Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Secret sharing schemes protect secrets by distributing them over diierent locations (share holders). In particular, in k out of n threshold schemes, security is assured if throughout the entire lifetime of the secret the adversary is restricted to compromise less than k of the n locations. For long-lived and sensitive secrets this protection may be insuucient. We propose an eecient proactive secret sharing scheme, where shares are periodically renewed (without changing the secret) in such a way that information gained by the adversary in one time period is useless for attacking the secret after the shares are renewed. Hence, the adversary willing to learn the secret needs to break to all k locations during the same time period (e.g., one day, a week, etc.). Furthermore, in order to guarantee the availability and integrity of the secret, we provide mechanisms to detect maliciously (or accidentally) corrupted shares, as well as mechanisms to secretly recover the correct shares when modiication is detected.