{"schema_version":"0.1","map_id":"paper-36-map","publication_id":36,"publication_anchor":"paper-36","slug":"paper-36","canonical_path":"/knowledge/papers/paper-36/","machine_path":"/knowledge/papers/paper-36.json","root_node_id":"paper-36","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","algorithm"],"title":"Brief Announcement: Secure Self-Stabilizing Computation","year":2017,"status":"Published · brief announcement","venue":"ACM Symposium on Principles of Distributed Computing (PODC)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Shlomi Dolev","Karim Eldefrawy","Juan Garay","Muni Venkateswarlu Kumaramangalam","Rafail Ostrovsky","Moti Yung"],"keywords":["self-stabilization","secure multiparty computation","Byzantine faults","finite-state machine","proactive recovery","secret sharing"],"research_question":"Can a continuously running distributed computation automatically recover not only functional consistency but also input, output, and state confidentiality and computational correctness after a temporary period in which every party may have been compromised?","central_answer":"The announcement defines secure self-stabilizing computation and sketches an FSM protocol that repeatedly establishes fresh keys, validates secret-shared state through MPC and error correction, resets invalid state to a default, and securely computes the next transition and output. Once independent recovery restores the required Byzantine threshold, the construction is intended to converge to consistent private computation and progressively erase the adversary's knowledge of current state.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text model and algorithm extraction, claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete three-page PODC brief announcement, including visual inspection of its abstract and algorithm pages. The map distinguishes the proposed definition and protocol composition from complete formal proofs or an implementation, neither of which appears in the brief.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Thresholds, recovery interpretation, and evidence ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-36-author-pdf","type":"author_hosted_copy","title":"Brief Announcement: Secure Self-Stabilizing Computation","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf","provenance_category":"author","retrieved_from":"https://web.cs.ucla.edu/~rafail/PUBLIC/204.pdf","media_type":"application/pdf","sha256":"bb6ef27496017f16e38ccc04feb10523d4b59ee3f97050d4942aeb4701ba0c73","page_count":3},{"id":"source-paper-36-official","type":"official_publication_record","title":"ACM PODC 2017 publication record","url":"https://doi.org/10.1145/3087801.3087864","provenance_category":"official"},{"id":"source-paper-36-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2737996187","url":"https://openalex.org/W2737996187","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-36-problem","source_id":"source-paper-36-author-pdf","label":"Secure self-stabilization problem and claimed direction","locator":"Abstract, PDF page 1","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=1"},{"id":"anchor-paper-36-system","source_id":"source-paper-36-author-pdf","label":"Parties, network, key setup, hardware, inputs, and clocks","locator":"Section 1, System and Network Model, PDF pages 1-2","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=1"},{"id":"anchor-paper-36-adversary","source_id":"source-paper-36-author-pdf","label":"Mixed mobile adversary and recovery assumptions","locator":"Section 1, Mixed Adversarial Model, PDF page 2","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=2"},{"id":"anchor-paper-36-definition","source_id":"source-paper-36-author-pdf","label":"Convergence, closure, MPC security, and secure self-stabilization","locator":"Section 2, PDF page 2","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=2"},{"id":"anchor-paper-36-construction","source_id":"source-paper-36-author-pdf","label":"Clock, key, VSS, state-validation, transition, and output pipeline","locator":"Section 3, PDF page 3","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=3"},{"id":"anchor-paper-36-algorithm","source_id":"source-paper-36-author-pdf","label":"Secure self-stabilizing FSM Algorithm 1","locator":"Algorithm 1, PDF page 3","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=3"},{"id":"anchor-paper-36-forgetting","source_id":"source-paper-36-author-pdf","label":"Post-convergence secrecy recovery under transition-graph conditions","locator":"Discussion following Algorithm 1, PDF page 3","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=3"},{"id":"anchor-paper-36-publication","source_id":"source-paper-36-official","label":"Official PODC publication identity","locator":"PODC 