Proactive secret sharing

Proactive secret sharing is an underlying technique in Proactive Security Protocols. It is a method to update distributed keys (shares) in a secret sharing scheme periodically such that an attacker has less time to compromise shares and as long as the attacker visits less than a threshold or a quorum group, the system remains secure. This contrasts to a non-proactive scheme where if the threshold number of shares are compromised during the lifetime of the secret, the secret is compromised. The model which takes time constraints into account was originally suggested as an extension of the notion of Byzantine fault tolerance where redundancy of sharing allows robustness into the time domain (periods) and was proposed by Rafail Ostrovsky and Moti Yung in 1991 in. The method has been used in the areas of cryptographic protocols in Secure multi-party computation and in Threshold cryptosystems. Proactive secret sharing is an underlying technique in Proactive Security Protocols. It is a method to update distributed keys (shares) in a secret sharing scheme periodically such that an attacker has less time to compromise shares and as long as the attacker visits less than a threshold or a quorum group, the system remains secure. This contrasts to a non-proactive scheme where if the threshold number of shares are compromised during the lifetime of the secret, the secret is compromised. The model which takes time constraints into account was originally suggested as an extension of the notion of Byzantine fault tolerance where redundancy of sharing allows robustness into the time domain (periods) and was proposed by Rafail Ostrovsky and Moti Yung in 1991 in. The method has been used in the areas of cryptographic protocols in Secure multi-party computation and in Threshold cryptosystems. If the players (holders of the shared secret) store their shares on insecure computer servers, an attacker could crack in and steal/learn the shares. Since it is not often practical to change the secret, the un-compromised (honest) (Shamir-style) shares should be updated in a way that they generate the same secret, yet the old shares are invalidated. There is also a need to recover shares of previously corrupted servers, and the community of honest server is needed to perform the recovery. This assures the longevity of the secure and recoverable sharing, or secure and correct secure computation protocols.If one needs to maintain sharing while changing the number of servers or the threshold, then proactive method with share recovery enables this, as was originally shown by Frankel and others. The ability of distributing the secret (codeword) and then recovering the distributed shares as the proactive secret sharing method does, was recognized as much needed in storage systems around 2010, and in reaction, coding theorists renamed the method, further refined it, and formalized is as `regenerating codes' and `locally recoverable codes.' This follows somewhat the work in.In order to update the shares, the dealers (i.e., the persons who gives out the shares; and in a distributed system it is all participants one at a time) generates a new random polynomial with constant term zero and calculates for each remaining player a new ordered pair, where the x-coordinates of the old and new pairs are the same. Each player then adds the old and new y-coordinates to each other and keeps the result as the new y-coordinate of the secret.