research-article

Public Access

CHURP: Dynamic-Committee Proactive Secret Sharing

Authors:

Sai Krishna Deepak Maram,

Dawn SongAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2369 - 2386

https://doi.org/10.1145/3319535.3363203

Published: 06 November 2019 Publication History

Abstract

We introduce CHURP (CHUrn-Robust Proactive secret sharing). CHURP enables secure secret-sharing in dynamic settings, where the committee of nodes storing a secret changes over time. Designed for blockchains, CHURP has lower communication complexity than previous schemes: $O(n)$ on-chain and $O(n^2)$ off-chain in the optimistic case of no node failures. CHURP includes several technical innovations: An efficient new proactivization scheme of independent interest, a technique (using asymmetric bivariate polynomials) for efficiently changing secret-sharing thresholds, and a hedge against setup failures in an efficient polynomial commitment scheme. We also introduce a general new technique for inexpensive off-chain communication across the peer-to-peer networks of permissionless blockchains. We formally prove the security of CHURP, report on an implementation, and present performance measurements.

Supplementary Material

WEBM File (p2369-maram.webm)

Download
140.65 MB

References

[1]

Yazin Akkawi. 21 Dec. 2017. Bitcoin's Most Pressing Issue Summarized in Two Letters: UX. Inc. ( 21 Dec. 2017).

[2]

Brian Armstrong. Feb. 25, 2018. Coinbase is not a wallet. https://blog.coinbase.com/coinbase-is-not-a-wallet-b5b9293ca0e7.

[3]

Avi Asayag, Gad Cohen, Ido Grayevsky, Maya Leshkowitz, Ori Rottenstreich, Ronen Tamari, and David Yakira. 2018. Helix: a scalable and fair consensus algorithm. Technical Report. Technical report, Orbs Research.

[4]

Michael Backes, Amit Datta, and Aniket Kate. 2013. Asynchronous computational VSS with reduced communication complexity. In CT-RSA. Springer.

[5]

Joshua Baron, Karim El Defrawy, Joshua Lampkins, and Rafail Ostrovsky. 2015. Communication-optimal proactive secret sharing for dynamic groups. In ACNS.

[6]

Mihir Bellare, Zvika Brakerski, Moni Naor, Thomas Ristenpart, Gil Segev, Hovav Shacham, and Scott Yilek. 2009. Hedged public-key encryption: How to protect against bad randomness. In ASIACRYPT. Springer, 232--249.

[7]

Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In ACM TOCS.

[8]

Joseph Bonneau, Jeremy Clark, and Steven Goldfeder. 2015. On Bitcoin as a public randomness source. IACR ePrint Archive, Vol. 2015 (2015), 1015.

[9]

Kevin D Bowers, Ari Juels, and Alina Oprea. 2009. HAIL: A high-availability and integrity layer for cloud storage. In 16th ACM CCS.

Digital Library

[10]

Christian Cachin, Klaus Kursawe, Anna Lysyanskaya, and Reto Strobl. 2002. Asynchronous verifiable secret sharing and proactive cryptosystems. In ACM CCS.

[11]

Miguel Castro and Barbara Liskov. 2002. Practical Byzantine fault tolerance and proactive recovery. ACM TOCS (2002).

[12]

Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah Johnson, Ari Juels, Andrew Miller, and Dawn Song. 2019. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. In 2019 IEEE EuroS&P.

[13]

Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers. 1997. A secure and optimally efficient multi-authority election scheme. ETT (1997).

[14]

Phil Daian, Rafael Pass, and Elaine Shi. 2016. Snow White: Provably Secure Proofs of Stake. Cryptology ePrint Archive, Report 2016/919.

[15]

Ivan Damgård, Yuval Ishai, Mikkel Krøigaard, Jesper Buus Nielsen, and Adam Smith. 2008. Scalable multiparty computation with nearly optimal work and resilience. In CRYPTO. Springer, 241--261.

[16]

Yvo Desmedt and Yair Frankel. 1991. Shared generation of authenticators and signatures. In CRYPTO.

[17]

Yvo Desmedt and Sushil Jajodia. 1997. Redistributing secret shares to new access structures and its applications. Technical Report.

[18]

Yvo Desmedt and Kirill Morozov. 2015. Parity check based redistribution of secret shares. In ISIT.

