Visible to the public Brief Announcement: Proactive Secret Sharing with a Dishonest Majority

TitleBrief Announcement: Proactive Secret Sharing with a Dishonest Majority
Publication TypeConference Paper
Year of Publication2016
AuthorsDolev, Shlomi, ElDefrawy, Karim, Lampkins, Joshua, Ostrovsky, Rafail, Yung, Moti
Conference NameProceedings of the 2016 ACM Symposium on Principles of Distributed Computing
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3964-3
Keywordscomposability, dishonest majority, Metrics, non-robust secret sharing, proac- tive secret sharing, proactive security, pubcrawl, Resiliency, secret sharing, windows operating systems security
Abstract

In a secret sharing scheme a dealer shares a secret s among n parties such that an adversary corrupting up to t parties does not learn s, while any t+1 parties can efficiently recover s. Over a long period of time all parties may be corrupted thus violating the threshold, which is accounted for in Proactive Secret Sharing (PSS). PSS schemes periodically rerandomize (refresh) the shares of the secret and invalidate old ones. PSS retains confidentiality even when all parties are corrupted over the lifetime of the secret, but no more than t during a certain window of time, called the refresh period. Existing PSS schemes only guarantee secrecy in the presence of an honest majority with less than n2 total corruptions during a refresh period; an adversary corrupting a single additional party, even if only passively, obtains the secret. This work is the first feasibility result demonstrating PSS tolerating a dishonest majority, it introduces the first PSS scheme secure against t passive adversaries without recovery of lost shares, it can also recover from honest faulty parties losing their shares, and when tolerating e faults the scheme tolerates t passive corruptions. A non-robust version of the scheme can tolerate t active adversaries, and mixed adversaries that control a combination of passively and actively corrupted parties that are a majority, but where less than n/2-e of such corruptions are active. We achieve these high thresholds with O(n4) communication when sharing a single secret, and O(n3) communication when sharing multiple secrets in batches.

URLhttp://doi.acm.org/10.1145/2933057.2933059
DOI10.1145/2933057.2933059
Citation Keydolev_brief_2016