Scientific knowledge map · Paper #32
Proactive Secret Sharing with a Dishonest Majority
2016 · 10th Conference on Security and Cryptography for Networks (SCN)
- Theory
- protocol
- scheme
Research question
What does the paper try to establish?
How can a proactive secret-sharing scheme retain correctness and confidentiality when a mobile adversary may passively corrupt a dishonest majority within an epoch and may actively corrupt a smaller subset, while parties periodically refresh and recover shares?
Central answer
What is the proposed answer?
The paper replaces direct low-degree sharing of the secret with an additive decomposition whose summands are verifiably shared by polynomials of increasing degree. Four protocols share, reconstruct, refresh, and recover those encodings, yielding separate passive, active, mixed-adversary, robustness, and communication guarantees under a synchronous authenticated model.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence High
-
The full paper supplies an explicit mixed-adversary model, PSS definitions, four protocols, threshold accounting, and separate termination, correctness, secrecy, and robustness lemmas. This is strong multi-part formal support, although the proofs have not been mechanically checked or independently reproduced in this audit.
Polynomial-time mixed mobile adversary and multi-threshold security PSS syntax, correctness, secrecy, robustness, refresh, and recovery DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas - Auditability High
-
The complete author-uploaded full text and official DOI make assumptions, protocols, proof sketches, and limitations directly inspectable. Local file fixity and an executable artifact lineage are not recorded.
Problem, priority claim, thresholds, and communication Official peer-reviewed publication record - Production provenance Medium
-
Named authorship, author upload, venue, date, acknowledgments, and DOI establish human and lifecycle provenance. Contributor roles, revision history, tools, and explicit author approval of this map remain incomplete.
Official peer-reviewed publication record Conclusion, non-robust guarantees, communication, and asynchronous open problem - External scrutiny Medium
-
SCN publication and the paper's acknowledgment of anonymous-reviewer feedback establish external scrutiny. Review reports, independent proof reproduction, criticism, and correction records were not located.
Official peer-reviewed publication record Conclusion, non-robust guarantees, communication, and asynchronous open problem - Reception High
-
The public publication page displayed 18 citations on 2026-07-11. Under the author-defined rule, 11 or more located citations is High; the count is index- and date-dependent and does not establish correctness.
Dated citation-count snapshot - Contribution significance High
-
The paper explicitly addresses the honest-majority limitation of prior PSS and claims the first dishonest-majority construction with mixed-adversary guarantees. The source provides a new protocol family and proof treatment rather than only a position or feasibility sketch.
Problem, priority claim, thresholds, and communication Why conventional polynomial PSS fails under a passive majority DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Proactive Secret Sharing with a Dishonest Majority
A formal proactive secret-sharing construction for mixed mobile adversaries that exceeds the passive honest-majority barrier by combining additive secret decomposition, increasing-degree polynomial shares, homomorphic commitments, refresh, and recovery.
Problem, priority claim, thresholds, and communication-
question Research question
research questionCan PSS tolerate a passive dishonest majority in every epoch without losing the ability to detect active faults, refresh obsolete shares, and restore shares to rebooted parties?
Problem, priority claim, thresholds, and communication Why conventional polynomial PSS fails under a passive majority -
contribution Central answer
source assertedEncode s as random additive summands, place those summands in verifiably shared polynomials with different degrees, and operate on the family through DM-Share, DM-Reconstruct, DM-Refresh, and DM-Recover.
Additive-summand blueprint and recovery-dependent degree choices DM-Share and DM-Reconstruct -
scope System and security model explicitly scoped
Security is defined per epoch for n synchronized parties connected by authenticated broadcast and pairwise secure authenticated channels, with periodic refresh, secure deletion of old shares, and optional recovery after reboot or share loss.
Synchronous network, channels, epochs, deletion, and recovery PSS syntax, correctness, secrecy, robustness, refresh, and recovery-
threat model Mixed mobile adversary
definedA polynomial-time adversary passively reads the state of P* and may actively control A* subseteq P*. Correctness, secrecy, and robustness are parameterized by separate multi-threshold sets rather than by one undifferentiated corruption bound.
