Partial abstract. In this talk we will discuss two recent proposals in this area: CAPA and M&M, which both start from passively secure threshold schemes and extend those with information-theoretic MAC tags for protection against active adversaries. While similar in their most basic structure, the two proposals explore very different adversary models and thus employ completely different implementation techniques. CAPA considers the field-probe-and-fault model, which is the embedded analogue of multiple parties jointly computing a function with at least one of the parties honest. Accordingly, CAPA is strongly based on the actively secure MPC protocol SPDZ and inherits its provable security properties in this model. Since this results in very expensive implementations, M&M works in a similar but more realistic adversary model and uses existing building blocks from previous passively secure implementations to build more efficient actively secure threshold cryptography.

(Click the above image to see video on Youtube)