Scientific knowledge map · Paper #44
Proactive Secure Multiparty Computation with a Dishonest Majority
2018 · 11th Conference on Security and Cryptography for Networks (SCN)
- Theory
- protocol
Research question
What does the paper try to establish?
Can proactive MPC retain privacy and correctness when a mobile adversary may passively observe a dishonest majority within a refresh period and eventually visit every party?
Central answer
What is the proposed answer?
The exposed primary abstract states a first feasibility construction: a PMPC protocol with near-all-party passive resilience, identifiable-abort security for bounded active faults, and a mixed-corruption tradeoff. The full protocol body and proofs could not be retrieved in this audit, so exact algorithms and proof dependencies remain unmapped rather than inferred.
Full paper abstract
Abstract
Secure multiparty computation (MPC) protocols enable n distrusting parties to perform computations on their private inputs while guaranteeing confidentiality of inputs (and outputs, if desired) and correctness of the computation, as long as no adversary corrupts more than a threshold t of the n parties. Existing MPC protocols assure perfect security for t ≤ ⌈n/2⌉ − 1 active corruptions with termination (i.e., robustness), or up to t = n − 1 under cryptographic assumptions (with detection of misbehaving parties). However, when computations involve secrets that have to remain confidential for a long time such as cryptographic keys, or when dealing with strong and persistent adversaries, such security guarantees are not enough. In these situations, all parties may be corrupted over the lifetime of the secrets used in the computation, and the threshold t may be violated over time (even as portions of the network are being repaired or cleaned up). Proactive MPC (PMPC) addresses this stronger threat model: it guarantees correctness and input privacy in the presence of a mobile adversary that controls a changing set of parties over the course of a protocol, and could corrupt all parties over the lifetime of the computation, as long as no more than t are corrupted in each time window (called a refresh period). The threshold t in PMPC represents a tradeoff between the adversary’s penetration rate and the cleaning speed of the defense tools (or rebooting of nodes from a clean image), rather than being an absolute bound on corruptions. Prior PMPC protocols only guarantee correctness and confidentiality in the presence of an honest majority of parties, an adversary that corrupts even a single additional party beyond the n/2 − 1 threshold, even if only passively and temporarily, can learn all the inputs and outputs; and if the corruption is active rather than passive, then the adversary can even compromise the correctness of the computation. In this paper, we present the first feasibility result for constructing a PMPC protocol secure against a dishonest majority. To this end, we develop a new PMPC protocol, robust and secure against t < n − 2 passive corruptions when there are no active corruptions, and secure but non-robust (but with identifiable aborts) against t < n/2 − 1 active corruptions when there are no passive corruptions. Moreover, our protocol is secure (with identifiable aborts) against mixed adversaries controlling, both, passively and actively corrupted parties, provided that if there are k active corruptions, there are less than n − k − 1 total corruptions.
Provenance: Transcribed from the public author-uploaded full text and cross-checked against the official Springer abstract; mathematical notation was normalized to plain Unicode and display line-break artifacts were removed. Local file fixity has not been recorded.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence Medium
-
The official abstract exposes a substantive construction and precise resilience claims, and a later primary source confirms the research lineage, but the protocol body and proofs were not available for audit.
Official abstract, stated thresholds, and feasibility claim Later primary-source description of dishonest-majority proactive sharing lineage - Auditability High
-
The resource record includes a public author-uploaded full-text route in addition to the official DOI, which satisfies the site's author-copy rule for High auditability. The route was blocked to this audit client, so source_scope remains bounded and no body-level claim is treated as inspected.
Author upload, venue metadata, and public full-text indication Official SCN publication identity - Production provenance Medium
-
Authors, venue, date, DOI, and author-upload provenance are documented; revision history, contributor roles, and manuscript fixity are not.
Author upload, venue metadata, and public full-text indication Official SCN publication identity - External scrutiny Medium
-
SCN publication establishes venue scrutiny, but public reviews, proof audits, and reproduction were not located.
Official SCN publication identity - Reception High
-
OpenAlex reported 12 citations on 2026-07-11; under the finalized rubric, 11 or more located citations is High.
