Paper 2022/1169

DyCAPS: Asynchronous Dynamic-committee Proactive Secret Sharing

Abstract

Dynamic-committee proactive secret sharing (DPSS) enables the refresh of secret shares and the alternation of shareholders without changing the secret. Such a proactivization functionality makes DPSS a promising technology for long-term key management and committee governance. In non-asynchronous networks, CHURP (CCS ’19) and COBRA (S&P ’22) have achieved best-case square and cubic communication cost, respectively, w.r.t. the number of shareholders. However, the overhead of asynchronous DPSS remains high. This gap hinders asynchronous protocols from evolving to the dynamic setting, such as BFT systems and threshold cryptography services. In this paper, we fill this gap and propose DyCAPS, an efficient asynchronous DPSS protocol with a cubic communication cost. DyCAPS supports the transfer of both low- and high-threshold secret shares among dynamic committees with the same communication and computation complexity. Experimental results show that proactivization between two disjoint committees of 4 (resp., 64) members takes 1.3 (resp., 51) seconds. Moreover, DyCAPS is designed to be compatible with asynchronous BFT protocols without increasing the asymptotic communication cost. Given a payload of 5–10 MB per node, DyCAPS achieves member change in Dumbo2 (CCS ’20) at around 10% temporary throughput degradation, with the committee size varying from 4 to 22.