Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #28

Communication-Optimal Proactive Secret Sharing for Dynamic Groups

Joshua Baron, Karim Eldefrawy, Joshua Lampkins, and Rafail Ostrovsky

2015 · International Conference on Applied Cryptography and Network Security (ACNS)

  • Theory
  • protocol
  • scheme

What does the paper try to establish?

Can proactively protected long-lived secrets move between changing participant sets and thresholds with constant amortized communication per secret, while retaining near-optimal perfect or statistical corruption tolerance?

What is the proposed answer?

The paper constructs a dynamic proactive secret-sharing scheme whose Redistribute protocol changes thresholds, refreshes packed polynomial sharings, and transfers them to a new group using batched sharing, hyper-invertible matrices, and error correction; it also sketches dynamic proactive MPC by redistributing between circuit layers.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence Medium

The complete source gives formal definitions, protocols, parameter constraints, complexity analysis, and UC proof material. The proof is not machine checked and there is no implementation or independent reproduction.

SS, PSS, and DPSS definitions UC ideal functionality and representative threshold-change simulator
Auditability High

A complete author-hosted full version is mirrored locally with page count and SHA-256, and an ePrint record exists, making the construction and proof material directly inspectable.

Threshold Change and Refresh Recovery protocols UC ideal functionality and representative threshold-change simulator
Production provenance Medium

Named authorship, author and archive copies, and an ACNS record establish baseline provenance. Roles, revision history, and artifact lineage are not captured.

Problem, techniques, contributions, and comparison Official ACNS publication record
External scrutiny Medium

The work has an ACNS publication record and public ePrint, but reviews, independent proof audits, and implementations were not inspected.

Official ACNS publication record
Reception High

OpenAlex reports 41 located citations as of 2026-07-11, meeting the site's 11+ high threshold. This count does not establish correctness or practical adoption.

Dated OpenAlex citation snapshot
Contribution significance High

The paper reports the first information-theoretic DPSS with constant amortized per-secret communication and near-optimal thresholds; this is a source-level priority claim, not an independent historical adjudication.

Problem, techniques, contributions, and comparison

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Communication-Optimal Proactive Secret Sharing for Dynamic Groups

A dynamic proactive secret-sharing construction that refreshes long-lived secrets while parties and thresholds change.

Problem, techniques, contributions, and comparison
  1. scope DPSS functionality defined

    Definition 4 specifies Share, Redistribute, and Open with termination, correctness, and secrecy under a phase-by-phase mobile corruption threshold τ(n(i)) while party set and threshold change.

    SS, PSS, and DPSS definitions
    1. assumption

      Dynamic-change constraints

      explicit

      Perfect security limits each population change to a factor of two and requires old honest shares to interpolate new polynomials while old corrupt shares cannot; the statistical base protocol constrains threshold changes to a factor of two.

      Perfect/statistical parameter and group-change constraints
  2. method Redistribution construction specified

    Four Threshold Change protocols handle increasing/decreasing thresholds with or without batch-size changes; Refresh Recovery then masks, checks, and transfers the refreshed packed shares.

    Threshold Change and Refresh Recovery protocols
    1. component

      Threshold and batch transformation

      specified

      Hyper-invertible matrices distribute transformed sharings among old parties, who emulate trusted threshold conversion; Berlekamp-Welch reconstruction tolerates corrupted contributions.

      Threshold Change and Refresh Recovery protocols
    2. component

      Masked refresh and share transfer

      specified

      Old parties create U sharings of existing shares and random/zero V sharings; each new party receives a linear combination equal to its share of H+Q without the old group learning Q or the new group learning H.

      Threshold Change and Refresh Recovery protocols
    3. component

      Statistical threshold amplification

      described

      Committee-based party virtualization raises the low-threshold statistical base construction toward one-half corruption while preserving constant-round redistribution.

      Statistical party virtualization
  3. claim group Principal claims source asserted with proof material

    The paper reports first dynamic proactive schemes with O(1) amortized communication per secret, information-theoretic security, near-optimal thresholds, and a DPMPC application.

    Problem, techniques, contributions, and comparison UC ideal functionality and representative threshold-change simulator
    1. claim

      Dynamic proactive MPC

      construction sketch

      The application section proposes executing Redistribute between circuit layers of an existing proactive MPC to let the computing party set and threshold evolve.

      Dynamic proactive MPC application
  4. evidence group Evidence chain formal paper evidence

    The source provides precise functionality definitions, protocol pseudocode, parameter inequalities, complexity reasoning, and UC ideal/simulator material.

    SS, PSS, and DPSS definitions Threshold Change and Refresh Recovery protocols UC ideal functionality and representative threshold-change simulator
    1. evidence

      Security argument

      paper proof not machine checked

      Appendix B writes an ideal functionality and simulator for Threshold Change2 and states analogous functionality for the other threshold-change and refresh components; this audit did not mechanically verify the extrapolation or all imported subprotocol theorems.

      UC ideal functionality and representative threshold-change simulator
  5. limitation group Trusted boundaries and limitations material

    The result assumes synchrony, threshold-bounded phases, admissible population changes, large batches for amortization, and an external mechanism that agrees on new membership.

    Perfect/statistical parameter and group-change constraints Threshold Change and Refresh Recovery protocols
    1. limitation

      Membership governance is external

      out of scope

      Voting, a trusted administrator, or a predetermined schedule must decide additions and removals; the paper explicitly leaves that mechanism outside the protocol.

      Threshold Change and Refresh Recovery protocols
    2. limitation

      No implementation evidence

      no empirical evaluation

      The source supplies no code, benchmarks, failure experiments, concrete field sizes, or distributed-system deployment.

      Dynamic proactive MPC application
  6. scrutiny

    External scrutiny

    publication recorded

    The work was published at ACNS 2015; review reports, independent proof audits, and implementations were not inspected.

    Official ACNS publication record

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, techniques, contributions, and comparison Abstract and Sections 1-2, PDF pages 1-5
  2. Why prior PSS/DPSS refresh does not directly give optimal dynamic redistribution Section 3, PDF pages 5-6
  3. SS, PSS, and DPSS definitions Section 4.1, Definitions 1-4, PDF pages 6-8
  4. Perfect/statistical parameter and group-change constraints Section 4.2, PDF pages 8-9
  5. Threshold Change and Refresh Recovery protocols Section 5 and Figures 1-3, PDF pages 9-15
  6. Statistical party virtualization Section 6, PDF page 15
  7. Dynamic proactive MPC application Section 7, PDF page 16
  8. UC ideal functionality and representative threshold-change simulator Appendix B, PDF pages 21-24
  9. Official ACNS publication record ACNS 2015, pages 23-41
  10. Dated OpenAlex citation snapshot cited_by_count = 41, accessed 2026-07-11