[19]

Shlomi Dolev, Juan Garay, Niv Gilboa, and Vladimir Kolesnikov. 2009. Swarming secrets.

[20]

Michael Egorov, MacLane Wilkison, and David Nu nez. 2017. Nucypher KMS: decentralized key management system. arXiv preprint arXiv:1707.06140 (2017).

[21]

Ethereum. [n.d.] a. Devp2p. https://github.com/ethereum/devp2p

[22]

Ethereum. [n.d.] b. Whisper. https://github.com/ethereum/wiki/wiki/Whisper

[23]

Paul Feldman. 1987. A practical scheme for non-interactive verifiable secret sharing. In FOCS.

[24]

Pesech Feldman and Silvio Micali. 1997. An optimal probabilistic protocol for synchronous Byzantine agreement. SIAM J. Comput. (1997).

[25]

Yair Frankel, Peter Gemmell, Philip D MacKenzie, and Moti Yung. 1997 a. Optimal-resilience proactive public-key cryptosystems. In FOCS.

[26]

Yair Frankel, Peter Gemmell, Philip D MacKenzie, and Moti Yung. 1997 b. Proactive rsa. In CRYPTO.

[27]

frontrun.me. [n.d.]. Visualizing Ethereum gas auctions. http://frontrun.me/.

[28]

Georg Fuchsbauer. 2018. Subversion-zero-knowledge SNARKs. In IACR International Workshop on Public Key Cryptography. Springer, 315--347.

[29]

Rosario Gennaro, Stanisław Jarecki, Hugo Krawczyk, and Tal Rabin. 1996. Robust threshold DSS signatures. In EUROCRYPT.

[30]

Rosario Gennaro, Stanisław Jarecki, Hugo Krawczyk, and Tal Rabin. 1999. Secure distributed key generation for discrete-log based cryptosystems. In EUROCRYPT.

[31]

Rosario Gennaro, Michael O Rabin, and Tal Rabin. [n.d.]. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography.

[32]

geth. [n.d.]. The maximum data size in a transaction is 32 KB. https://github.com/ethereum/go-ethereum/blob/6a33954731658667056466bf7573ed1c397f4750/core/tx_pool.go#L570.

[33]

Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. 2017. Algorand: Scaling Byzantine Agreements for Cryptocurrencies. In SOSP.

Digital Library

[34]

Jens Groth. 2010. Short pairing-based non-interactive zero-knowledge arguments. In ASIACRYPT.

[35]

Amir Herzberg. 2009. Folklore, practice and theory of robust combiners. Journal of Computer Security, Vol. 17, 2 (2009), 159--189.

[36]

Amir Herzberg, Markus Jakobsson, Stanislław Jarecki, Hugo Krawczyk, and Moti Yung. 1997. Proactive public key and signature systems. In ACM CCS.

[37]

Amir Herzberg, Stanisław Jarecki, Hugo Krawczyk, and Moti Yung. 1995. Proactive secret sharing or: How to cope with perpetual leakage. In CRYPTO.

[38]

Aniket Kate, Gregory M Zaverucha, and Ian Goldberg. 2010. Constant-size commitments to polynomials and their applications. In ASIACRYPT.

[39]

Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. 2017. Ouroboros: A provably secure proof-of-stake blockchain protocol. In CRYPTO.

[40]

Eleftherios Kokoris-Kogias, Enis Ceyhun Alp, Sandra Deepthy Siby, Nicolas Gailly, Linus Gasser, Philipp Jovanovic, Ewa Syta, and Bryan Ford. 2018. CALYPSO: Auditable Sharing of Private Data over Blockchains. Cryptology ePrint Archive.

[41]

A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. 2016. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. In IEEE S&P.

[42]

Haiyun Luo, Petros Zerfos, Jiejun Kong, Songwu Lu, and Lixia Zhang. 2002. Self-Securing Ad Hoc Wireless Networks. In ISCC.

[43]

Sai Krishna Deepak Maram, Fan Zhang, Lun Wang, Andrew Low, Yupeng Zhang, Ari Juels, and Dawn Song. 2019. CHURP: Dynamic-Committee Proactive Secret Sharing. https://eprint.iacr.org/2019/017.

[44]

Ventzislav Nikov and Svetla Nikova. 2004. On proactive secret sharing schemes. In International Workshop on Selected Areas in Cryptography.