2017, pages 415-417, DOI 10.1145/3087801.3087864","url":"https://doi.org/10.1145/3087801.3087864"},{"id":"anchor-paper-36-citations","source_id":"source-paper-36-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 5 citing works when accessed 2026-07-11","url":"https://openalex.org/W2737996187"}],"nodes":[{"id":"paper-36","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Brief Announcement: Secure Self-Stabilizing Computation","summary":"A three-page announcement that joins self-stabilizing distributed systems with secure MPC so a computation can recover confidentiality and correctness after total but temporary compromise.","source_anchor_ids":["anchor-paper-36-problem"]},{"id":"paper-36-question","kind":"question","parent_id":"paper-36","order":1,"epistemic_status":"research_question","title":"Research question","summary":"After parties recover asynchronously from an arbitrary globally compromised state, can the system autonomously reestablish a coherent computation whose state, inputs, and outputs are again private and whose transitions are correct?","source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-definition"]},{"id":"paper-36-answer","kind":"contribution","parent_id":"paper-36","order":2,"epistemic_status":"source_asserted","title":"Secure self-stabilizing computation","summary":"The paper proposes convergence and closure for a secret-shared FSM together with recurring key renewal, state validation, default-state recovery, and secure transition evaluation once fewer than the tolerated Byzantine parties remain.","source_anchor_ids":["anchor-paper-36-definition","anchor-paper-36-construction"]},{"id":"paper-36-model","kind":"scope","parent_id":"paper-36","order":3,"epistemic_status":"defined","title":"Continuous distributed FSM model","summary":"n parties over a complete synchronous or semi-synchronous network continuously compute a public Mealy FSM on periodically supplied secret-shared inputs. Parties do not know their compromise history and maintain secret shares of FSM state and output.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-construction"]},{"id":"paper-36-model-setup","kind":"assumption","parent_id":"paper-36-model","order":1,"epistemic_status":"assumed","title":"Cryptographic and hardware setup","summary":"Every party has a true random number generator and tamper-resistant access to its private key and the configuration authority's public key; parties can authenticate fresh public keys, derive pairwise secure channels, and establish secure broadcast.","source_anchor_ids":["anchor-paper-36-system"]},{"id":"paper-36-model-clock","kind":"assumption","parent_id":"paper-36-model","order":2,"epistemic_status":"inherited_component","title":"Stabilizing time base","summary":"A self-stabilizing Byzantine clock-synchronization protocol supplies logical global pulses and common round numbers in the semi-synchronous setting; this clock is an assumed underlying service, not constructed in the announcement.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-construction"]},{"id":"paper-36-model-adversary","kind":"threat_model","parent_id":"paper-36-model","order":3,"epistemic_status":"defined","title":"Temporary total mixed compromise","summary":"A computationally bounded adversary may passively or actively corrupt any number of parties, including all n for a finite interval, but watchdog-driven recovery prevents indefinite control of every party and the adversary cannot immediately recapture a just-recovered party.","source_anchor_ids":["anchor-paper-36-adversary"]},{"id":"paper-36-definition-standard","kind":"definition","parent_id":"paper-36","order":4,"epistemic_status":"reviewed","title":"Standard self-stabilization","summary":"Convergence requires reaching some consistent legal configuration from any arbitrary configuration in finite rounds; closure requires remaining legal absent another unexpected fault.","source_anchor_ids":["anchor-paper-36-definition"]},{"id":"paper-36-definition-secure","kind":"definition","parent_id":"paper-36","order":5,"epistemic_status":"introduced","title":"Security recovery requirement","summary":"Secure self-stabilization extends functional convergence so that after enough parties recover and the MPC corruption threshold again holds, secrecy of computation state, inputs, and outputs and correctness of computation are automatically regained.","source_anchor_ids":["anchor-paper-36-definition"]},{"id":"paper-36-construction","kind":"protocol","parent_id":"paper-36","order":6,"epistemic_status":"specified_at_brief_level","title":"Secure FSM stabilization protocol","summary":"Each transition round refreshes communication keys, verifiably reshapes the state shares, securely checks that they encode a legitimate