Scientific knowledge map · Paper #61
Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities
2022 · 20th International Conference on Applied Cryptography and Network Security (ACNS)
- Theory
- protocol
Research question
What does the paper try to establish?
Can a full proactive MPC protocol evaluate arithmetic circuits efficiently when a mobile adversary may control a dishonest majority and the participant group changes between computation layers?
Central answer
What is the proposed answer?
The paper extends batched bivariate proactive secret sharing with multi-dealer input sharing, addition, permutation, and a new no-precomputation multiplication pipeline. It proves conditional proactive security and fair reconstruction and reports O(n squared) amortized communication per secret for maximum-size batches.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence High
-
The complete source defines the model, specifies all subprotocols, states exact thresholds and ideal functionalities, and supplies appendical proofs and a composition argument. It provides no implementation evidence.
Full PMPC security and fairness theorem Resharing, masking, product, verification, and Mult Multiplication security and communication Updated PSS proofs, multiplication proofs, permutation, and full composition - Auditability High
-
The complete IACR archive PDF and official DOI expose assumptions, protocols, and proofs. Archive anti-bot controls prevented recording local byte fixity, and no author-hosted copy is represented.
Problem, contributions, and headline thresholds Official ACNS publication identity - Production provenance Medium
-
Authorship, date, archive identity, venue, and DOI are documented; revision history, roles, tool use, and artifact lineage are not.
Official ACNS publication identity Problem, contributions, and headline thresholds - External scrutiny Medium
-
ACNS publication establishes venue review, but public reports, independent proof checks, and implementation review are unavailable.
Official ACNS publication identity - Reception Low
-
The dated exact-DOI OpenAlex record located 3 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts vary by index and date.
Dated citation-count snapshot - Contribution significance Medium
-
The work closes the full-MPC gap in its bivariate dishonest-majority line and reports a large asymptotic improvement, but priority and downstream impact remain to be independently assessed.
Problem, contributions, and headline thresholds Multi-dealer batched proactive sharing Resharing, masking, product, verification, and Mult
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities
A formal batched proactive MPC protocol for arithmetic circuits, dynamic groups, mobile mixed adversaries, and dishonest-majority thresholds.
Problem, contributions, and headline thresholds-
question Research question
research questionCan the efficient dynamic dishonest-majority PSS of paper #52 be extended to multiplication and full circuit evaluation without returning to quartic communication?
Problem, contributions, and headline thresholds -
contribution Central answer
theorem supportedAdd a multi-dealer Share, local Add, batched Permute, and a new verified bivariate multiplication pipeline to the existing refresh, recover, redistribute, and reconstruct protocols.
Multi-dealer batched proactive sharing Eight-subprotocol dynamic PMPC Resharing, masking, product, verification, and Mult -
threat model Mobile mixed adversary defined
A computationally bounded adversary adaptively chooses passive and active corruptions between predefined refresh phases and may eventually visit every party, while the within-phase multi-threshold remains satisfied.
Mobile mixed adversary and cryptographic assumptions-
assumption Network, reset, and cryptographic assumptions
assumedParties use synchronous pairwise secure channels and authenticated broadcast, reset parties return to a pristine state, old shares are not retained, and proofs rely on DDH-based homomorphic commitments plus Paillier and zero-knowledge multiplication components.
Mobile mixed adversary and cryptographic assumptions Resharing, masking, product, verification, and Mult
-
-
protocol Layered dynamic PMPC specified
Inputs are batched and shared, then each arithmetic-circuit layer permutes operands, applies Add or Mult, redistributes shares for planned departures and arrivals, optionally refreshes, and finally reconstructs designated outputs.
Eight-subprotocol dynamic PMPC-
protocol Proactive and dynamic maintenance
reused and adaptedRefresh rerandomizes current batches, Recover restores reset parties, Redistribute changes membership, and gradual Reconstruct releases outputs fairly within a separate threshold region.
Eight-subprotocol dynamic PMPC Updated PSS proofs, multiplication proofs, permutation, and full composition -
protocol Bivariate batched multiplication specified
The protocol splits each batch into roughly square-root-sized univariate groups, creates bivariate zero masks, computes blinded cross-products with pairwise zero-knowledge multiplication, verifies random evaluations, and recombines product sharings.
Bivariate multiplication overview Resharing, masking, product, verification, and Mult-
mechanism
Commitment and random-evaluation checks
cryptographically checkedHomomorphic commitments check local algebra, Paillier-based ZK-Mult protects pairwise products, and a jointly sampled random evaluation detects malformed bivariate commitments except with the theorem's bounded probability.
