Scientific knowledge map · Paper #45
Theoretical Foundations for Mobile Target Defense: Proactive Secret Sharing and Secure Multiparty Computation
2018 · From Database to Cyber Security
- Theory
- protocol
- scheme
Research question
What does the paper try to establish?
How can moving-target defense in distributed storage and computation be given cryptographic confidentiality and correctness foundations rather than relying only on heuristic relocation or diversity?
Central answer
What is the proposed answer?
The chapter presents proactive secret sharing and proactive MPC as a cryptographic realization of moving-target defense: periodic share refresh and node recovery replace a lifetime corruption threshold with a per-period penetration-rate bound. Its exposed abstract illustrates the thesis with the dishonest-majority PSS scheme and its separate passive, active, and mixed thresholds.
Full paper abstract
Abstract
One option to instantiate Mobile Target Defense (MTD) [JGS+11] strategies in distributed storage and computing systems is to design such systems from the ground up using cryptographic techniques such as secret sharing (SS) and secure multiparty computation (MPC). In standard SS a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any t + 1 parties can efficiently recover s. MPC protocols based on secret sharing allow one to perform computations on such secret shared data without requiring reconstructing the data at a central location. MPC thus enables a set of distrusting parties to perform computation on their secret shared data while guaranteeing secrecy of their inputs and outputs, and correctness of the computation, also as long as no more than t parties are corrupted. Over a long period of time all parties may be corrupted and the threshold t may be violated, which is accounted for in proactively secure protocols such as Proactive Secret Sharing (PSS) and Proactive MPC (PMPC). Proactive security is an example of a cryptographically grounded and theoretically well-studied approach to realize MTD. PSS retains confidentiality even when a mobile adversary corrupts all parties over the lifetime of the secret, but no more than a threshold t during a certain window of time, called the refresh period. As an example of a proactively secure protocol that realizes an MTD strategy we overview the first PSS scheme secure in the presence of a dishonest majority (developed recently in [DEL+16]). The PSS scheme is robust and secure against t < n − 2 passive adversaries when there are no active corruptions, and secure but non-robust (but with identifiable aborts) against t < n/2 − 1 active adversaries when there are no additional passive corruptions. The scheme is also secure (with identifiable aborts) against mixed adversaries controlling a combination of passively and actively corrupted parties such that if there are k active corruptions there are less than n − k − 2 total corruptions.
Provenance: Transcribed from the public author-uploaded full text; display typography and line-break artifacts were normalized, and the author-version bibliography keys were retained. Local file fixity has not been recorded.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence Medium
-
The official abstract clearly exposes the conceptual mapping and example thresholds, and the predecessor construction is inspectable, but the chapter body was not available.
MTD framing, PSS/PMPC thesis, and example thresholds Predecessor PSS model and construction blueprint - Auditability High
-
The resource record includes a public author-uploaded full-text route in addition to the official DOI, which satisfies the site's author-copy rule for High auditability. The route was blocked to this audit client, so source_scope remains bounded and no body-level claim is treated as inspected.
Author upload, chapter metadata, and public full-text indication Official book-chapter identity - Production provenance Medium
-
Authorship, title, edited volume, DOI, date, and author-upload provenance are documented; roles, revisions, and manuscript fixity are not.
Author upload, chapter metadata, and public full-text indication Official book-chapter identity - External scrutiny Medium
-
Springer edited-volume publication establishes editorial scrutiny, but review reports and independent technical evaluation were not located.
Official book-chapter identity - Reception Low
-
OpenAlex reported 1 citation on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.
Dated citation-count snapshot - Contribution significance Medium
-
The chapter articulates a useful formal bridge between MTD and proactive cryptography, but its detailed novelty and influence cannot be fully evaluated from the abstract alone.
MTD framing, PSS/PMPC thesis, and example thresholds
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Cryptographic foundations for moving-target defense
A theory chapter connecting periodic cryptographic rerandomization and recovery to the moving-target-defense objective, with dishonest-majority PSS as its exposed example.
