Lecture Notes in Computer Science vol:3357 pages:314-331
SAC 2004 date:August 09-10, 2004
This paper investigates the security of Proactive Secret Sharing Schemes. We start with revision of the mobile adversary model of Herzberg's et al. imposing less restriction to the adversary. We first investigate the approach of using commitment to 0 in the renewal phase in order to renew the player's shares. In the considered model some well known computationally secure protocols (which use this approach) turns out to be vulnerable to a specific attack. We show that this type of attack is applicable also in the unconditional case. Then we extend the attack of D'Arco and Stinson to non-symmetric polynomials, which is applicable even in the mobile adversary model of Herzberg et al. Next the conditions for the security of a proactive scheme using this approach are shown. We also investigate another approach to add proactivity, namely using re-sharing instead of commitment to 0. Two protocols using this approach are described and it is shown that both are not secure against a mobile adversary. The main contribution of the paper is to show specific weaknesses, when a mobile adversary is considered.