krenn and T. Lorünser. An introduction to secret sharing: A systematic overview and guide for protocol selection. 2023.
[25] J. Kurihara, T. Uyematsu, and R. Matsumoto. Secret sharing schemes based on linear codes can be precisely characterized by the relative generalized Hamming weight. IEICE Trans. Fundamentals, E95-A(11):2067–2075, 2012.
[26] K. Kurosawa, K. Okada, K. Sakano, W. Ogata, and S. Tsujii. Nonperfect secret sharing schemes and matroids. In Advances in Cryptology—EUROCRYPT’93: Workshop on the Theory and Application of Cryptographic Techniques Lofthus, Norway, May 23–27, 1993 Proceedings 12, pages 126–141. Springer, 1994.
[27] U. Martínez-Peñas. Communication efficient and strongly secure secret sharing schemes based on algebraic geometry codes. IEEE Transactions on Information Theory, 64(6):4191–4206, 2018.
[28] J. L Massey. Minimal codewords and secret sharing. In Proceedings of the 6th joint Swedish-Russian international workshop on information theory, pages 276–279, 1993.
[29] A. Shamir. How to share a secret. Comm. ACM, 22(11):612–613, 1979.
[30] D. R. Stinson. An explication of secret sharing schemes. Designs, Codes and Cryptography, 2(4):357–390, 1992.
[31] D. R. Stinson and R. Wei. Bibliography on secret sharing schemes, 1998.
[32] H. Yamamoto. Secret sharing system using $(k,L,n)$ threshold scheme. Electron. Comm. Japan Part I Comm., 69(9):46–54, 1986.