state, and evaluates public transition and output circuits using an existing MPC protocol.","source_anchor_ids":["anchor-paper-36-construction"]},{"id":"paper-36-construction-keys","kind":"protocol","parent_id":"paper-36-construction","order":1,"epistemic_status":"composed_from_primitives","title":"Fresh channel establishment","summary":"Parties generate fresh key pairs from local true randomness, use Byzantine agreement to agree on each public key, and derive fresh pairwise symmetric keys before processing the next FSM transition.","source_anchor_ids":["anchor-paper-36-construction"]},{"id":"paper-36-construction-state","kind":"algorithm","parent_id":"paper-36-construction","order":2,"epistemic_status":"specified","title":"State validation and reset","summary":"VSS supplies redundant state shares and an MPC evaluates an error-detection circuit such as Berlekamp-Welch to test polynomial degree and membership in the legal-state set. Invalid state is replaced by shares of public default state S0.","source_anchor_ids":["anchor-paper-36-construction","anchor-paper-36-algorithm"]},{"id":"paper-36-construction-transition","kind":"algorithm","parent_id":"paper-36-construction","order":3,"epistemic_status":"specified","title":"Private transition and output evaluation","summary":"On a valid state, MPC applies transition circuit T to the current state and new input and output circuit O to produce secret-shared next state and output; after reset, the same circuits run from S0.","source_anchor_ids":["anchor-paper-36-algorithm"]},{"id":"paper-36-claims","kind":"claim_group","parent_id":"paper-36","order":7,"epistemic_status":"source_asserted","title":"Stated recovery claims","summary":"The brief states conditional recovery rather than uninterrupted security: during total compromise all secrets may be exposed, and protection resumes only after the required party threshold and supporting services recover.","source_anchor_ids":["anchor-paper-36-definition","anchor-paper-36-forgetting"]},{"id":"paper-36-claim-convergence","kind":"claim","parent_id":"paper-36-claims","order":1,"epistemic_status":"construction_claim","title":"Consistency and security convergence","summary":"Once fewer than roughly one third of participants are Byzantine in the illustrated setting, state checking and secure transition evaluation are claimed to restore consistent state, correct computation, and confidentiality.","source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-algorithm"]},{"id":"paper-36-claim-forgetting","kind":"claim","parent_id":"paper-36-claims","order":2,"epistemic_status":"graph_conditional","title":"Loss of stale adversarial state knowledge","summary":"With unknown fresh inputs, a complete FSM transition graph makes every state possible to the adversary after the first post-convergence transition; an expander transition graph is stated to erase state knowledge after logarithmically many transitions.","source_anchor_ids":["anchor-paper-36-forgetting"]},{"id":"paper-36-evidence","kind":"evidence_group","parent_id":"paper-36","order":8,"epistemic_status":"bounded_by_brief_announcement","title":"Evidence and proof boundary","summary":"The announcement defines the setting, composes known cryptographic and stabilization components, and supplies Algorithm 1 and recovery intuition. It does not present a formal ideal functionality, simulator, theorem statement, full proof, implementation, or experiment.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-definition","anchor-paper-36-algorithm"]},{"id":"paper-36-evidence-mechanism","kind":"evidence","parent_id":"paper-36-evidence","order":1,"epistemic_status":"mechanism_inspected","title":"Mechanism-level support","summary":"Fresh randomness severs old channel-key exposure, error-correcting state checks remove malformed Byzantine shares, the default state restores legality, and post-recovery secret inputs drive the FSM away from previously known state.","source_anchor_ids":["anchor-paper-36-construction","anchor-paper-36-forgetting"]},{"id":"paper-36-boundaries","kind":"limitation_group","parent_id":"paper-36","order":9,"epistemic_status":"material","title":"Assumptions and limitations","summary":"Recovery depends on trustworthy local reset, TRNGs, secure hardware keys, clock stabilization, Byzantine agreement, VSS, and an MPC whose threshold has recovered. The protocol does not protect secrets already learned during total compromise or guarantee correct outputs before convergence.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-adversary","anchor-paper-36-definition"]},{"id":"paper-36-boundary-model","kind":"limitation","parent_id":"paper-36-boundaries","order":1,"epistemic_status":"unresolved_in_brief","title":"Formal and systems obligations","summary":"The three-page source does not analyze composability among all assumed services, recovery timing, adaptive re-corruption rates, output handling during unsafe rounds, implementation overhead, or failures of the hardware watchdog and configuration authority.