MTD framing, PSS/PMPC thesis, and example thresholds-
question Research question
research questionCan changing a distributed system's cryptographic representation over time ensure that a persistent mobile attacker never accumulates a usable global view?
MTD framing, PSS/PMPC thesis, and example thresholds -
contribution Central synthesis
abstract asserted synthesisProactive refresh replaces a fixed lifetime corruption bound by a rate condition: old shares are rerandomized and erased before the attacker crosses the within-period threshold.
MTD framing, PSS/PMPC thesis, and example thresholds Predecessor PSS model and construction blueprint -
definition Cryptographic moving-target defense
conceptual mappingThe target that moves is the representation of long-lived secrets and computation state, not necessarily the physical host, address, or software image.
MTD framing, PSS/PMPC thesis, and example thresholds -
threat model Mobile adversary
abstract definedThe adversary may eventually compromise every party, but security requires its corruption set to stay within the appropriate threshold during each refresh period while repaired parties return clean.
MTD framing, PSS/PMPC thesis, and example thresholds Predecessor PSS model and construction blueprint -
method PSS and PMPC foundations survey and synthesis
PSS preserves distributed secrets by refresh and recovery; MPC evaluates functions on shares; PMPC composes these ideas so long-running private computation tolerates a moving corruption set.
MTD framing, PSS/PMPC thesis, and example thresholds-
scheme Dishonest-majority PSS example
predecessor source inspectedThe cited example encodes a secret as additive summands shared by increasing-degree polynomials, with share, reconstruct, refresh, and recovery protocols.
Predecessor PSS model and construction blueprint
-
-
claim group Example resilience profile exposed abstract and predecessor
The example separates robust passive resilience from non-robust active and mixed security with identifiable abort; a single scalar threshold would misstate the result.
MTD framing, PSS/PMPC thesis, and example thresholds Example scheme thresholds, communication, and open problems-
claim Rate-based security interpretation
conceptualProactive security constrains attacker penetration relative to refresh and repair speed, even when the adversary's lifetime union of corruptions contains all parties.
MTD framing, PSS/PMPC thesis, and example thresholds -
claim Dishonest-majority example thresholds
abstract assertedThe abstract states robust passive security near n parties, non-robust active security below half, and a mixed active/total tradeoff; exact inequalities must be checked against the chapter body.
MTD framing, PSS/PMPC thesis, and example thresholds
-
-
evidence group Evidence boundary
boundedThe chapter's central framing and example are visible in its abstract, and the predecessor brief exposes the example construction; the chapter's full exposition, comparisons, and any PMPC development were not audited.
MTD framing, PSS/PMPC thesis, and example thresholds Predecessor PSS model and construction blueprint -
limitation group Model and audit boundaries
materialProactive guarantees require periods, repair, secure deletion, and channel/setup assumptions; the example's active mode can abort. The inaccessible chapter prevents certification of its full assumption set and open-problem analysis.
Predecessor PSS model and construction blueprint Example scheme thresholds, communication, and open problems Author upload, chapter metadata, and public full-text indication -
artifact group Publication resources
partialOfficial and author-uploaded landing pages plus a public predecessor brief are available; no locally fixed chapter PDF, code, dataset, or proof artifact was obtained.
Author upload, chapter metadata, and public full-text indication Official book-chapter identity -
scrutiny External scrutiny
edited book chapterPublication in an edited Springer volume provides editorial exposure, but the review process, reports, and independent validation are not represented.
Official book-chapter identity -
lineage Position in the proactive-security line
documentedThe chapter synthesizes the PSS construction represented by papers
MTD framing, PSS/PMPC thesis, and example thresholds Predecessor PSS model and construction blueprint
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- MTD framing, PSS/PMPC thesis, and example thresholds Springer chapter abstract, accessed 2026-07-11
- Predecessor PSS model and construction blueprint Sections 2-3, PDF pages 1-3
- Example scheme thresholds, communication, and open problems Abstract and Section 4, PDF pages 1 and 3
- Official book-chapter identity From Database to Cyber Security, DOI 10.1007/978-3-030-04834-1_23
- Dated citation-count snapshot OpenAlex reported 1 citing work on 2026-07-11