Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #61

Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities

Karim Eldefrawy, Tancrède Lepoint, and Antonin Leroux

2022 · 20th International Conference on Applied Cryptography and Network Security (ACNS)

  • Theory
  • protocol

What does the paper try to establish?

Can a full proactive MPC protocol evaluate arithmetic circuits efficiently when a mobile adversary may control a dishonest majority and the participant group changes between computation layers?

What is the proposed answer?

The paper extends batched bivariate proactive secret sharing with multi-dealer input sharing, addition, permutation, and a new no-precomputation multiplication pipeline. It proves conditional proactive security and fair reconstruction and reports O(n squared) amortized communication per secret for maximum-size batches.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The complete source defines the model, specifies all subprotocols, states exact thresholds and ideal functionalities, and supplies appendical proofs and a composition argument. It provides no implementation evidence.

Full PMPC security and fairness theorem Resharing, masking, product, verification, and Mult Multiplication security and communication Updated PSS proofs, multiplication proofs, permutation, and full composition
Auditability High

The complete IACR archive PDF and official DOI expose assumptions, protocols, and proofs. Archive anti-bot controls prevented recording local byte fixity, and no author-hosted copy is represented.

Problem, contributions, and headline thresholds Official ACNS publication identity
Production provenance Medium

Authorship, date, archive identity, venue, and DOI are documented; revision history, roles, tool use, and artifact lineage are not.

Official ACNS publication identity Problem, contributions, and headline thresholds
External scrutiny Medium

ACNS publication establishes venue review, but public reports, independent proof checks, and implementation review are unavailable.

Official ACNS publication identity
Reception Low

The dated exact-DOI OpenAlex record located 3 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts vary by index and date.

Dated citation-count snapshot
Contribution significance Medium

The work closes the full-MPC gap in its bivariate dishonest-majority line and reports a large asymptotic improvement, but priority and downstream impact remain to be independently assessed.

Problem, contributions, and headline thresholds Multi-dealer batched proactive sharing Resharing, masking, product, verification, and Mult

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities

A formal batched proactive MPC protocol for arithmetic circuits, dynamic groups, mobile mixed adversaries, and dishonest-majority thresholds.

Problem, contributions, and headline thresholds
  1. question

    Research question

    research question

    Can the efficient dynamic dishonest-majority PSS of paper #52 be extended to multiplication and full circuit evaluation without returning to quartic communication?

    Problem, contributions, and headline thresholds
  2. threat model Mobile mixed adversary defined

    A computationally bounded adversary adaptively chooses passive and active corruptions between predefined refresh phases and may eventually visit every party, while the within-phase multi-threshold remains satisfied.

    Mobile mixed adversary and cryptographic assumptions
  3. protocol Layered dynamic PMPC specified

    Inputs are batched and shared, then each arithmetic-circuit layer permutes operands, applies Add or Mult, redistributes shares for planned departures and arrivals, optionally refreshes, and finally reconstructs designated outputs.

    Eight-subprotocol dynamic PMPC
    1. protocol

      Multi-dealer batched Share

      specified

      Multiple input owners first Shamir-share their values and the parties combine those univariate sharings into a common bivariate batch, removing the earlier requirement that every batched secret originate from one dealer.

      Multi-dealer batched proactive sharing
    2. protocol Bivariate batched multiplication specified

      The protocol splits each batch into roughly square-root-sized univariate groups, creates bivariate zero masks, computes blinded cross-products with pairwise zero-knowledge multiplication, verifies random evaluations, and recombines product sharings.

      Bivariate multiplication overview Resharing, masking, product, verification, and Mult
      1. mechanism

        Commitment and random-evaluation checks

        cryptographically checked

        Homomorphic commitments check local algebra, Paillier-based ZK-Mult protects pairwise products, and a jointly sampled random evaluation detects malformed bivariate commitments except with the theorem's bounded probability.

        Mobile mixed adversary and cryptographic assumptions Resharing, masking, product, verification, and Mult Updated PSS proofs, multiplication proofs, permutation, and full composition
  4. claim group Main guarantees formally analyzed

    Theorems separately state multiplication security, full PMPC secrecy and correctness, conditional fairness, and amortized communication; the thresholds and ideal functionalities must be read together.

    Full PMPC security and fairness theorem Multiplication security and communication
  5. limitation group Boundaries material

    Membership changes are assumed planned before execution and occur between circuit layers; corruption sets change only during refresh; fairness holds only in its narrower region; the protocol assumes synchrony, secure channels, reset and erasure; and evidence is formal rather than implemented or benchmarked.

    Mobile mixed adversary and cryptographic assumptions Eight-subprotocol dynamic PMPC Scheduling, planned membership, fairness, and evidence boundaries
  6. scrutiny

    External scrutiny

    venue reviewed

    The work appeared at ACNS 2022. Public reviews, independent proof checking, and reproductions are not linked.

    Official ACNS publication identity

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, contributions, and headline thresholds Abstract and Section 1.1, PDF pages 1-3
  2. Bivariate multiplication overview Section 1.2, PDF pages 3-5
  3. Mobile mixed adversary and cryptographic assumptions Sections 2.1-2.3, PDF pages 5-8
  4. Multi-dealer batched proactive sharing Section 3 and Protocol 1, PDF pages 8-10
  5. Eight-subprotocol dynamic PMPC Section 4 and Protocol 2, PDF pages 10-13
  6. Full PMPC security and fairness theorem Theorem 1, PDF page 13, with proof in Appendix D, PDF pages 39-41
  7. Resharing, masking, product, verification, and Mult Sections 5.1-5.5 and Protocols 3-7, PDF pages 13-20
  8. Multiplication security and communication Theorem 2, PDF page 20
  9. Updated PSS proofs, multiplication proofs, permutation, and full composition Appendices A-E, PDF pages 21-44
  10. Scheduling, planned membership, fairness, and evidence boundaries Sections 2.1 and 4 and Appendix D, PDF pages 5-6, 10-13, and 39-41
  11. Official ACNS publication identity DOI 10.1007/978-3-031-09234-3_28
  12. Dated citation-count snapshot OpenAlex reported 3 citations when accessed 2026-07-11