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-algorithm"]},{"id":"paper-36-artifacts","kind":"artifact_group","parent_id":"paper-36","order":10,"epistemic_status":"publication_only","title":"Artifacts and resources","summary":"The complete brief announcement and official DOI are available. No extended proof, code, proof-assistant artifact, implementation, trace, or evaluation dataset is linked by the paper.","source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-publication"]},{"id":"paper-36-scrutiny","kind":"scrutiny","parent_id":"paper-36","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared as a PODC brief announcement. This gives venue exposure but not the evidentiary weight of a full-paper security proof, independently verified implementation, or public review record.","source_anchor_ids":["anchor-paper-36-publication"]}],"relations":[{"id":"paper-36-relation-answer-question","type":"addresses","from_id":"paper-36-answer","to_id":"paper-36-question"},{"id":"paper-36-relation-secure-standard","type":"extends","from_id":"paper-36-definition-secure","to_id":"paper-36-definition-standard"},{"id":"paper-36-relation-keys-construction","type":"component_of","from_id":"paper-36-construction-keys","to_id":"paper-36-construction"},{"id":"paper-36-relation-state-construction","type":"component_of","from_id":"paper-36-construction-state","to_id":"paper-36-construction"},{"id":"paper-36-relation-transition-construction","type":"component_of","from_id":"paper-36-construction-transition","to_id":"paper-36-construction"},{"id":"paper-36-relation-construction-convergence","type":"supports","from_id":"paper-36-construction","to_id":"paper-36-claim-convergence"},{"id":"paper-36-relation-mechanism-convergence","type":"supports","from_id":"paper-36-evidence-mechanism","to_id":"paper-36-claim-convergence"},{"id":"paper-36-relation-adversary-convergence","type":"qualifies","from_id":"paper-36-model-adversary","to_id":"paper-36-claim-convergence"},{"id":"paper-36-relation-forgetting-claim","type":"supports","from_id":"paper-36-construction-transition","to_id":"paper-36-claim-forgetting"},{"id":"paper-36-relation-boundaries-claims","type":"qualifies","from_id":"paper-36-boundaries","to_id":"paper-36-claims"}],"assessment":{"id":"paper-36-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete brief specifies the model, recovery concept, component pipeline, FSM algorithm, threshold example, and forgetting intuition. Its three pages do not include formal security definitions and proofs, an implementation, or experiments, so the evidence remains Medium.","basis_source_anchor_ids":["anchor-paper-36-definition","anchor-paper-36-construction","anchor-paper-36-algorithm"]},{"id":"auditability","level":"high","rationale":"A checked-in author copy with SHA-256, page count, and precise page anchors, plus the official DOI, makes every claim in the brief directly inspectable. No extended artifact was located.","basis_source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, funding acknowledgments, date, venue, DOI, and author copy are documented. Contributor roles, revision history, tool use, and any extended-version lineage have not been audited.","basis_source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"PODC publication establishes external venue scrutiny, but the item is a brief announcement and no review reports, rebuttal, independent proof audit, implementation, or reproduction were located.","basis_source_anchor_ids":["anchor-paper-36-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 5 citations on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low. The count is index- and date-dependent and is not evidence of correctness.","basis_source_anchor_ids":["anchor-paper-36-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The brief articulates a distinctive recovery target that combines confidentiality, correctness, and self-stabilization and supplies a concrete FSM composition. Priority, generality, and downstream adoption require a broader literature audit.","basis_source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-definition"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":5,"source_url":"https://openalex.org/W2737996187","signals":["OpenAlex reported 5 works citing the PODC brief announcement."],"limitation":"Citation counts vary by index and date; the generic OpenAlex display title for this DOI may reduce discoverability, and counts do not establish verification or adoption."}}
