Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #45

Theoretical Foundations for Mobile Target Defense: Proactive Secret Sharing and Secure Multiparty Computation

Karim Eldefrawy, Rafail Ostrovsky, and Moti Yung

2018 · From Database to Cyber Security

  • Theory
  • protocol
  • scheme

What does the paper try to establish?

How can moving-target defense in distributed storage and computation be given cryptographic confidentiality and correctness foundations rather than relying only on heuristic relocation or diversity?

What is the proposed answer?

The chapter presents proactive secret sharing and proactive MPC as a cryptographic realization of moving-target defense: periodic share refresh and node recovery replace a lifetime corruption threshold with a per-period penetration-rate bound. Its exposed abstract illustrates the thesis with the dishonest-majority PSS scheme and its separate passive, active, and mixed thresholds.

Abstract

One option to instantiate Mobile Target Defense (MTD) [JGS+11] strategies in distributed storage and computing systems is to design such systems from the ground up using cryptographic techniques such as secret sharing (SS) and secure multiparty computation (MPC). In standard SS a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any t + 1 parties can efficiently recover s. MPC protocols based on secret sharing allow one to perform computations on such secret shared data without requiring reconstructing the data at a central location. MPC thus enables a set of distrusting parties to perform computation on their secret shared data while guaranteeing secrecy of their inputs and outputs, and correctness of the computation, also as long as no more than t parties are corrupted. Over a long period of time all parties may be corrupted and the threshold t may be violated, which is accounted for in proactively secure protocols such as Proactive Secret Sharing (PSS) and Proactive MPC (PMPC). Proactive security is an example of a cryptographically grounded and theoretically well-studied approach to realize MTD. PSS retains confidentiality even when a mobile adversary corrupts all parties over the lifetime of the secret, but no more than a threshold t during a certain window of time, called the refresh period. As an example of a proactively secure protocol that realizes an MTD strategy we overview the first PSS scheme secure in the presence of a dishonest majority (developed recently in [DEL+16]). The PSS scheme is robust and secure against t < n − 2 passive adversaries when there are no active corruptions, and secure but non-robust (but with identifiable aborts) against t < n/2 − 1 active adversaries when there are no additional passive corruptions. The scheme is also secure (with identifiable aborts) against mixed adversaries controlling a combination of passively and actively corrupted parties such that if there are k active corruptions there are less than n − k − 2 total corruptions.

Provenance: Transcribed from the public author-uploaded full text; display typography and line-break artifacts were normalized, and the author-version bibliography keys were retained. Local file fixity has not been recorded.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence Medium

The official abstract clearly exposes the conceptual mapping and example thresholds, and the predecessor construction is inspectable, but the chapter body was not available.

MTD framing, PSS/PMPC thesis, and example thresholds Predecessor PSS model and construction blueprint
Auditability High

The resource record includes a public author-uploaded full-text route in addition to the official DOI, which satisfies the site's author-copy rule for High auditability. The route was blocked to this audit client, so source_scope remains bounded and no body-level claim is treated as inspected.

Author upload, chapter metadata, and public full-text indication Official book-chapter identity
Production provenance Medium

Authorship, title, edited volume, DOI, date, and author-upload provenance are documented; roles, revisions, and manuscript fixity are not.

Author upload, chapter metadata, and public full-text indication Official book-chapter identity
External scrutiny Medium

Springer edited-volume publication establishes editorial scrutiny, but review reports and independent technical evaluation were not located.

Official book-chapter identity
Reception Low

OpenAlex reported 1 citation on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.

Dated citation-count snapshot
Contribution significance Medium

The chapter articulates a useful formal bridge between MTD and proactive cryptography, but its detailed novelty and influence cannot be fully evaluated from the abstract alone.

MTD framing, PSS/PMPC thesis, and example thresholds

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Cryptographic foundations for moving-target defense

A theory chapter connecting periodic cryptographic rerandomization and recovery to the moving-target-defense objective, with dishonest-majority PSS as its exposed example.

MTD framing, PSS/PMPC thesis, and example thresholds
  1. definition

    Cryptographic moving-target defense

    conceptual mapping

    The target that moves is the representation of long-lived secrets and computation state, not necessarily the physical host, address, or software image.

    MTD framing, PSS/PMPC thesis, and example thresholds
  2. method PSS and PMPC foundations survey and synthesis

    PSS preserves distributed secrets by refresh and recovery; MPC evaluates functions on shares; PMPC composes these ideas so long-running private computation tolerates a moving corruption set.

    MTD framing, PSS/PMPC thesis, and example thresholds
    1. scheme

      Dishonest-majority PSS example

      predecessor source inspected

      The cited example encodes a secret as additive summands shared by increasing-degree polynomials, with share, reconstruct, refresh, and recovery protocols.

      Predecessor PSS model and construction blueprint
  3. claim group Example resilience profile exposed abstract and predecessor

    The example separates robust passive resilience from non-robust active and mixed security with identifiable abort; a single scalar threshold would misstate the result.

    MTD framing, PSS/PMPC thesis, and example thresholds Example scheme thresholds, communication, and open problems
    1. claim

      Rate-based security interpretation

      conceptual

      Proactive security constrains attacker penetration relative to refresh and repair speed, even when the adversary's lifetime union of corruptions contains all parties.

      MTD framing, PSS/PMPC thesis, and example thresholds
    2. claim

      Dishonest-majority example thresholds

      abstract asserted

      The abstract states robust passive security near n parties, non-robust active security below half, and a mixed active/total tradeoff; exact inequalities must be checked against the chapter body.

      MTD framing, PSS/PMPC thesis, and example thresholds
  4. scrutiny

    External scrutiny

    edited book chapter

    Publication in an edited Springer volume provides editorial exposure, but the review process, reports, and independent validation are not represented.

    Official book-chapter identity

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. MTD framing, PSS/PMPC thesis, and example thresholds Springer chapter abstract, accessed 2026-07-11
  2. Author upload, chapter metadata, and public full-text indication ResearchGate publication page, accessed 2026-07-11
  3. Predecessor PSS model and construction blueprint Sections 2-3, PDF pages 1-3
  4. Example scheme thresholds, communication, and open problems Abstract and Section 4, PDF pages 1 and 3
  5. Official book-chapter identity From Database to Cyber Security, DOI 10.1007/978-3-030-04834-1_23
  6. Dated citation-count snapshot OpenAlex reported 1 citing work on 2026-07-11