Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #32

Proactive Secret Sharing with a Dishonest Majority

Shlomi Dolev, Karim Eldefrawy, Joshua Lampkins, Rafail Ostrovsky, and Moti Yung

2016 · 10th Conference on Security and Cryptography for Networks (SCN)

  • Theory
  • protocol
  • scheme

What does the paper try to establish?

How can a proactive secret-sharing scheme retain correctness and confidentiality when a mobile adversary may passively corrupt a dishonest majority within an epoch and may actively corrupt a smaller subset, while parties periodically refresh and recover shares?

What is the proposed answer?

The paper replaces direct low-degree sharing of the secret with an additive decomposition whose summands are verifiably shared by polynomials of increasing degree. Four protocols share, reconstruct, refresh, and recover those encodings, yielding separate passive, active, mixed-adversary, robustness, and communication guarantees under a synchronous authenticated model.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The full paper supplies an explicit mixed-adversary model, PSS definitions, four protocols, threshold accounting, and separate termination, correctness, secrecy, and robustness lemmas. This is strong multi-part formal support, although the proofs have not been mechanically checked or independently reproduced in this audit.

Polynomial-time mixed mobile adversary and multi-threshold security PSS syntax, correctness, secrecy, robustness, refresh, and recovery DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas
Auditability High

The complete author-uploaded full text and official DOI make assumptions, protocols, proof sketches, and limitations directly inspectable. Local file fixity and an executable artifact lineage are not recorded.

Problem, priority claim, thresholds, and communication Official peer-reviewed publication record
Production provenance Medium

Named authorship, author upload, venue, date, acknowledgments, and DOI establish human and lifecycle provenance. Contributor roles, revision history, tools, and explicit author approval of this map remain incomplete.

Official peer-reviewed publication record Conclusion, non-robust guarantees, communication, and asynchronous open problem
External scrutiny Medium

SCN publication and the paper's acknowledgment of anonymous-reviewer feedback establish external scrutiny. Review reports, independent proof reproduction, criticism, and correction records were not located.

Official peer-reviewed publication record Conclusion, non-robust guarantees, communication, and asynchronous open problem
Reception High

The public publication page displayed 18 citations on 2026-07-11. Under the author-defined rule, 11 or more located citations is High; the count is index- and date-dependent and does not establish correctness.

Dated citation-count snapshot
Contribution significance High

The paper explicitly addresses the honest-majority limitation of prior PSS and claims the first dishonest-majority construction with mixed-adversary guarantees. The source provides a new protocol family and proof treatment rather than only a position or feasibility sketch.

Problem, priority claim, thresholds, and communication Why conventional polynomial PSS fails under a passive majority DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Proactive Secret Sharing with a Dishonest Majority

A formal proactive secret-sharing construction for mixed mobile adversaries that exceeds the passive honest-majority barrier by combining additive secret decomposition, increasing-degree polynomial shares, homomorphic commitments, refresh, and recovery.

Problem, priority claim, thresholds, and communication
  1. scope System and security model explicitly scoped

    Security is defined per epoch for n synchronized parties connected by authenticated broadcast and pairwise secure authenticated channels, with periodic refresh, secure deletion of old shares, and optional recovery after reboot or share loss.

    Synchronous network, channels, epochs, deletion, and recovery PSS syntax, correctness, secrecy, robustness, refresh, and recovery
    1. threat model

      Mixed mobile adversary

      defined

      A polynomial-time adversary passively reads the state of P* and may actively control A* subseteq P*. Correctness, secrecy, and robustness are parameterized by separate multi-threshold sets rather than by one undifferentiated corruption bound.

      Polynomial-time mixed mobile adversary and multi-threshold security
  2. method Dishonest-majority PSS construction formally specified

    The four protocols manipulate a vector of additive summands shared by polynomials whose degree profile is chosen to balance secrecy against the number of active faults and simultaneously recovering parties.

    Additive-summand blueprint and recovery-dependent degree choices DM-Share and DM-Reconstruct DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas
    1. protocol

      DM-Share and DM-Reconstruct

      specified

      DM-Share commits to and distributes the increasing-degree sharings; DM-Reconstruct opens enough evaluations to recover each additive summand and sums the reconstructed summands to recover s.

      DM-Share and DM-Reconstruct
  3. claim group Principal guarantees proved in paper

    The paper separates correctness, secrecy, robustness, termination, and communication statements and conditions each one on explicit passive, active, degree, and recovery parameters.

    Polynomial-time mixed mobile adversary and multi-threshold security DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas
  4. evidence group Evidence chain formal paper analysis

    Evidence consists of explicit syntax and adversary definitions, four concrete protocols, homomorphic-commitment checks, interpolation arguments, and eight proof lemmas. The proofs were read but not mechanically checked or independently reproduced for this map.

    PSS syntax, correctness, secrecy, robustness, refresh, and recovery DM-Refresh and its termination, correctness, secrecy, and robustness lemmas DM-Recover and its termination, correctness, secrecy, and robustness lemmas
  5. limitation group Boundaries and open problems material

    Active security is non-robust, recovery consumes resilience, security depends on computational commitments and secure erasure, the network is synchronous, and the fully specified batched protocols are deferred beyond the represented version.

    Synchronous network, channels, epochs, deletion, and recovery Batched sharing, homomorphic commitments, and Feldman-VSS assumption Batched communication reduction Conclusion, non-robust guarantees, communication, and asynchronous open problem

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, priority claim, thresholds, and communication Abstract and Section 1, PDF pages 1-3
  2. Why conventional polynomial PSS fails under a passive majority Section 2, PDF pages 3-4
  3. Synchronous network, channels, epochs, deletion, and recovery Section 3.1, PDF pages 4-5
  4. Polynomial-time mixed mobile adversary and multi-threshold security Section 3.2, PDF pages 5-6
  5. PSS syntax, correctness, secrecy, robustness, refresh, and recovery Section 3.3, PDF pages 6-7
  6. Batched sharing, homomorphic commitments, and Feldman-VSS assumption Section 3.4, PDF pages 7-8
  7. Additive-summand blueprint and recovery-dependent degree choices Sections 4.1-4.2, PDF pages 8-10
  8. DM-Share and DM-Reconstruct Section 4.3, PDF pages 10-12
  9. DM-Refresh and its termination, correctness, secrecy, and robustness lemmas Sections 4.4 and 4.6, PDF pages 12-16
  10. DM-Recover and its termination, correctness, secrecy, and robustness lemmas Sections 4.5 and 4.6, PDF pages 14-18
  11. Batched communication reduction Section 4.7, PDF page 18
  12. Conclusion, non-robust guarantees, communication, and asynchronous open problem Section 5, PDF page 19
  13. Official peer-reviewed publication record SCN 2016, pages 529-548, DOI 10.1007/978-3-319-44618-9_28
  14. Dated citation-count snapshot ResearchGate displayed 18 citations when accessed 2026-07-11