Provably Secure Proactive Secret Sharing Without the Adjacent Assumption

  • Zhe Xia
  • Bo YangEmail author
  • Yanwei Zhou
  • Mingwu Zhang
  • Hua Shen
  • Yi Mu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11821)


In secret sharing (SS), the secret is shared among a number of parties so that only a quorum of these parties can recover the secret, but a smaller set of parties cannot learn any information about the secret. However, the traditional SS technique is insufficient to protect the secret with a long lifetime, because the adversary may gradually compromise enough parties to retrieve the secret over the long time. To solve this issue, proactive secret sharing (PSS) divides the lifetime of the secret into many short time periods and the parties jointly update their secret shares in each time period. The benefit is that if the adversary cannot break into enough parties in a single time period, her compromised shares will become obsolete after the shares being updated.

In the last two decades, many PSS schemes have been proposed and they are widely used in various security protocols. However, the majority of existing PSS schemes require the adjacent assumption, i.e. if a party is corrupted during an update phase, it is corrupted in both time periods adjacent to that update phase. Note that this assumption not only hinders the security model to capture the mobile adversary’s abilities, but also prevents PSS schemes being used in many real-world applications. In this paper, we revisit the research of PSS, and our work contributes in the following aspects. Firstly, we discuss why some existing schemes (including Herzberg’s PSS scheme) cannot maintain their security when the adjacent assumption is removed. Secondly, we use the polynomial truncation method to improve Herzberg’s PSS scheme. To the best of our knowledge, our proposed scheme is the first provably secure PSS scheme without the adjacent assumption.



This work was partially supported by the National Natural Science Foundation of China (Grant No. 61572303, 61772326, 61822202, 61672010, 61702168, 61872087). We are very grateful to the anonymous reviewers for pointing out an error in a previous version of this paper as well as many valuable comments.