Digital Library

[45]

John P. Njui. [n.d.]. Coinbase Custody Service Secures Major Institutional Investor Worth $20 Billion. Ethereum World News ( [n.,d.]).

[46]

Mehrdad Nojoumian and Douglas R Stinson. 2013. On dealer-free dynamic threshold schemes. Adv. in Math. of Comm. (2013).

[47]

Mehrdad Nojoumian, Douglas R Stinson, and Morgan Grainger. 2010. Unconditionally secure social secret sharing scheme. IET information security (2010).

[48]

Rafail Ostrovsky and Moti Yung. 1991. How to withstand mobile virus attacks. In ACM PODC.

[49]

Parity. [n.d.]. Transaction Queue. https://wiki.parity.io/Transactions-Queue.

[50]

Rafael Pass, Lior Seeman, and Abhi Shelat. 2017. Analysis of the blockchain protocol in asynchronous networks. In EUROCRYPT. Springer, 643--673.

[51]

Rafael Pass and Elaine Shi. 2018. Thunderella: Blockchains with Optimistic Instant Confirmation. In EUROCRYPT.

[52]

Torben Pryds Pedersen. 1991. Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO.

[53]

Bartosz Przydatek and Reto Strobl. 2004. Asynchronous proactive cryptosystems without agreement. In ASIACRYPT. Springer, 152--169.

[54]

Michael O Rabin. 1983. Randomized byzantine generals. In FOCS.

[55]

Tal Rabin. 1998. A simplified approach to threshold and proactive RSA. In CRYPTO.

[56]

Jeff John Roberts and Nicolas Rapp. 2017. Exclusive: Nearly 4 Million Bitcoins Lost Forever, New Study Says. http://fortune.com/2017/11/25/lost-bitcoins/

[57]

Nitesh Saxena, Gene Tsudik, and Jeong Hyun Yi. 2005. Efficient node admission for short-lived mobile ad hoc networks. In 13th ICNP.

[58]

Berry Schoenmakers, Meilof Veeningen, and Niels de Vreede. 2016. Trinocchio: privacy-preserving outsourcing by distributed verifiable computation. In ACNS.

[59]

David A Schultz, Barbara Liskov, and Moses Liskov. 2008. Mobile proactive secret sharing. In ACM PODC.

[60]

Adi Shamir. 1979. How to share a secret. Commun. ACM (1979).

[61]

Douglas R Stinson and Ruizhong Wei. 1999. Unconditionally secure proactive secret sharing scheme with combinatorial structures. In SAC.

[62]

Paul Syverson, R Dingledine, and N Mathewson. 2004. Tor: The secondgeneration onion router. In Usenix Security.

Digital Library

[63]

Tamir Tassa and Nira Dyn. 2009. Multipartite secret sharing by bivariate interpolation. Journal of Cryptology (2009).

[64]

Theodore M Wong, Chenxi Wang, and Jeannette M Wing. 2002. Verifiable secret redistribution for archive systems. In the 1st Security in Storage Workshop.

[65]

Fan Zhang, Philip Daian, Gabriel Kaptchuk, Iddo Bentov, Ian Miers, and Ari Juels. 2018. Paralysis Proofs: Secure Access-Structure Updates for Cryptocurrencies and More. Cryptology ePrint Archive, Report 2018/096.

[66]

Lidong Zhou, Fred B Schneider, and Robbert Van Renesse. 2005. APSS: Proactive secret sharing in asynchronous systems. ACM TISSEC (2005).

Digital Library

[67]

Guy Zyskind, Oz Nathan, et al. 2015. Decentralizing privacy: Using blockchain to protect personal data. In Security and Privacy Workshops.

Cited By

Kowalski VMostéfaoui APerrin MSengupta S(2025)Byzantine-Tolerant Privacy-Preserving Atomic RegisterProceedings of the 26th International Conference on Distributed Computing and Networking10.1145/3700838.3700867(201-210)Online publication date: 4-Jan-2025
https://dl.acm.org/doi/10.1145/3700838.3700867
Lu XHou YZou JLiu JLu X(2025)Supporting Self-Management Redactable Blockchain With Double-Auditability and Revocability for IoTIEEE Transactions on Network Science and Engineering10.1109/TNSE.2025.352903012:2(1383-1395)Online publication date: Mar-2025
https://doi.org/10.1109/TNSE.2025.3529030
Yang YChen YLiu ZTan CLuo Y(2025)Verifiable and Redactable Blockchain for Internet of Vehicles Data SharingIEEE Internet of Things Journal10.1109/JIOT.2024.348380912:4(4249-4261)Online publication date: 15-Feb-2025
https://doi.org/10.1109/JIOT.2024.3483809
Show More Cited By

