{"schema_version":"0.1","map_id":"paper-28-map","publication_id":28,"publication_anchor":"paper-28","slug":"paper-28","canonical_path":"/knowledge/papers/paper-28/","machine_path":"/knowledge/papers/paper-28.json","root_node_id":"paper-28","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Communication-Optimal Proactive Secret Sharing for Dynamic Groups","year":2015,"status":"Published","venue":"International Conference on Applied Cryptography and Network Security (ACNS)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Joshua Baron","Karim Eldefrawy","Joshua Lampkins","Rafail Ostrovsky"],"keywords":["proactive secret sharing","dynamic groups","communication complexity"],"research_question":"Can proactively protected long-lived secrets move between changing participant sets and thresholds with constant amortized communication per secret, while retaining near-optimal perfect or statistical corruption tolerance?","central_answer":"The paper constructs a dynamic proactive secret-sharing scheme whose Redistribute protocol changes thresholds, refreshes packed polynomial sharings, and transfers them to a new group using batched sharing, hyper-invertible matrices, and error correction; it also sketches dynamic proactive MPC by redistributing between circuit layers.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, definition/assumption mapping, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete 24-page UCLA author-hosted version, including definitions, threshold constraints, four threshold-change cases, refresh/recovery, UC proof appendix, and the DPMPC application. PDF pages 1 and 14 were rendered and visually inspected.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. Security and optimality claims were mapped from the paper but not independently reproved."}},"sources":[{"id":"source-paper-28-fulltext","type":"scholarly_article","title":"Communication-Optimal Proactive Secret Sharing for Dynamic Groups (author-hosted full version)","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf","media_type":"application/pdf","sha256":"ba44ecd33639b11a480cd69d8455eefe3584bce3c14b9ad81e727a10babbfc72","page_count":24,"provenance_category":"author","version_note":"Complete author version; not compared line by line with the ACNS proceedings text or IACR ePrint revision history."},{"id":"source-paper-28-author-origin","type":"author_copy","title":"UCLA author copy","url":"https://web.cs.ucla.edu/~rafail/PUBLIC/188.pdf"},{"id":"source-paper-28-archive","type":"manuscript_archive","title":"IACR ePrint 2015/304","url":"https://eprint.iacr.org/2015/304"},{"id":"source-paper-28-official","type":"publication_record","title":"ACNS publication record","url":"https://doi.org/10.1007/978-3-319-28166-7_2"},{"id":"source-paper-28-citations","type":"scholarly_index","title":"OpenAlex work record for paper #28","url":"https://openalex.org/W2296195235","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-28-problem","source_id":"source-paper-28-fulltext","label":"Problem, techniques, contributions, and comparison","locator":"Abstract and Sections 1-2, PDF pages 1-5","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=1"},{"id":"anchor-paper-28-roadblocks","source_id":"source-paper-28-fulltext","label":"Why prior PSS/DPSS refresh does not directly give optimal dynamic redistribution","locator":"Section 3, PDF pages 5-6","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=5"},{"id":"anchor-paper-28-definitions","source_id":"source-paper-28-fulltext","label":"SS, PSS, and DPSS definitions","locator":"Section 4.1, Definitions 1-4, PDF pages 6-8","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=6"},{"id":"anchor-paper-28-parameters","source_id":"source-paper-28-fulltext","label":"Perfect/statistical parameter and group-change constraints","locator":"Section 4.2, PDF pages 8-9","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=8"},{"id":"anchor-paper-28-redistribution","source_id":"source-paper-28-fulltext","label":"Threshold Change and Refresh Recovery protocols","locator":"Section 5 and Figures 1-3, PDF pages 9-15","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=9"},{"id":"anchor-paper-28-virtualization","source_id":"source-paper-28-fulltext","label":"Statistical party virtualization","locator":"Section 6, PDF page 15","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=15"},{"id":"anchor-paper-28-dpmpc","source_id":"source-paper-28-fulltext","label":"Dynamic proactive MPC application","locator":"Section 7, PDF page 16","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=16"},{"id":"anchor-paper-28-proof","source_id":"source-paper-28-fulltext","label":"UC ideal functionality and representative threshold-change simulator","locator":"Appendix B, PDF pages 21-24","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=21"},{"id":"anchor-paper-28-publication","source_id":"source-paper-28-official","label":"Official ACNS publication record","locator":"ACNS 2015, pages 23-41","url":"https://doi.org/10.1007/978-3-319-28166-7_2"},{"id":"anchor-paper-28-citations","source_id":"source-paper-28-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 41, accessed 2026-07-11","url":"https://openalex.org/W2296195235"}],"nodes":[{"id":"paper-28","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Communication-Optimal Proactive Secret Sharing for Dynamic Groups","summary":"A dynamic proactive secret-sharing construction that refreshes long-lived secrets while parties and thresholds change.","source_anchor_ids":["anchor-paper-28-problem"]},{"id":"paper-28-question","kind":"question","parent_id":"paper-28","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a