Advances in Cryptology — CRYPT0’ 95

Volume 963 of the series Lecture Notes in Computer Science pp 339-352


Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

  • Amir HerzbergAffiliated withIBM T.J. Watson Research Center
  • , Stanisław JareckiAffiliated withIBM T.J. Watson Research CenterLaboratory of Computer Science, Massachusetts Institute of Technology
  • , Hugo KrawczykAffiliated withIBM T.J. Watson Research Center
  • , Moti YungAffiliated withIBM T.J. Watson Research Center


Secret sharing schemes protect secrets by distributing them over different locations (share holders). In particular, in k out of n threshold schemes, security is assured if throughout the entire life-time of the secret the adversary is restricted to compromise less than k of the n locations. For long-lived and sensitive secrets this protection may be insufficient.

We propose an efficient proactive secret sharing scheme, where shares are periodically renewed (without changing the secret) in such a way that information gained by the adversary in one time period is useless for attacking the secret after the shares are renewed. Hence, the adversary willing to learn the secret needs to break to all k locations during the same time period (e.g., one day, a week, etc.). Furthermore, in order to guarantee the availability and integrity of the secret, we provide mechanisms to detect maliciously (or accidentally) corrupted shares, as well as mechanisms to secretly recover the correct shares when modification is detected.