  1. 1.
    Almansa, J.F., Damgård, I., Nielsen, J.B.: Simplified threshold RSA with adaptive and proactive security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 593–611. Springer, Heidelberg (2006). Scholar
  2. 2.
    Baron, J., Defrawy, K., Lampkins, J., Ostrovsky, R.: How to withstand mobile virus attacks, revisited. In: ACM Symposium on Principles of Distributed Computing (PODC 2014), pp. 293–302 (2014)Google Scholar
  3. 3.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of the 20th ACM Symposium on Theory of Computing (STOC 1988), pp. 1–10 (1988)Google Scholar
  4. 4.
    Benaloh, J.C.: Secret sharing homomorphisms: keeping shares of a secret secret (extended abstract). In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 251–260. Springer, Heidelberg (1987). Scholar
  5. 5.
    Blakley, R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, vol. 48, pp. 313–317 (1979)Google Scholar
  6. 6.
    Cachin, C., Kursawe, K., Lysyanskaya, A., Strobl, R.: Asynchronous verifiable secret sharing and proactive cryptosystems. In: 9th ACM Conference on Computer and Communication Security (CCS 2002), pp. 88–97 (2002)Google Scholar
  7. 7.
    Canetti, R., Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Adaptive security for threshold cryptosystems. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 98–116. Springer, Heidelberg (1999). Scholar
  8. 8.
    Canetti, R., Halevi, S., Herzberg, A.: Maintaining authenticated communication in the presence of break-ins. In: Proceedings of the 16th ACM Symposium on Principles of Distributed Computing (PODC 1997), pp. 15–24 (1997)Google Scholar
  9. 9.
    Canetti, R., Herzberg, A.: Maintaining security in the presence of transient faults. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 425–438. Springer, Heidelberg (1994). Scholar
  10. 10.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: Proceedings of the 20th ACM Symposium on Theory of Computing (STOC 1988), pp. 11–19 (1988)Google Scholar
  11. 11.
    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th IEEE Symposium on Foundation of Computer Science (FOCS 1987), pp. 427–437 (1987)Google Scholar
  12. 12.
    Frankel, Y., Gemmell, P., MacKenzie, P., Yung, M.: Optimal-resilience proactive public-key cryptosystems. In: Proceedings of the 38th IEEE Symposium on the Foundations of Computer Science (FOCS 1997), pp. 384–393 (1997)Google Scholar
  13. 13.
    Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Proactive RSA. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 440–454. Springer, Heidelberg (1997). Scholar
  14. 14.
    Frankel, Y., MacKenzie, P., Yung, M.: Adaptively-secure optimal-resilience proactive RSA. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 180–194. Springer, Heidelberg (1999). Scholar
  15. 15.
    Frankel, Y., MacKenzie, P.D., Yung, M.: Adaptive security for the additive-sharing based proactive RSA. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 240–263. Springer, Heidelberg (2001). Scholar
  16. 16.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 1, 51–83 (2007)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th ACM Symposium on Theory of Computing (STOC 1987), pp. 218–229 (1987)Google Scholar
  18. 18.
    Hegland, A., Winjum, E., Mjolsnes, S., Rong, C., Kure, O., Spilling, P.: A survey of key management in ad hoc networks. IEEE Commun. 8(3), 48–66 (2006)Google Scholar
  19. 19.
    Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive public key and signature systems. In: 4th ACM Conference on Computer and Communication Security (CCS 1997), pp. 100–110 (1997)Google Scholar
  20. 20.
    Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995). Scholar
  21. 21.
    Jarecki, S.: Proactive secret sharing and public key cryptosystems. Master’s thesis, Department of Electrical Engineering and Computer Science, MIT (1995)Google Scholar
  22. 22.
    Nikov, V., Nikova, S.: On proactive secret sharing schemes. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 308–325. Springer, Heidelberg (2004). Scholar
  23. 23.
    Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks. In: Proceedings of the 10th ACM Symposium on the Principle of Distributed Computing (PODC 1991), pp. 51–61 (1991)Google Scholar
  24. 24.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). Scholar
  25. 25.
    Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998). Scholar
  26. 26.
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: Proceedings of the 21st ACM Symposium on Theory of Computing (STOC 1989), pp. 73–85 (1989)Google Scholar
  27. 27.
    Schultz, D., Liskov, B., Liskov, M.: MPSS: mobile proactive secret sharing. ACM Trans. Inf. Syst. Secur. 13(4), 34 (2010)CrossRefGoogle Scholar
  28. 28.
    Shamir, A.: How to share a secret. In: Proceedings of 22nd Communication of ACM, pp. 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Stinson, D.R., Wei, R.: Unconditionally secure proactive secret sharing scheme with combinatorial structures. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 200–214. Springer, Heidelberg (2000). Scholar
  30. 30.
    Yung, M.: The “mobile adversary” paradigm in distributed computation and systems. In: ACM Symposium on Principles of Distributed Computing (PODC 2015), pp. 171–172 (2015)Google Scholar
  31. 31.
    Zhou, L., Haas, Z.: Securing ad hoc networks. IEEE Netw. 13, 24–30 (1999)CrossRefGoogle Scholar
  32. 32.
    Zhou, L., Schneider, F., Renesse, R.: APSS: proactive secret sharing in asynchronous systems. ACM Trans. Inf. Syst. Secur. 8(3), 259–286 (2005)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Zhe Xia
    • 1
  • Bo Yang
    • 2
    Email author
  • Yanwei Zhou
    • 2
  • Mingwu Zhang
    • 3
    • 4
  • Hua Shen
    • 3
  • Yi Mu
    • 5
  1. 1.School of Computer Science and TechnologyWuhan University of TechnologyWuhanChina
  2. 2.School of Computer ScienceShaanxi Normal UniversityXi’anChina
  3. 3.School of ComputersHubei University of TechnologyWuhanChina
  4. 4.State Key Laboratory of CryptologyBeijingChina
  5. 5.Fujian Provincial Key Laboratory of Network Security and CryptologyCollege of Mathematics and Informatics, Fujian Normal UniversityFuzhouChina

Personalised recommendations