Scientific knowledge map · Paper #28
Communication-Optimal Proactive Secret Sharing for Dynamic Groups
2015 · International Conference on Applied Cryptography and Network Security (ACNS)
- Theory
- protocol
- scheme
Research question
What does the paper try to establish?
Can proactively protected long-lived secrets move between changing participant sets and thresholds with constant amortized communication per secret, while retaining near-optimal perfect or statistical corruption tolerance?
Central answer
What is the proposed answer?
The paper constructs a dynamic proactive secret-sharing scheme whose Redistribute protocol changes thresholds, refreshes packed polynomial sharings, and transfers them to a new group using batched sharing, hyper-invertible matrices, and error correction; it also sketches dynamic proactive MPC by redistributing between circuit layers.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence Medium
-
The complete source gives formal definitions, protocols, parameter constraints, complexity analysis, and UC proof material. The proof is not machine checked and there is no implementation or independent reproduction.
SS, PSS, and DPSS definitions UC ideal functionality and representative threshold-change simulator - Auditability High
-
A complete author-hosted full version is mirrored locally with page count and SHA-256, and an ePrint record exists, making the construction and proof material directly inspectable.
Threshold Change and Refresh Recovery protocols UC ideal functionality and representative threshold-change simulator - Production provenance Medium
-
Named authorship, author and archive copies, and an ACNS record establish baseline provenance. Roles, revision history, and artifact lineage are not captured.
Problem, techniques, contributions, and comparison Official ACNS publication record - External scrutiny Medium
-
The work has an ACNS publication record and public ePrint, but reviews, independent proof audits, and implementations were not inspected.
Official ACNS publication record - Reception High
-
OpenAlex reports 41 located citations as of 2026-07-11, meeting the site's 11+ high threshold. This count does not establish correctness or practical adoption.
Dated OpenAlex citation snapshot - Contribution significance High
-
The paper reports the first information-theoretic DPSS with constant amortized per-secret communication and near-optimal thresholds; this is a source-level priority claim, not an independent historical adjudication.
Problem, techniques, contributions, and comparison
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Communication-Optimal Proactive Secret Sharing for Dynamic Groups
A dynamic proactive secret-sharing construction that refreshes long-lived secrets while parties and thresholds change.
Problem, techniques, contributions, and comparison-
question Research question
research questionCan a mobile-adversary-resistant sharing scheme add, remove, or replace parties without the O(n⁴) or exponential communication of prior dynamic schemes?
Problem, techniques, contributions, and comparison Why prior PSS/DPSS refresh does not directly give optimal dynamic redistribution -
contribution Central answer
source assertedBatch Θ(n) secrets per polynomial and use hyper-invertible transformations plus masked share transfer so a new group receives refreshed shares while neither old nor new corruptions reveal enough correlated state.
Why prior PSS/DPSS refresh does not directly give optimal dynamic redistribution Threshold Change and Refresh Recovery protocols -
scope DPSS functionality defined
Definition 4 specifies Share, Redistribute, and Open with termination, correctness, and secrecy under a phase-by-phase mobile corruption threshold τ(n(i)) while party set and threshold change.
SS, PSS, and DPSS definitions-
threat model Mobile adversary
definedThe adversary may corrupt changing parties across phases but not more than the active threshold in any phase; perfect and statistical variants use different parameter regimes.
SS, PSS, and DPSS definitions Perfect/statistical parameter and group-change constraints -
assumption Dynamic-change constraints
explicitPerfect security limits each population change to a factor of two and requires old honest shares to interpolate new polynomials while old corrupt shares cannot; the statistical base protocol constrains threshold changes to a factor of two.
Perfect/statistical parameter and group-change constraints
-
-
method Redistribution construction specified
Four Threshold Change protocols handle increasing/decreasing thresholds with or without batch-size changes; Refresh Recovery then masks, checks, and transfers the refreshed packed shares.
Threshold Change and Refresh Recovery protocols-
component Threshold and batch transformation
specifiedHyper-invertible matrices distribute transformed sharings among old parties, who emulate trusted threshold conversion; Berlekamp-Welch reconstruction tolerates corrupted contributions.
Threshold Change and Refresh Recovery protocols -
component Masked refresh and share transfer
specifiedOld parties create U sharings of existing shares and random/zero V sharings; each new party receives a linear combination equal to its share of H+Q without the old group learning Q or the new group learning H.