Polynomial-time mixed mobile adversary and multi-threshold security -
definition Threshold accounting
definedFor the single-recovery setting the paper states passive bound tp < n - 2, active bound ta < n/2 - 1, and mixed constraint ta + tp < n - 2, where each active corruption is also counted among passive corruptions.
Polynomial-time mixed mobile adversary and multi-threshold security Additive-summand blueprint and recovery-dependent degree choices -
assumption Environmental and cryptographic assumptions
assumedThe construction assumes synchrony, a global clock, authenticated broadcast, private authenticated channels, erasure of obsolete shares, reboot into a pristine state, and a binding/hiding homomorphic commitment; the concrete Feldman instantiation relies on discrete-log hardness.
Synchronous network, channels, epochs, deletion, and recovery Batched sharing, homomorphic commitments, and Feldman-VSS assumption
-
-
method Dishonest-majority PSS construction formally specified
The four protocols manipulate a vector of additive summands shared by polynomials whose degree profile is chosen to balance secrecy against the number of active faults and simultaneously recovering parties.
Additive-summand blueprint and recovery-dependent degree choices DM-Share and DM-Reconstruct DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas-
method Additive and polynomial encoding
specifiedDirectly placing s in one polynomial would reveal it after enough passive observations. The construction first splits s into d random summands and then shares each summand with a polynomial of a different degree, so no allowed passive view determines every summand.
Why conventional polynomial PSS fails under a passive majority Additive-summand blueprint and recovery-dependent degree choices -
protocol DM-Refresh
specified and analyzedParties verifiably share random polynomials of matching degrees whose free terms sum to zero, add the evaluations to current shares, resolve inconsistent openings by abort and identification, and delete obsolete shares.
DM-Refresh and its termination, correctness, secrecy, and robustness lemmas -
protocol DM-Recover
specified and analyzedParties mask current polynomials with random recovery polynomials that vanish at each recovering party's evaluation point. Interpolation gives replacement evaluations at those points without revealing s or other parties' shares.
DM-Recover and its termination, correctness, secrecy, and robustness lemmas
-
-
claim group Principal guarantees proved in paper
The paper separates correctness, secrecy, robustness, termination, and communication statements and conditions each one on explicit passive, active, degree, and recovery parameters.
Polynomial-time mixed mobile adversary and multi-threshold security DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas-
claim Passive confidentiality
proved conditionalIn the represented single-recovery configuration, the paper states robust secrecy for fewer than n - 2 passive corruptions and no active corruptions; without recovery the overview gives the larger fewer-than-n passive bound.
Problem, priority claim, thresholds, and communication Additive-summand blueprint and recovery-dependent degree choices DM-Refresh and its termination, correctness, secrecy, and robustness lemmas -
claim Active and mixed-adversary security
proved non robustWith one recovering party, the paper states non-robust security with identifiable abort for fewer than n/2 - 1 active corruptions and for mixed corruption sets satisfying the defined multi-threshold constraints.
Polynomial-time mixed mobile adversary and multi-threshold security Problem, priority claim, thresholds, and communication DM-Recover and its termination, correctness, secrecy, and robustness lemmas -
claim Refresh correctness, secrecy, and robustness
proved conditionalLemmas 1-4 argue termination, preservation of the encoded secret, independence of new shares from old shares, and sufficient correct interpolation points under the stated degree and corruption inequalities.
DM-Refresh and its termination, correctness, secrecy, and robustness lemmas -
claim Recovery correctness, secrecy, and robustness
proved conditionalLemmas 5-8 argue termination, reconstruction of the recovering party's correct evaluations, secrecy of the secret and other shares, and preservation under d < n - k - c for k active corruptions and c recovering parties.
DM-Recover and its termination, correctness, secrecy, and robustness lemmas -
claim Communication complexity
asymptotic analysisThe paper reports O(n^4) communication for the single-secret scheme and an O(n) batching factor that reduces the effective per-secret cost, with O(n^3) communication for recovery of an O(n)-secret batch.
