Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #52

Communication-Efficient Proactive Secret Sharing for Dynamic Groups with Dishonest Majorities

Karim Eldefrawy, Tancrède Lepoint, and Antonin Leroux

2020 · 18th International Conference on Applied Cryptography and Network Security (ACNS)

  • Theory
  • protocol
  • scheme

What does the paper try to establish?

Can proactive secret sharing simultaneously tolerate a mobile dishonest majority, batch many secrets without a linear threshold loss, reduce communication, and redistribute shares as the participant set changes?

What is the proposed answer?

The paper builds a computationally secure dynamic proactive secret-sharing scheme from bivariate-polynomial batching, gradual reconstruction, and dedicated increase/decrease protocols. For batches of up to n minus 2 secrets it reports O(n squared) amortized communication per secret, while preserving mixed-adversary secrecy and fairness under explicitly stated thresholds.

Abstract

In standard Secret Sharing (SS), a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any t + 1 parties can efficiently recover s. Proactive Secret Sharing (PSS) retains confidentiality of s even when a mobile adversary corrupts all parties over the lifetime of the secret, but no more than a threshold t in each epoch (called a refresh period). Withstanding such adversaries has become of increasing importance with the emergence of settings where private (cryptographic) keys are secret shared and used to sign cryptocurrency transactions, among other applications. Feasibility of single-secret PSS for static groups with dishonest majorities was demonstrated but with a protocol that requires inefficient communication of O(n⁴). In this work, we improve over prior work in three directions: batching without incurring a linear loss in corruption threshold, communication efficiency, and handling dynamic groups. While each of properties we improve upon appeared independently in the context of PSS and in other previous work, handling them simultaneously (and efficiently) in a single scheme faces non-trivial challenges. Some PSS protocols can handle batching of ℓ ∼ n secrets, but all of them are for the honest majority setting. Techniques typically used to accomplish such batching decrease the tolerated corruption threshold bound by a linear factor in ℓ, effectively limiting the number of elements that can be batched with dishonest majority. We solve this problem by reducing the threshold decrease to √ℓ instead, allowing us to deal with the dishonest majority setting when ℓ ∼ n. This is accomplished based on new bivariate-polynomials-based techniques for sharing, and refreshing and recovering of shares, that allow batching of up to n − 2 secrets in our PSS. To tackle the efficiency bottleneck the constructed PSS protocol requires only O(n³/ℓ) communication for ℓ secrets, i.e., an amortized communication complexity of O(n²) when the maximum batch size is used. To handle dynamic groups we develop three new sub-protocols to deal with parties joining and leaving the group.

Provenance: Transcribed from the checked-in full-text PDF; mathematical symbols were normalized to plain Unicode, and only typography, discretionary hyphenation, and line-break artifacts were otherwise normalized.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The complete source gives formal definitions, protocol specifications, threshold statements, ideal functionalities, and full proofs. The rating reflects documented theoretical support, not an independent proof verification or empirical deployment test.

Static batched-PSS correctness, secrecy, and communication Ideal functionalities, simulators, and full proofs
Auditability High

A complete checked-in author copy with recorded page count and SHA-256, plus archive and DOI identities, makes assumptions and proof claims directly inspectable from this map.

Problem, contributions, and asymptotic comparison Official ACNS publication identity
Production provenance Medium

Authorship, venue, date, official identity, archive version, and author copy are documented; contributor roles, revision history, and tool use are not.

Official ACNS publication identity Problem, contributions, and asymptotic comparison
External scrutiny Medium

ACNS publication establishes venue review, while review reports, independent proof checking, and reproduction evidence are unavailable here.

Official ACNS publication identity
Reception Low

The dated OpenAlex record located 0 citations for the DOI-identified work. Under the author-defined corpus rule, 0 through 8 located citations is Low; counts are index- and date-dependent.

Dated citation-count snapshot
Contribution significance Medium

The source reports a quadratic amortized improvement and a new combination of dishonest-majority batching and dynamic groups, but priority and downstream impact have not been independently established by this map.

Problem, contributions, and asymptotic comparison Increase, Decrease, DecreaseCorrupt, and Redistribute

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Communication-Efficient Proactive Secret Sharing for Dynamic Groups with Dishonest Majorities

A formally analyzed dynamic PSS construction that batches secrets with bivariate polynomials, supports a mobile mixed adversary and changing membership, and reduces amortized communication relative to earlier dishonest-majority schemes.