Threshold Change and Refresh Recovery protocols -
component Statistical threshold amplification
describedCommittee-based party virtualization raises the low-threshold statistical base construction toward one-half corruption while preserving constant-round redistribution.
Statistical party virtualization
-
-
claim group Principal claims source asserted with proof material
The paper reports first dynamic proactive schemes with O(1) amortized communication per secret, information-theoretic security, near-optimal thresholds, and a DPMPC application.
Problem, techniques, contributions, and comparison UC ideal functionality and representative threshold-change simulator-
claim Amortized communication optimality
analytically supportedBatching O(n) secrets and moving O(n)-scale data yields O(1) amortized field elements per secret; the paper explicitly does not claim optimal non-amortized complexity.
Problem, techniques, contributions, and comparison Perfect/statistical parameter and group-change constraints -
claim Near-optimal corruption thresholds
proved conditionalThe reported perfect variant supports any threshold fraction below one third under chosen constants; party virtualization raises the statistical variant toward one half.
Problem, techniques, contributions, and comparison Perfect/statistical parameter and group-change constraints Statistical party virtualization -
claim Dynamic proactive MPC
construction sketchThe application section proposes executing Redistribute between circuit layers of an existing proactive MPC to let the computing party set and threshold evolve.
Dynamic proactive MPC application
-
-
evidence group Evidence chain formal paper evidence
The source provides precise functionality definitions, protocol pseudocode, parameter inequalities, complexity reasoning, and UC ideal/simulator material.
SS, PSS, and DPSS definitions Threshold Change and Refresh Recovery protocols UC ideal functionality and representative threshold-change simulator-
evidence Security argument
paper proof not machine checkedAppendix B writes an ideal functionality and simulator for Threshold Change2 and states analogous functionality for the other threshold-change and refresh components; this audit did not mechanically verify the extrapolation or all imported subprotocol theorems.
UC ideal functionality and representative threshold-change simulator
-
-
limitation group Trusted boundaries and limitations material
The result assumes synchrony, threshold-bounded phases, admissible population changes, large batches for amortization, and an external mechanism that agrees on new membership.
Perfect/statistical parameter and group-change constraints Threshold Change and Refresh Recovery protocols-
limitation Membership governance is external
out of scopeVoting, a trusted administrator, or a predetermined schedule must decide additions and removals; the paper explicitly leaves that mechanism outside the protocol.
Threshold Change and Refresh Recovery protocols -
limitation No implementation evidence
no empirical evaluationThe source supplies no code, benchmarks, failure experiments, concrete field sizes, or distributed-system deployment.
Dynamic proactive MPC application
-
-
artifact group Artifacts and resources
full text availableA fixed 24-page author version, its UCLA origin, IACR ePrint record, and ACNS DOI are available; no implementation repository was identified.
Problem, techniques, contributions, and comparison Official ACNS publication record -
scrutiny External scrutiny
publication recordedThe work was published at ACNS 2015; review reports, independent proof audits, and implementations were not inspected.
Official ACNS publication record -
lineage Research lineage
documentedThe construction extends paper #25's packed proactive redistribution from a fixed group to changing groups and thresholds, then reuses it as the state-refresh layer for dynamic proactive MPC.
Problem, techniques, contributions, and comparison Dynamic proactive MPC application
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Problem, techniques, contributions, and comparison Abstract and Sections 1-2, PDF pages 1-5
- Why prior PSS/DPSS refresh does not directly give optimal dynamic redistribution Section 3, PDF pages 5-6
- SS, PSS, and DPSS definitions Section 4.1, Definitions 1-4, PDF pages 6-8
- Perfect/statistical parameter and group-change constraints Section 4.2, PDF pages 8-9
- Threshold Change and Refresh Recovery protocols Section 5 and Figures 1-3, PDF pages 9-15
- Statistical party virtualization Section 6, PDF page 15
- Dynamic proactive MPC application Section 7, PDF page 16
- UC ideal functionality and representative threshold-change simulator Appendix B, PDF pages 21-24
- Official ACNS publication record ACNS 2015, pages 23-41
- Dated OpenAlex citation snapshot cited_by_count = 41, accessed 2026-07-11