Proactive Secret Sharing in Dynamic Environments

Secure private key storage is a fundamental challenge in blockchains and decentralized systems. Private keys control a plethora of valuable digital assets, from cryptocurrencies to online identities. Private key loss often leads to serious and irreversible consequences. However, users struggle to store their private keys reliably and securely. Users often store their keys on local devices, where they are vulnerable to phishing attacks, malware, and device loss or failure. Bitcoin private keys are also a valuable target to malicious actors, which incentivizes further attacks. Consequently, an estimated four million Bitcoin have been lost forever due to lost or stolen keys [32]. Many users thus choose to store their cryptocurrency with exchanges such as Coinbase, which holds an estimated 10% of all circulating Bitcoin [1]. However, the centralized nature of these systems contradicts the decentralization that defines blockchain systems. Secret sharing provides an alternative to centralized private key stores. In a secret sharing scheme, a committee of n nodes hold shares of a secret s. One well-known implementation is Shamir’s secret sharing scheme, in which a secret is encoded as the y-intercept of polynomial P (x) of degree d [35]. Points along the polynomial are then distributed among the committee nodes. An adversary must compromise at least d+ 1 nodes in order to learn the secret s, and must sabotage at least n− d nodes to render the secret unrecoverable. Proactive secret sharing [22] provides additional security guarantees. PSS periodically proactivizes its shares without altering the secret. Each node generates refreshed shares of the secret s that …