Mobile proactive secret sharing

Schultz, David; Liskov, Barbara; Liskov, Moses

doi:10.1145/1400751.1400856

Cited by 39 publications

(41 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also assume the existence of a proactive threshold signature protocol [15], [16], [17], [11], [18] that guarantees that threshold signatures are unforgeable without knowing f or more out of n secret shares.…”

Section: System Model and Assumptionsmentioning

confidence: 99%

“…But no MS replica can know this key, since if it were faulty it could expose it. Therefore, each MS replica holds a share of the associated private key and the signature is produced using a proactive threshold signature scheme [15], [16], [17], [11], [18]. This scheme will only generate a correct signature if f MS þ 1 replicas agree on signing a statement.…”

Section: Reconfiguring the Msmentioning

confidence: 99%

See 1 more Smart Citation

Automatic Reconfiguration for Large-Scale Reliable Storage Systems

Rodrigues¹,

Liskov²,

Chen³

et al. 2012

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Abstract-Byzantine-fault-tolerant replication enhances the availability and reliability of Internet services that store critical state and preserve it despite attacks or software errors. However, existing Byzantine-fault-tolerant storage systems either assume a static set of replicas, or have limitations in how they handle reconfigurations (e.g., in terms of the scalability of the solutions or the consistency levels they provide). This can be problematic in long-lived, large-scale systems where system membership is likely to change during the system lifetime. In this paper, we present a complete solution for dynamically changing system membership in a large-scale Byzantine-fault-tolerant system. We present a service that tracks system membership and periodically notifies other system nodes of membership changes. The membership service runs mostly automatically, to avoid human configuration errors; is itself Byzantinefault-tolerant and reconfigurable; and provides applications with a sequence of consistent views of the system membership. We demonstrate the utility of this membership service by using it in a novel distributed hash table called dBQS that provides atomic semantics even across changes in replica sets. dBQS is interesting in its own right because its storage algorithms extend existing Byzantine quorum protocols to handle changes in the replica set, and because it differs from previous DHTs by providing Byzantine fault tolerance and offering strong semantics. We implemented the membership service and dBQS. Our results show that the approach works well, in practice: the membership service is able to manage a large system and the cost to change the system membership is low.

show abstract

Section: System Model and Assumptionsmentioning

confidence: 99%

Section: Reconfiguring the Msmentioning

confidence: 99%

Automatic Reconfiguration for Large-Scale Reliable Storage Systems

Rodrigues¹,

Liskov²,

Chen³

et al. 2012

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Capturing any number of inactive replicas provides no benefit to the attacker. Periodically, or whenever an active replica is in danger, the other active replicas choose at random an inactive replica and run a mobile proactive secret sharing protocol [13] to (1) include the new replica into the active set, and (2) exclude the old replica from the active set. Using pre-established ciphertext replicas, data migration in Evade involves merely transferring small key shares instead of the actual data.…”

Section: E Evade: Avoiding Danger With Lightweight Data Migrationmentioning

confidence: 99%

The MEERKATS Cloud Security Architecture

Keromytis

Geambasu

Sethumadhavan

et al. 2012

2012 32nd International Conference on Distributed Computing Systems Workshops

View full text Add to dashboard Cite

Abstract-MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary's ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. A key element of MEERKATS is the focus on both the software and the data in the cloud, not just protecting but leveraging both to improve mission resilience. MEERKATS seeks to effectively exploit "economies of scale" (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated application and mission needs instead of an inefficient, "blanket" approach to protecting "everything the same way, all the time". We outline our vision for MEERKATS and describe our approach toward prototyping it.

show abstract

“…As we discuss in the related work, all known computational VSS scheme [5,37,40] in the asynchronous communication setting rely on homomorphism of commitments. In this section, we show that homomorphism is not necessary for computational VSS in the asynchronous communication setting.…”

Section: Vss In the Asynchronous Communication Modelmentioning

confidence: 99%

“…In the asynchronous communication setting, Cachin et al [5], Zhou et al [40], and more recently Schultz et al [37] suggested computational VSS schemes: AVSS (Asynchronous VSS), APSS (Asynchronous Proactive Secret Sharing), and MPSS (Mobile Proactive Secret Sharing) respectively. Of these, the APSS protocol is impractical for any reasonable n and t, as it has an exponential n t factor in the message complexity (number of messages transferred), while MPSS is developed for a more mobile setting where the set of the system nodes has to change completely between two consecutive phases.…”

Section: Introductionmentioning

confidence: 99%

Computational Verifiable Secret Sharing Revisited

Backes

Kate

Patra

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Verifiable secret sharing (VSS) is an important primitive in distributed cryptography that allows a dealer to share a secret among n parties in the presence of an adversary controlling at most t of them. In the computational setting, the feasibility of VSS schemes based on commitments was established over two decades ago. Interestingly, all known computational VSS schemes rely on the homomorphic nature of these commitments or achieve weaker guarantees. As homomorphism is not inherent to commitments or to the computational setting in general, a closer look at its utility to VSS is called for. In this paper, we demonstrate that homomorphism of commitments is not a necessity for computational VSS in the synchronous or in the asynchronous communication setting. We present new VSS schemes based only on the definitional properties of commitments that are almost as good as existing VSS schemes based homomorphic commitments. Furthermore, they have significantly lower communication complexities than their (statistical or perfect) unconditional counterparts. Considering the feasibility of commitments from any claw-free permutation, one-way function or collision-resistant hash function, our schemes can be an excellent alternative to unconditional VSS in the future.Further, in the synchronous communication model, we observe that a crucial interactive complexity measure of round complexity has never been formally studied for computational VSS. Interestingly, for the optimal resiliency conditions, the least possible round complexity in the known computational VSS schemes is identical to that in the (statistical or perfect) unconditional setting: three rounds. Considering the strength of the computational setting, this equivalence is certainly surprising. In this paper, we show that three rounds are actually not mandatory for computational VSS. We present the first two-round VSS scheme for n ≥ 2t + 1 and lower-bound the result tightly by proving the impossibility of one-round computational VSS for t ≥ 2 or n ≤ 3t. For the remaining condition of t = 1 and n ≥ 4, we present a one-round VSS scheme. We also include a new two-round VSS scheme using homomorphic commitments that has the same communication complexity as the well-known three-round Feldman and Pedersen VSS schemes.

show abstract

Mobile proactive secret sharing

Cited by 39 publications

References 26 publications

Automatic Reconfiguration for Large-Scale Reliable Storage Systems

Automatic Reconfiguration for Large-Scale Reliable Storage Systems

The MEERKATS Cloud Security Architecture

Computational Verifiable Secret Sharing Revisited

Contact Info

Product

Resources

About