On Proactive Secret Sharing Schemes

This paper investigates the security of Proactive Secret Sharing Schemes. We start with revision of the mobile adversary model of Herzberg's et al. imposing less restriction to the adversary. We first investigate the approach of using commitment to 0 in the renewal phase in order to renew the player's shares. In the considered model some well known computationally secure protocols (which use this approach) turns out to be vulnerable to a specific attack. We show that this type of attack is applicable also in the unconditional case. Then we extend the attack of D'Arco and Stinson to non-symmetric polynomials, which is applicable even in the mobile adversary model of Herzberg et al. Next the conditions for the security of a proactive scheme using this approach are shown. We also investigate another approach to add proactivity, namely using re-sharing instead of commitment to 0. Two protocols using this approach are described and it is shown that both are not secure against a mobile adversary. The main contribution of the paper is to show specific weaknesses, when a mobile adversary is considered.

[1]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[2]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[3]  Bart Preneel,et al.  Multi-party Computation from Any Linear Secret Sharing Scheme Unconditionally Secure against Adaptive Adversary: The Zero-Error Case , 2003, ACNS.

[4]  Douglas R. Stinson,et al.  On Unconditionally Secure Robust Distributed Key Distribution Centers , 2002, ASIACRYPT.

[5]  Joos Vandewalle,et al.  Applying General Access Structure to Proactive Secret Sharing Schemes , 2002, IACR Cryptol. ePrint Arch..

[6]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[7]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[8]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[9]  Joos Vandewalle,et al.  On Distributed Key Distribution Centers and Unconditionally Secure Proactive Verifiable Secret Sharing Schemes Based on General Access Structure , 2002, INDOCRYPT.

[10]  Douglas R. Stinson,et al.  Unconditionally Secure Proactive Secret Sharing Scheme with Combinatorial Structures , 1999, Selected Areas in Cryptography.

[11]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[12]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[13]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[14]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[15]  Stanisław Jarecki,et al.  Proactive secret sharing and public key cryptosystems , 1995 .