Index Terms

CHURP: Dynamic-Committee Proactive Secret Sharing
1. Security and privacy
  1. Cryptography
    1. Key management
2. Theory of computation
  1. Computational complexity and cryptography
    1. Cryptographic protocols

Recommendations

Strong (n,t,n) verifiable secret sharing scheme

A (t,n) secret sharing divides a secret into n shares in such a way that any t or more than t shares can reconstruct the secret; but fewer than t shares cannot reconstruct the secret. In this paper, we extend the idea of a (t,n) secret sharing scheme ...
Fair secret reconstruction in (t, n) secret sharing

In Shamir's (t, n) threshold secret sharing scheme, one secret s is divided into n shares by a dealer and all shares are shared among n shareholders, such that knowing t or more than t shares can reconstruct this secret; but knowing fewer than t shares ...
An efficient verifiable (t,n)-threshold secret image sharing scheme with ultralight shares
Abstract
A secret sharing scheme partitions a secret into a set of shares and distributes them among the eligible participants, with each participant receiving one share of the secret. The sharing technique allows any qualified subset of participants to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

53
Total Citations
View Citations
2,304
Total Downloads

Downloads (Last 12 months)501
Downloads (Last 6 weeks)38

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kowalski VMostéfaoui APerrin MSengupta S(2025)Byzantine-Tolerant Privacy-Preserving Atomic RegisterProceedings of the 26th International Conference on Distributed Computing and Networking10.1145/3700838.3700867(201-210)Online publication date: 4-Jan-2025
https://dl.acm.org/doi/10.1145/3700838.3700867
Lu XHou YZou JLiu JLu X(2025)Supporting Self-Management Redactable Blockchain With Double-Auditability and Revocability for IoTIEEE Transactions on Network Science and Engineering10.1109/TNSE.2025.352903012:2(1383-1395)Online publication date: Mar-2025
https://doi.org/10.1109/TNSE.2025.3529030
Yang YChen YLiu ZTan CLuo Y(2025)Verifiable and Redactable Blockchain for Internet of Vehicles Data SharingIEEE Internet of Things Journal10.1109/JIOT.2024.348380912:4(4249-4261)Online publication date: 15-Feb-2025
https://doi.org/10.1109/JIOT.2024.3483809
Zhang ZHu BTian LZhou YLiu J(2025)Efficient dynamic-committee BFT consensus based on HotStuffPeer-to-Peer Networking and Applications10.1007/s12083-025-01934-918:3Online publication date: 3-Mar-2025
https://doi.org/10.1007/s12083-025-01934-9
Li YSoska KHuang ZBellemare SQuintyne-Collins MWang LLiu XSong DMiller AQuek TGao DZhou JCardenas A(2024)Ratel: MPC-extensions for Smart ContractsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3661142(336-352)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3661142
Guo YXi YWang HWang MWang CJia X(2024)FedEDB: Building a Federated and Encrypted Data Store via Consortium BlockchainsIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.334114936:11(6210-6224)Online publication date: Nov-2024
https://doi.org/10.1109/TKDE.2023.3341149
Wang WWang LDuan JTong XPeng H(2024)Redactable Blockchain Based on Decentralized Trapdoor Verifiable Delay FunctionsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.343191719(7492-7507)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3431917
Tian YLiu BLi YSzalachowski PZhou J(2024)Accountable Fine-Grained Blockchain Rewriting in the Permissionless SettingIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334091719(1756-1766)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3340917
Zhang YMa ZLuo SDuan P(2024)Dynamic Trust-Based Redactable Blockchain Supporting Update and TraceabilityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332637919(821-834)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3326379
Wang JPalanisamy B(2024)PR-TDR: Privacy-Preserving and Reliable Timed Data Release2024 43rd International Symposium on Reliable Distributed Systems (SRDS)10.1109/SRDS64841.2024.00021(115-125)Online publication date: 30-Sep-2024
https://doi.org/10.1109/SRDS64841.2024.00021
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten