Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

  • Amir Herzberg
  • Stanisław Jarecki
  • Hugo Krawczyk
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 963)


Secret sharing schemes protect secrets by distributing them over different locations (share holders). In particular, in k out of n threshold schemes, security is assured if throughout the entire life-time of the secret the adversary is restricted to compromise less than k of the n locations. For long-lived and sensitive secrets this protection may be insufficient.

We propose an efficient proactive secret sharing scheme, where shares are periodically renewed (without changing the secret) in such a way that information gained by the adversary in one time period is useless for attacking the secret after the shares are renewed. Hence, the adversary willing to learn the secret needs to break to all k locations during the same time period (e.g., one day, a week, etc.). Furthermore, in order to guarantee the availability and integrity of the secret, we provide mechanisms to detect maliciously (or accidentally) corrupted shares, as well as mechanisms to secretly recover the correct shares when modification is detected.


Secret Sharing Secret Share Scheme Threshold Scheme Probabilistic Encryption Secret Reconstruction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare and P. Rogaway, Optimal Asymmetric Encryption, Eurocrypt’ 94.Google Scholar
  2. 2.
    G.R. Blakley, Safeguarding Cryptographic Keys, AFIPS Con. Proc (v. 48), 1979, pp 313–317.Google Scholar
  3. 3.
    R. Canetti and A. Herzberg, Maintaining Security in the Presence of Transient Faults, Proc. Crypto’94 (LNCS 839), pp. 425–438.Google Scholar
  4. 4.
    R. Canetti and A. Herzberg, Proactive Maintenance of Authenticated Communication, manuscript, 1995.Google Scholar
  5. 5.
    B. Chor, S. Goldwasser, S. Micali and B. Awerbuch, Verifiable Secret Sharing and Achieving Simultaneous Broadcast, Proc. of IEEE Focs 1985, pp. 335–344.Google Scholar
  6. 6.
    M. Blum and S. Micali, How to Construct Cryptographically Strong Sequences of Pseudorandom Bits. SIAM J. Comp. 13, 1984.Google Scholar
  7. 7.
    A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, How to Share a Function Securely, ACM STOC 94.Google Scholar
  8. 8.
    Y. Desmedt and Y. Frankel, Threshold cryptosystems, In G. Brassard, editor, Advances in Cryptology, Proc. of Crypto’ 89 (Lecture Notes in Computer Science 435), pages 307–315. Springer-Verlag, 1990.CrossRefGoogle Scholar
  9. 9.
    D. Dolev, C. Dwork, O. Waarts, and M. Yung, Perfectly Secure Message Transmission, Proc. 31st Annual Symposium on the Foundations of Computer Science, 1990, (also JACM).Google Scholar
  10. 10.
    T. El Gamal, A Public key cryptosystem and a signature scheme based on discrete logarithm, IEEE Trans. on Information Theory 31, 465–472, 1985.CrossRefGoogle Scholar
  11. 11.
    P. Feldman, A Practical Scheme for Non-Interactive Verifiable Secret Sharing, Proc. of the 28th IEEE Symposium on the Foundations of Computer Science, 1987, 427–437Google Scholar
  12. 12.
    S. Goldwasser and S. Micali, Probabilistic Encryption, J. Com. Sys. Sci. 28 (1984), pp 270–299.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    S. Goldwasser, S. Micali and R. Rivest, A Secure Digital Signature Scheme, Siam Journal of Computing, Vol. 17,2 (1988), pp. 281–308.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk and M. Yung, Proactive Public Key and Signatures Systems, draft.Google Scholar
  15. 15.
    D.L. Long and A. Wigderson, The Discrete Log. Problem Hides O(Log N) Bits. SIAM J. Comp. 17, 1988, pp. 363–372.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    T. P. Pedersen, Distributed Provers with Applications to Undeniable Signature, Proc. Eurocrypt’ 91 (LNCS 547), pp. 221–242.Google Scholar
  17. 17.
    T. P. Pedersen, Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, Proc. Crypto’91 (LNCS 576), pp. 129–140.Google Scholar
  18. 18.
    R. Ostrovsky and M. Yung, How to withstand mobile virus attacks, Proc. of the 10th ACM Symp. on the Princ. of Distr. Comp., 1991, pp. 51–61.Google Scholar
  19. 19.
    A. Shamir. How to share a secret, Commun. ACM, 22 (1979), pp 612–613.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Amir Herzberg
    • 1
  • Stanisław Jarecki
    • 1
    • 2
  • Hugo Krawczyk
    • 1
  • Moti Yung
    • 1
  1. 1.IBM T.J. Watson Research CenterYorktown Heights
  2. 2.Laboratory of Computer ScienceMassachusetts Institute of TechnologyUSA

Personalised recommendations