Proactive Secret Sharing Or: How to Cope With Perpetual Leakage
Secret sharing schemes protect secrets by distributing them over different locations (share holders). In particular, in k out of n threshold schemes, security is assured if throughout the entire life-time of the secret the adversary is restricted to compromise less than k of the n locations. For long-lived and sensitive secrets this protection may be insufficient.
We propose an efficient proactive secret sharing scheme, where shares are periodically renewed (without changing the secret) in such a way that information gained by the adversary in one time period is useless for attacking the secret after the shares are renewed. Hence, the adversary willing to learn the secret needs to break to all k locations during the same time period (e.g., one day, a week, etc.). Furthermore, in order to guarantee the availability and integrity of the secret, we provide mechanisms to detect maliciously (or accidentally) corrupted shares, as well as mechanisms to secretly recover the correct shares when modification is detected.
- 1.M. Bellare and P. Rogaway, Optimal Asymmetric Encryption, Eurocrypt’ 94.Google Scholar
- 2.G.R. Blakley, Safeguarding Cryptographic Keys, AFIPS Con. Proc (v. 48), 1979, pp 313–317.Google Scholar
- 3.R. Canetti and A. Herzberg, Maintaining Security in the Presence of Transient Faults, Proc. Crypto’94 (LNCS 839), pp. 425–438.Google Scholar
- 4.R. Canetti and A. Herzberg, Proactive Maintenance of Authenticated Communication, manuscript, 1995.Google Scholar
- 5.B. Chor, S. Goldwasser, S. Micali and B. Awerbuch, Verifiable Secret Sharing and Achieving Simultaneous Broadcast, Proc. of IEEE Focs 1985, pp. 335–344.Google Scholar
- 6.M. Blum and S. Micali, How to Construct Cryptographically Strong Sequences of Pseudorandom Bits. SIAM J. Comp. 13, 1984.Google Scholar
- 7.A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, How to Share a Function Securely, ACM STOC 94.Google Scholar
- 9.D. Dolev, C. Dwork, O. Waarts, and M. Yung, Perfectly Secure Message Transmission, Proc. 31st Annual Symposium on the Foundations of Computer Science, 1990, (also JACM).Google Scholar
- 11.P. Feldman, A Practical Scheme for Non-Interactive Verifiable Secret Sharing, Proc. of the 28th IEEE Symposium on the Foundations of Computer Science, 1987, 427–437Google Scholar
- 14.A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk and M. Yung, Proactive Public Key and Signatures Systems, draft.Google Scholar
- 16.T. P. Pedersen, Distributed Provers with Applications to Undeniable Signature, Proc. Eurocrypt’ 91 (LNCS 547), pp. 221–242.Google Scholar
- 17.T. P. Pedersen, Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, Proc. Crypto’91 (LNCS 576), pp. 129–140.Google Scholar
- 18.R. Ostrovsky and M. Yung, How to withstand mobile virus attacks, Proc. of the 10th ACM Symp. on the Princ. of Distr. Comp., 1991, pp. 51–61.Google Scholar