Mobile mixed adversary and cryptographic assumptions Resharing, masking, product, verification, and Mult Updated PSS proofs, multiplication proofs, permutation, and full composition
-
mechanism
-
-
claim group Main guarantees formally analyzed
Theorems separately state multiplication security, full PMPC secrecy and correctness, conditional fairness, and amortized communication; the thresholds and ideal functionalities must be read together.
Full PMPC security and fairness theorem Multiplication security and communication-
claim Quadratic amortized communication
asymptotic theoremFor batches of size n minus 2, the complete PMPC reports O(n squared) amortized communication per secret; the new multiplication and permutation procedures report O(n times square root of n) amortized communication.
Problem, contributions, and headline thresholds Multiplication security and communication Updated PSS proofs, multiplication proofs, permutation, and full composition -
claim Dishonest-majority proactive security
proved under modelUnder DDH and the formal model, Theorem 1 gives a secrecy and correctness region with a square-root batch-size loss from n minus 3, plus a distinct mixed active/passive threshold for fair reconstruction.
Full PMPC security and fairness theorem Updated PSS proofs, multiplication proofs, permutation, and full composition -
claim No-precomputation multiplication
proved under modelTheorem 2 realizes the multiplication ideal functionality for batches within the degree bound and a square-root-loss corruption threshold, without a preprocessing phase.
Multiplication security and communication Updated PSS proofs, multiplication proofs, permutation, and full composition
-
-
evidence group Formal evidence
proof documentedThe source contains detailed pseudocode, commitment checks, ideal functionalities, subprotocol simulators, permutation constructions, and an appendical composition argument. This map audits their presence, not every proof step independently.
Resharing, masking, product, verification, and Mult Updated PSS proofs, multiplication proofs, permutation, and full composition -
limitation group Boundaries material
Membership changes are assumed planned before execution and occur between circuit layers; corruption sets change only during refresh; fairness holds only in its narrower region; the protocol assumes synchrony, secure channels, reset and erasure; and evidence is formal rather than implemented or benchmarked.
Mobile mixed adversary and cryptographic assumptions Eight-subprotocol dynamic PMPC Scheduling, planned membership, fairness, and evidence boundaries-
limitation Refresh frequency is a policy input
deployment tradeoffMore frequent refresh permits the adversary less time within a corruption set but costs more communication; the protocol accepts a set of refresh layers rather than deriving an operational schedule.
Eight-subprotocol dynamic PMPC Scheduling, planned membership, fairness, and evidence boundaries
-
-
artifact group Publication resources
full text availableThe complete IACR ePrint exposes all proofs and the DOI fixes the ACNS identity. No public implementation artifact or local byte copy is represented in this map.
Problem, contributions, and headline thresholds Official ACNS publication identity -
scrutiny External scrutiny
venue reviewedThe work appeared at ACNS 2022. Public reviews, independent proof checking, and reproductions are not linked.
Official ACNS publication identity -
lineage Builds full PMPC on paper
documentedThe paper reuses the dynamic bivariate PSS from paper #52, adapts its proof to multi-dealer batches, and adds the missing arithmetic-circuit multiplication and permutation layers.
Problem, contributions, and headline thresholds Multi-dealer batched proactive sharing Resharing, masking, product, verification, and Mult
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Problem, contributions, and headline thresholds Abstract and Section 1.1, PDF pages 1-3
- Bivariate multiplication overview Section 1.2, PDF pages 3-5
- Mobile mixed adversary and cryptographic assumptions Sections 2.1-2.3, PDF pages 5-8
- Eight-subprotocol dynamic PMPC Section 4 and Protocol 2, PDF pages 10-13
- Full PMPC security and fairness theorem Theorem 1, PDF page 13, with proof in Appendix D, PDF pages 39-41
- Resharing, masking, product, verification, and Mult Sections 5.1-5.5 and Protocols 3-7, PDF pages 13-20
- Multiplication security and communication Theorem 2, PDF page 20
- Updated PSS proofs, multiplication proofs, permutation, and full composition Appendices A-E, PDF pages 21-44
- Scheduling, planned membership, fairness, and evidence boundaries Sections 2.1 and 4 and Appendix D, PDF pages 5-6, 10-13, and 39-41
- Official ACNS publication identity DOI 10.1007/978-3-031-09234-3_28
- Dated citation-count snapshot OpenAlex reported 3 citations when accessed 2026-07-11