Proactive Secret Sharing with a Dishonest Majority

In standard Secret Sharing SS a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any $$t+1$$ parties can efficiently recover s. Over a long period of time all parties may be corrupted and the threshold t may be violated, which is accounted for in Proactive Secret Sharing PSS. PSS retains confidentiality even when a mobile adversary corrupts all parties over the lifetime of the secret, but no more than a threshold t during a certain window of time, called the refresh period. Existing PSS schemes only guarantee secrecy in the presence of an honest majority with at most $$n/2-1$$ total corruptions during such a refresh period; an adversary that corrupts a single additional party beyond the $$n/2-1$$ threshold, even if only passively and only temporarily, obtains the secret. We develop the first PSS scheme secure in the presence of a dishonest majority. Our PSS scheme is robust and secure against $$t<n-2$$ passive adversaries when there are no active corruptions, and secure but non-robust but with identifiable aborts against $$t<n/2-1$$ active adversaries when there are no additional passive corruptions. The scheme is also secure with identifiable aborts against mixed adversaries controlling a combination of passively and actively corrupted parties such that if there are k active corruptions there are less than $$n-k-2$$ total corruptions. Our scheme achieves these high thresholds with $$On^4$$ communication when sharing a single secret. We also observe that communication may be reduced to $$On^3$$ when sharing On secrets in batches. Our work is the first result demonstrating that PSS tolerating such high thresholds and mixed adversaries is possible.

[1]  Rafail Ostrovsky,et al.  Communication-Optimal Proactive Secret Sharing for Dynamic Groups , 2015, ACNS.

[2]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[3]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[4]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[5]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[6]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[7]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[8]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[9]  Moses D. Liskov,et al.  Mobile proactive secret sharing , 2008, PODC '08.

[10]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[11]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[12]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[13]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[14]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[15]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[16]  Shlomi Dolev,et al.  Towards efficient private distributed computation on unbounded input streams , 2012, J. Math. Cryptol..

[17]  Michael Backes,et al.  Proactive secure message transmission in asynchronous networks , 2003, PODC '03.

[18]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[19]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[20]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks, revisited , 2014, PODC '14.

[21]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[22]  Rafail Ostrovsky,et al.  Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority , 2012, CRYPTO.

[23]  Shlomi Dolev,et al.  Swarming secrets , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[24]  Ueli Maurer,et al.  A Dynamic Tradeoff Between Active and Passive Corruptions in Secure Multi-Party Computation , 2013, IACR Cryptol. ePrint Arch..

[25]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[26]  Shlomi Dolev,et al.  Secret Sharing Krohn-Rhodes: Private and Perennial Distributed Computation , 2011, ICS.