Problem, priority claim, thresholds, and communication Batched communication reduction
-
-
evidence group Evidence chain formal paper analysis
Evidence consists of explicit syntax and adversary definitions, four concrete protocols, homomorphic-commitment checks, interpolation arguments, and eight proof lemmas. The proofs were read but not mechanically checked or independently reproduced for this map.
PSS syntax, correctness, secrecy, robustness, refresh, and recovery DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas-
evidence Refresh proof structure
proof inspected not reproducedBinding commitments detect inconsistent distributions; zero-sum constant terms preserve s; one honest random contribution rerandomizes the family; and degree bounds ensure enough correct points remain for interpolation.
DM-Refresh and its termination, correctness, secrecy, and robustness lemmas -
evidence Recovery proof structure
proof inspected not reproducedVanishing masks preserve the recovering evaluations, computational hiding protects the random recovery polynomials, and the threshold inequalities guarantee enough correct shares to interpolate them.
DM-Recover and its termination, correctness, secrecy, and robustness lemmas
-
-
limitation group Boundaries and open problems material
Active security is non-robust, recovery consumes resilience, security depends on computational commitments and secure erasure, the network is synchronous, and the fully specified batched protocols are deferred beyond the represented version.
Synchronous network, channels, epochs, deletion, and recovery Batched sharing, homomorphic commitments, and Feldman-VSS assumption Batched communication reduction Conclusion, non-robust guarantees, communication, and asynchronous open problem-
limitation Asynchrony and communication remain open
open problemThe conclusion leaves lower communication and dishonest-majority PSS over asynchronous networks unresolved; the construction itself assumes synchrony.
Conclusion, non-robust guarantees, communication, and asynchronous open problem
-
-
artifact group Sources and artifacts
publicly availableA complete author-uploaded paper and official Springer record are public. The represented work is a protocol-and-proof paper and does not claim a software implementation or reproducibility package.
Problem, priority claim, thresholds, and communication Official peer-reviewed publication record -
scrutiny External scrutiny
venue reviewedThe work appeared at SCN 2016 and acknowledges anonymous-reviewer feedback. Public review reports, machine proof checking, independent reproduction, and a correction history were not located in this audit.
Official peer-reviewed publication record Conclusion, non-robust guarantees, communication, and asynchronous open problem -
lineage Research lineage
documentedThe paper extends classical proactive secret sharing and mixed-adversary gradual sharing, and its static dishonest-majority construction becomes a baseline later work seeks to batch, generalize, or make dynamic.
Why conventional polynomial PSS fails under a passive majority Conclusion, non-robust guarantees, communication, and asynchronous open problem
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Problem, priority claim, thresholds, and communication Abstract and Section 1, PDF pages 1-3
- Why conventional polynomial PSS fails under a passive majority Section 2, PDF pages 3-4
- Synchronous network, channels, epochs, deletion, and recovery Section 3.1, PDF pages 4-5
- Polynomial-time mixed mobile adversary and multi-threshold security Section 3.2, PDF pages 5-6
- PSS syntax, correctness, secrecy, robustness, refresh, and recovery Section 3.3, PDF pages 6-7
- Batched sharing, homomorphic commitments, and Feldman-VSS assumption Section 3.4, PDF pages 7-8
- Additive-summand blueprint and recovery-dependent degree choices Sections 4.1-4.2, PDF pages 8-10
- DM-Refresh and its termination, correctness, secrecy, and robustness lemmas Sections 4.4 and 4.6, PDF pages 12-16
- DM-Recover and its termination, correctness, secrecy, and robustness lemmas Sections 4.5 and 4.6, PDF pages 14-18
- Batched communication reduction Section 4.7, PDF page 18
- Conclusion, non-robust guarantees, communication, and asynchronous open problem Section 5, PDF page 19
- Official peer-reviewed publication record SCN 2016, pages 529-548, DOI 10.1007/978-3-319-44618-9_28
- Dated citation-count snapshot ResearchGate displayed 18 citations when accessed 2026-07-11