mobile-adversary-resistant sharing scheme add, remove, or replace parties without the O(n⁴) or exponential communication of prior dynamic schemes?","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-roadblocks"]},{"id":"paper-28-answer","kind":"contribution","parent_id":"paper-28","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Batch Θ(n) secrets per polynomial and use hyper-invertible transformations plus masked share transfer so a new group receives refreshed shares while neither old nor new corruptions reveal enough correlated state.","source_anchor_ids":["anchor-paper-28-roadblocks","anchor-paper-28-redistribution"]},{"id":"paper-28-scope","kind":"scope","parent_id":"paper-28","order":3,"epistemic_status":"defined","title":"DPSS functionality","summary":"Definition 4 specifies Share, Redistribute, and Open with termination, correctness, and secrecy under a phase-by-phase mobile corruption threshold τ(n(i)) while party set and threshold change.","source_anchor_ids":["anchor-paper-28-definitions"]},{"id":"paper-28-scope-adversary","kind":"threat_model","parent_id":"paper-28-scope","order":1,"epistemic_status":"defined","title":"Mobile adversary","summary":"The adversary may corrupt changing parties across phases but not more than the active threshold in any phase; perfect and statistical variants use different parameter regimes.","source_anchor_ids":["anchor-paper-28-definitions","anchor-paper-28-parameters"]},{"id":"paper-28-scope-constraints","kind":"assumption","parent_id":"paper-28-scope","order":2,"epistemic_status":"explicit","title":"Dynamic-change constraints","summary":"Perfect security limits each population change to a factor of two and requires old honest shares to interpolate new polynomials while old corrupt shares cannot; the statistical base protocol constrains threshold changes to a factor of two.","source_anchor_ids":["anchor-paper-28-parameters"]},{"id":"paper-28-method","kind":"method","parent_id":"paper-28","order":4,"epistemic_status":"specified","title":"Redistribution construction","summary":"Four Threshold Change protocols handle increasing/decreasing thresholds with or without batch-size changes; Refresh Recovery then masks, checks, and transfers the refreshed packed shares.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-method-threshold","kind":"component","parent_id":"paper-28-method","order":1,"epistemic_status":"specified","title":"Threshold and batch transformation","summary":"Hyper-invertible matrices distribute transformed sharings among old parties, who emulate trusted threshold conversion; Berlekamp-Welch reconstruction tolerates corrupted contributions.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-method-refresh","kind":"component","parent_id":"paper-28-method","order":2,"epistemic_status":"specified","title":"Masked refresh and share transfer","summary":"Old parties create U sharings of existing shares and random/zero V sharings; each new party receives a linear combination equal to its share of H+Q without the old group learning Q or the new group learning H.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-method-virtualization","kind":"component","parent_id":"paper-28-method","order":3,"epistemic_status":"described","title":"Statistical threshold amplification","summary":"Committee-based party virtualization raises the low-threshold statistical base construction toward one-half corruption while preserving constant-round redistribution.","source_anchor_ids":["anchor-paper-28-virtualization"]},{"id":"paper-28-claims","kind":"claim_group","parent_id":"paper-28","order":5,"epistemic_status":"source_asserted_with_proof_material","title":"Principal claims","summary":"The paper reports first dynamic proactive schemes with O(1) amortized communication per secret, information-theoretic security, near-optimal thresholds, and a DPMPC application.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-proof"]},{"id":"paper-28-claim-complexity","kind":"claim","parent_id":"paper-28-claims","order":1,"epistemic_status":"analytically_supported","title":"Amortized communication optimality","summary":"Batching O(n) secrets and moving O(n)-scale data yields O(1) amortized field elements per secret; the paper explicitly does not claim optimal non-amortized complexity.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-parameters"]},{"id":"paper-28-claim-thresholds","kind":"claim","parent_id":"paper-28-claims","order":2,"epistemic_status":"proved_conditional","title":"Near-optimal corruption thresholds","summary":"The reported perfect variant supports any threshold fraction below one third under chosen constants; party virtualization raises the statistical variant toward one half.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-parameters","anchor-paper-28-virtualization"]},{"id":"paper-28-claim-dpmpc","kind":"claim","parent_id":"paper-28-claims","order":3,"epistemic_status":"construction_sketch","title":"Dynamic proactive MPC","summary":"The application section proposes executing Redistribute between circuit layers of an existing proactive MPC to let the computing party set and threshold evolve.","source_anchor_ids":["anchor-paper-28-dpmpc"]},{"id":"paper-28-evidence","kind":"evidence_group","parent_id":"paper-28","order":6,"epistemic_status":"formal_paper_evidence","title":"Evidence chain","summary":"The source provides precise functionality definitions, protocol pseudocode, parameter inequalities, complexity reasoning, and UC ideal/simulator