Proactive Secret Sharing with a Dishonest Majority

  • Shlomi Dolev
  • Karim ElDefrawyEmail author
  • Joshua Lampkins
  • Rafail Ostrovsky
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9841)


In standard Secret Sharing (SS) a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any \(t+1\) parties can efficiently recover s. Over a long period of time all parties may be corrupted and the threshold t may be violated, which is accounted for in Proactive Secret Sharing (PSS). PSS retains confidentiality even when a mobile adversary corrupts all parties over the lifetime of the secret, but no more than a threshold t during a certain window of time, called the refresh period. Existing PSS schemes only guarantee secrecy in the presence of an honest majority with at most \(n/2-1\) total corruptions during such a refresh period; an adversary that corrupts a single additional party beyond the \(n/2-1\) threshold, even if only passively and only temporarily, obtains the secret. We develop the first PSS scheme secure in the presence of a dishonest majority. Our PSS scheme is robust and secure against \(t<n-2\) passive adversaries when there are no active corruptions, and secure but non-robust (but with identifiable aborts) against \(t<n/2-1\) active adversaries when there are no additional passive corruptions. The scheme is also secure (with identifiable aborts) against mixed adversaries controlling a combination of passively and actively corrupted parties such that if there are k active corruptions there are less than \(n-k-2\) total corruptions. Our scheme achieves these high thresholds with \(O(n^4)\) communication when sharing a single secret. We also observe that communication may be reduced to \(O(n^3)\) when sharing O(n) secrets in batches. Our work is the first result demonstrating that PSS tolerating such high thresholds and mixed adversaries is possible.



We thank Jeremiah Blocki for helpful comments and discussions on an earlier version of this paper. We also thank the anonymous reviewers for their useful feedback. Part of this work was carried out while visiting The Simmons Institute for Theory of Computation.


  1. [BCS03]
    Backes, M., Cachin, C., Strobl, R.: Proactive secure message transmission in asynchronous networks. In: Proceedings of the Twenty-Second ACM Symposium on Principles of Distributed Computing, PODC, Boston, Massachusetts, USA, 13–16 July 2003, pp. 223–232 (2003)Google Scholar
  2. [BELO14]
    Baron, J., ElDefrawy, K., Lampkins, J., Ostrovsky, R.: How to withstand mobile virus attacks, revisited. In: Proceedings of the ACM Symposium on Principles of Distributed Computing, PODC 2014, pp. 293–302. ACM, New York (2014)Google Scholar
  3. [BELO15]
    Baron, J., Defrawy, K.E., Lampkins, J., Ostrovsky, R.: Communication-optimal proactive secret sharing for dynamic groups. In: Malkin, T., et al. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 23–41. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-28166-7_2 CrossRefGoogle Scholar
  4. [BFO12]
    Ben-Sasson, E., Fehr, S., Ostrovsky, R.: Near-linear unconditionally-secure multiparty computation with a dishonest minority. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 663–680. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. [Bla79]
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of AFIPS National Computer Conference vol. 48, pp. 313–317 (1979)Google Scholar
  6. [BTH08]
    Beerliová-Trubíniová, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 213–230. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. [CCD88]
    Chaum, D., Crépeau, C., Damgard, I.: Multiparty unconditionally secure protocols. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC 1988, pp. 11–19. ACM, New York (1988)Google Scholar
  8. [CH94]
    Canetti, R., Herzberg, A.: Maintaining security in the presence of transient faults. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 425–438. Springer, Heidelberg (1994)Google Scholar
  9. [CKLS02]
    Cachin, C., Kursawe, K., Lysyanskaya, A., Strobl, R.: Asynchronous verifiable secret sharing and proactive cryptosystems. In: ACM Conference on Computer and Communications Security, pp. 88–97 (2002)Google Scholar
  10. [CL02]
    Castro, M., Liskov, B.: Practical Byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002)CrossRefGoogle Scholar
  11. [DGG+15]
    Dolev, S., Garay, J.A., Gilboa, N., Kolesnikov, V., Yuditsky, Y.: Towards efficient private distributed computation on unbounded input streams. J. Math. Cryptol. 9(2), 79–94 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  12. [DGGK09]
    Dolev, S., Garay, J., Gilboa, N., Kolesnikov, V.: Swarming secrets. In: 47th Annual Allerton Conference on Communication, Control, and Computing, Allerton, pp. 1438–1445, September 2009Google Scholar
  13. [DGGK11]
    Dolev, S., Garay, J.A., Gilboa, N., Kolesnikov, V.: Secret sharing Krohn-Rhodes: private and perennial distributed computation. In: Proceedings of the Innovations in Computer Science, ICS, 7–9 January 2011, pp. 32–44. Tsinghua University, Beijing (2010)Google Scholar
  14. [DIK+08]
    Damgård, I., Ishai, Y., Krøigaard, M., Nielsen, J.B., Smith, A.: Scalable multiparty computation with nearly optimal work and resilience. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 241–261. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. [DIK10]
    Damgård, I., Ishai, Y., Krøigaard, M.: Perfectly secure multiparty computation and the computational overhead of cryptography. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 445–465. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. [Fel87]
    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science, SFCS 1987, pp. 427–438. IEEE Computer Society, Washington, DC (1987)Google Scholar
  17. [FGMY97]
    Frankel, Y., Gemmell, P.S., MacKenzie, P.D., Yung, M.: Proactive RSA. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 440–454. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  18. [FY92]
    Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: STOC, pp. 699–710 (1992)Google Scholar
  19. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, STOC 1987, pp. 218–229. ACM, New York (1987)Google Scholar
  20. [HJKY95]
    Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)Google Scholar
  21. [HML13]
    Hirt, M., Lucas, C., Maurer, U.: A dynamic tradeoff between active and passive corruptions in secure multi-party computation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 203–219. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  22. [OY91]
    Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: PODC, pp. 51–59 (1991)Google Scholar
  23. [RB89]
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, STOC 1989, pp. 73–85. ACM, New York (1989)Google Scholar
  24. [Sch07]
    Schultz, D.: Mobile proactive secret sharing. Ph.D. thesis, Massachusetts Institute of Technology (2007)Google Scholar
  25. [Sha79]
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  26. [Tim16]
    Los Angeles Times. Anthem is warning consumers about its huge data breach. Here’s a translation (2016). Accessed 10 Feb 2015
  27. [WWW02]
    Wong, T.M., Wang, C., Wing, J.M.: Verifiable secret redistribution for archive system. In: IEEE Security in Storage Workshop, pp. 94–106 (2002)Google Scholar
  28. [ZSvR05]
    Zhou, L., Schneider, F.B., van Renesse, R.: APSS: proactive secret sharing in asynchronous systems. ACM Trans. Inf. Syst. Secur. 8(3), 259–286 (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Shlomi Dolev
    • 1
  • Karim ElDefrawy
    • 2
    Email author
  • Joshua Lampkins
    • 2
  • Rafail Ostrovsky
    • 3
  • Moti Yung
    • 4
  1. 1.Department of Computer ScienceBen-Gurion UniversityBeershebaIsrael
  2. 2.Information and Systems Sciences LaboratoryHRL LaboratoriesMalibuUSA
  3. 3.Department of Computer Science and Department of MathematicsUCLALos AngelesUSA
  4. 4.Snapchat and Department of Computer ScienceColumbia UniversityNew YorkUSA

Personalised recommendations