Dated citation-count snapshot - Contribution significance Medium
-
The abstract claims a first feasibility result across an important resilience barrier, but priority and technical scope could not be fully assessed without the paper body.
Official abstract, stated thresholds, and feasibility claim
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Dishonest-majority proactive MPC
A published feasibility result for proactive MPC under separate passive, active, and mixed mobile-corruption bounds; this map is intentionally limited to exposed primary claims.
Official abstract, stated thresholds, and feasibility claim-
question Research question
research questionCan long-lived MPC withstand a mobile adversary whose accumulated corruptions eventually cover all parties and whose within-period passive view may exceed an honest majority?
Official abstract, stated thresholds, and feasibility claim -
contribution Central answer
abstract assertedThe abstract claims the first PMPC feasibility result for a dishonest-majority setting, with robustness only in the passive-only case and identifiable abort under active or mixed faults.
Official abstract, stated thresholds, and feasibility claim -
threat model Mobile refresh-period adversary
abstract definedCorrupted parties may change across refresh periods and all parties may be visited over the computation lifetime; security is conditioned on per-period passive and active thresholds.
Official abstract, stated thresholds, and feasibility claim -
definition Correctness, privacy, robustness, and identifiable abort
abstract levelThe exposed source distinguishes privacy/correctness security from guaranteed completion: active faults may be detected and attributed while still forcing abort.
Official abstract, stated thresholds, and feasibility claim -
protocol PMPC construction
published not body auditedA concrete PMPC protocol is claimed, but its share representation, refresh, recovery, gate evaluation, channels, cryptographic assumptions, and simulators cannot be responsibly reconstructed from the abstract alone.
Official abstract, stated thresholds, and feasibility claim Author upload, venue metadata, and public full-text indication -
claim group Exposed resilience claims abstract asserted
The abstract reports separate bounds rather than one universal corruption threshold.
Official abstract, stated thresholds, and feasibility claim-
claim Passive dishonest-majority case
abstract asserted proof unreadWith no active corruptions, the abstract states robust security for t < n - 2 passive corruptions per refresh period.
Official abstract, stated thresholds, and feasibility claim -
claim Active-only case
abstract asserted proof unreadWith no additional passive corruptions, the abstract states non-robust security with identifiable abort for t < n/2 - 1 active corruptions.
Official abstract, stated thresholds, and feasibility claim -
claim Mixed corruption case
abstract asserted proof unreadFor k active corruptions, the abstract states identifiable-abort security when total corruptions are fewer than n - k - 1; the full quantification and rounding conventions require body review.
Official abstract, stated thresholds, and feasibility claim
-
-
evidence group Evidence boundary
body unavailablePublication and abstract establish that a construction and proofs were presented, but this audit did not inspect protocol pseudocode, formal games, lemmas, reductions, or proof completeness.
Official abstract, stated thresholds, and feasibility claim Author upload, venue metadata, and public full-text indication -
limitation group Unresolved audit obligations
audit limitationExact network/setup assumptions, adaptive versus static corruption details, erasure model, computation class, communication cost, security assumptions, and theorem statements remain unknown from the accessible primary material.
Author upload, venue metadata, and public full-text indication -
artifact group Publication resources
inaccessible full text routeDOI and author-uploaded landing page are public, but no locally fixed full text, code, proof artifact, or independently accessible archive copy was obtained.
Author upload, venue metadata, and public full-text indication Official SCN publication identity -
scrutiny External scrutiny
venue reviewedSCN publication indicates venue review. Review reports, artifact evaluation, independent proof checking, and reproduction are not represented.
Official SCN publication identity -
lineage Later machine-checked lineage
documented by later primary sourcePaper
Later primary-source description of dishonest-majority proactive sharing lineage
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Official abstract, stated thresholds, and feasibility claim Springer chapter abstract, accessed 2026-07-11
- Later primary-source description of dishonest-majority proactive sharing lineage Sections 1.2-1.3, PDF pages 3-5
- Official SCN publication identity SCN 2018, DOI 10.1007/978-3-319-98113-0_11
- Dated citation-count snapshot OpenAlex reported 12 citing works on 2026-07-11