Problem, contributions, and asymptotic comparison
  1. question

    Research question

    research question

    Can one combine dishonest-majority proactive security, large batches, fair reconstruction, efficient communication, and dynamic group membership in one secret-sharing scheme?

    Problem, contributions, and asymptotic comparison
  2. scope System and adversary model defined

    The parties operate synchronously over pairwise secure channels and authenticated broadcast. A polynomial-time mixed adversary may passively observe and actively control parties within each phase, and its corrupted set may move between refresh periods.

    Network, mixed adversary, and security properties
  3. method Batched bivariate proactive sharing specified

    A degree-d bivariate polynomial stores secrets at public diagonal points. A party holds a univariate slice, enabling the batch to be refreshed, recovered, reconstructed, and redistributed without exposing the embedded secrets.

    Batched and dynamic proactive secret-sharing definitions Bivariate Share, Recover, Reconstruct, and Refresh
    1. protocol

      Share, Recover, Reconstruct, and Refresh

      specified

      Share distributes polynomial slices; Recover replaces a missing slice with blinded assistance; Reconstruct builds a gradual ladder for fair release; and Refresh adds a zero-encoding random bivariate sharing to rerandomize state.

      Bivariate Share, Recover, Reconstruct, and Refresh
    2. protocol

      Dynamic membership protocols

      specified

      Increase and Decrease adjust the sharing degree as parties join or cooperate in leaving, while DecreaseCorrupt handles one non-participating failed or corrupted departure; Redistribute composes these operations for group changes.

      Increase, Decrease, DecreaseCorrupt, and Redistribute
  4. claim group Main stated guarantees formally analyzed

    Theorems establish static and dynamic PSS correctness and secrecy under stated mixed-adversary thresholds, together with fairness and amortized communication results.

    Static batched-PSS correctness, secrecy, and communication Increase, Decrease, DecreaseCorrupt, and Redistribute
  5. limitation group Boundaries and costs material

    The construction is synchronous and computational, assumes secure channels and authenticated broadcast, loses threshold as the batch grows, is not robust against a general active dishonest majority, and offers asymptotic analysis rather than an implementation or deployment evaluation.

    Network, mixed adversary, and security properties Commitments and bivariate-polynomial assumptions Robustness, threshold, batching, and synchrony boundaries
    1. limitation

      Departure constraints

      explicitly scoped

      Cooperative Decrease requires leaving parties to participate, while DecreaseCorrupt handles only one non-participating departure at a time; broader churn behavior is not established by that subprotocol.

      Increase, Decrease, DecreaseCorrupt, and Redistribute
  6. scrutiny

    External scrutiny

    venue reviewed

    The work appeared at ACNS 2020. Review reports, rebuttal material, independent proof audits, and implementations are not represented in the available record.

    Official ACNS publication identity

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, contributions, and asymptotic comparison Abstract and Sections 1.2-1.4, PDF pages 1-7
  2. Network, mixed adversary, and security properties Sections 2.1-2.3, PDF pages 7-10
  3. Commitments and bivariate-polynomial assumptions Sections 2.4-2.5, PDF pages 10-11
  4. Batched and dynamic proactive secret-sharing definitions Section 3, PDF pages 11-14
  5. Bivariate Share, Recover, Reconstruct, and Refresh Sections 4.1-4.4, PDF pages 14-20
  6. Static batched-PSS correctness, secrecy, and communication Theorems 1-2 and Remarks 2 and 6, PDF pages 15-20
  7. Increase, Decrease, DecreaseCorrupt, and Redistribute Section 5 and Theorem 3, PDF pages 20-26
  8. Ideal functionalities, simulators, and full proofs Supplementary Material, Appendices A-D, PDF pages 29-52
  9. Robustness, threshold, batching, and synchrony boundaries Sections 1.3, 2.2, 4.4, 5.4, and related-work comparison, PDF pages 5-10, 19-26, and 52-53
  10. Official ACNS publication identity DOI 10.1007/978-3-030-57808-4_1
  11. Dated citation-count snapshot OpenAlex reported 0 citations when accessed 2026-07-11