material.","source_anchor_ids":["anchor-paper-28-definitions","anchor-paper-28-redistribution","anchor-paper-28-proof"]},{"id":"paper-28-evidence-proof","kind":"evidence","parent_id":"paper-28-evidence","order":1,"epistemic_status":"paper_proof_not_machine_checked","title":"Security argument","summary":"Appendix B writes an ideal functionality and simulator for Threshold Change2 and states analogous functionality for the other threshold-change and refresh components; this audit did not mechanically verify the extrapolation or all imported subprotocol theorems.","source_anchor_ids":["anchor-paper-28-proof"]},{"id":"paper-28-boundaries","kind":"limitation_group","parent_id":"paper-28","order":7,"epistemic_status":"material","title":"Trusted boundaries and limitations","summary":"The result assumes synchrony, threshold-bounded phases, admissible population changes, large batches for amortization, and an external mechanism that agrees on new membership.","source_anchor_ids":["anchor-paper-28-parameters","anchor-paper-28-redistribution"]},{"id":"paper-28-boundary-governance","kind":"limitation","parent_id":"paper-28-boundaries","order":1,"epistemic_status":"out_of_scope","title":"Membership governance is external","summary":"Voting, a trusted administrator, or a predetermined schedule must decide additions and removals; the paper explicitly leaves that mechanism outside the protocol.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-boundary-evidence","kind":"limitation","parent_id":"paper-28-boundaries","order":2,"epistemic_status":"no_empirical_evaluation","title":"No implementation evidence","summary":"The source supplies no code, benchmarks, failure experiments, concrete field sizes, or distributed-system deployment.","source_anchor_ids":["anchor-paper-28-dpmpc"]},{"id":"paper-28-artifacts","kind":"artifact_group","parent_id":"paper-28","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"A fixed 24-page author version, its UCLA origin, IACR ePrint record, and ACNS DOI are available; no implementation repository was identified.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-publication"]},{"id":"paper-28-scrutiny","kind":"scrutiny","parent_id":"paper-28","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The work was published at ACNS 2015; review reports, independent proof audits, and implementations were not inspected.","source_anchor_ids":["anchor-paper-28-publication"]},{"id":"paper-28-lineage","kind":"lineage","parent_id":"paper-28","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The construction extends paper #25's packed proactive redistribution from a fixed group to changing groups and thresholds, then reuses it as the state-refresh layer for dynamic proactive MPC.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-dpmpc"]}],"relations":[{"id":"relation-paper-28-answer-addresses-question","type":"addresses","from_id":"paper-28-answer","to_id":"paper-28-question"},{"id":"relation-paper-28-method-realizes-answer","type":"realizes","from_id":"paper-28-method","to_id":"paper-28-answer"},{"id":"relation-paper-28-proof-supports-thresholds","type":"supports","from_id":"paper-28-evidence-proof","to_id":"paper-28-claim-thresholds"},{"id":"relation-paper-28-constraints-qualify-thresholds","type":"qualifies","from_id":"paper-28-scope-constraints","to_id":"paper-28-claim-thresholds"},{"id":"relation-paper-28-governance-qualifies-answer","type":"qualifies","from_id":"paper-28-boundary-governance","to_id":"paper-28-answer"},{"id":"relation-paper-28-dpmpc-contextualizes-lineage","type":"contextualizes","from_id":"paper-28-claim-dpmpc","to_id":"paper-28-lineage"},{"id":"relation-paper-28-artifacts-enable-audit","type":"enables_audit_of","from_id":"paper-28-artifacts","to_id":"paper-28-evidence"}],"assessment":{"id":"paper-28-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete source gives formal definitions, protocols, parameter constraints, complexity analysis, and UC proof material. The proof is not machine checked and there is no implementation or independent reproduction.","basis_source_anchor_ids":["anchor-paper-28-definitions","anchor-paper-28-proof"]},{"id":"auditability","level":"high","rationale":"A complete author-hosted full version is mirrored locally with page count and SHA-256, and an ePrint record exists, making the construction and proof material directly inspectable.","basis_source_anchor_ids":["anchor-paper-28-redistribution","anchor-paper-28-proof"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author and archive copies, and an ACNS record establish baseline provenance. Roles, revision history, and artifact lineage are not captured.","basis_source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an ACNS publication record and public ePrint, but reviews, independent proof audits, and implementations were not inspected.","basis_source_anchor_ids":["anchor-paper-28-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reports 41 located citations as of 2026-07-11, meeting the site's 11+ high threshold. This count does not establish correctness or practical adoption.","basis_source_anchor_ids":["anchor-paper-28-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper reports the first information-theoretic DPSS with constant amortized per-secret communication and near-optimal thresholds; this is a source-level priority claim, not an independent historical adjudication.","basis_source_anchor_ids":["anchor-paper-28-problem"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2296195235","citation_count":41,"signals":[],"limitation":"OpenAlex coverage, deduplication, and version merging are imperfect; this is a dated located-citation snapshot."}}
