3 research outputs found

    Asymptotically Free Broadcast in Constant Expected Time via Packed VSS

    Get PDF
    Broadcast is an essential primitive for secure computation. We focus in this paper on optimal resilience (i.e., when the number of corrupted parties tt is less than a third of the computing parties nn), and with no setup or cryptographic assumptions. While broadcast with worst case tt rounds is impossible, it has been shown [Feldman and Micali STOC\u2788, Katz and Koo CRYPTO\u2706] how to construct protocols with expected constant number of rounds in the private channel model. However, those constructions have large communication complexity, specifically O(n2L+n6logn)\mathcal{O}(n^2L+n^6\log n) expected number of bits transmitted for broadcasting a message of length LL. This leads to a significant communication blowup in secure computation protocols in this setting. In this paper, we substantially improve the communication complexity of broadcast in constant expected time. Specifically, the expected communication complexity of our protocol is O(nL+n4logn)\mathcal{O}(nL+n^4\log n). For messages of length L=Ω(n3logn)L=\Omega(n^3 \log n), our broadcast has no asymptotic overhead (up to expectation), as each party has to send or receive O(n3logn)\mathcal{O}(n^3 \log n) bits. We also consider parallel broadcast, where nn parties wish to broadcast LL bit messages in parallel. Our protocol has no asymptotic overhead for L=Ω(n2logn)L=\Omega(n^2\log n), which is a common communication pattern in perfectly secure MPC protocols. For instance, it is common that all parties share their inputs simultaneously at the same round, and verifiable secret sharing protocols require the dealer to broadcast a total of O(n2logn)\mathcal{O}(n^2\log n) bits. As an independent interest, our broadcast is achieved by a packed verifiable secret sharing, a new notion that we introduce. We show a protocol that verifies O(n)\mathcal{O}(n) secrets simultaneously with the same cost of verifying just a single secret. This improves by a factor of nn the state-of-the-art

    Efficient Constructions for Almost-everywhere Secure Computation

    Get PDF
    The importance of efficient MPC in today\u27s world needs no retelling. An obvious barebones requirement to execute protocols for MPC is the ability of parties to communicate with each other. Traditionally, we solve this problem by assuming that every pair of parties in the network share a dedicated secure link that enables reliable message transmission. This assumption is clearly impractical as the number of nodes in the network grows, as it has today. In their seminal work, Dwork, Peleg, Pippenger and Upfal introduced the notion of almost-everywhere secure primitives in an effort to model the reality of large scale global networks and study the impact of limited connectivity on the properties of fundamental fault-tolerant distributed tasks. In this model, the underlying communication network is sparse and hence some nodes may not even be in a position to participate in the protocol (all their neighbors may be corrupt, for instance). A protocol for almost everywhere reliable message transmission, which would guarantee that a large subset of the network can transmit messages to each other reliably, implies a protocol for almost-everywhere agreement where nodes are required to agree on a value despite malicious or byzantine behavior of some subset of nodes, and an almost-everywhere agreement protocol implies a protocol almost-everywhere secure MPC that is unconditionally or information-theoretically secure. The parameters of interest are the degree dd of the network, the number tt of corrupted nodes that can be tolerated and the number xx of nodes that the protocol may give up. Prior work achieves d=O(1)d = O(1) for t=O(n/logn)t = O(n/\log n) and d=O(logqn)d = O(\log^{q}n) for t=O(n)t = O(n) for some fixed constant q>1q > 1. In this work, we first derive message protocols which are efficient with respect to the total number of computations done across the network. We use this result to show an abundance of networks with d=O(1)d = O(1) that are resilient to t=O(n)t = O(n) random corruptions. This randomized result helps us build networks which are resistant to worst-case adversaries. In particular, we improve the state of the art in the almost everywhere reliable message transmission problem in the worst-case adversary model by showing the existence of an abundance of networks that satisfy d=O(logn)d = O(\log n) for t=O(n)t = O(n), thus making progress on this question after nearly a decade. Finally, we define a new adversarial model of corruptions that is suitable for networks shared amongst a large group of corporations that: (1) do not trust each other, and (2) may collude, and construct optimal networks achieving d=O(1)d = O(1) for t=O(n)t = O(n) in this model

    A Coordination Language for Databases

    Get PDF
    We present a coordination language for the modeling of distributed database applications. The language, baptized Klaim-DB, borrows the concepts of localities and nets of the coordination language Klaim but re-incarnates the tuple spaces of Klaim as databases. It provides high-level abstractions and primitives for the access and manipulation of structured data, with integrity and atomicity considerations. We present the formal semantics of Klaim-DB and develop a type system that avoids potential runtime errors such as certain evaluation errors and mismatches of data format in tables, which are monitored in the semantics. The use of the language is illustrated in a scenario where the sales from different branches of a chain of department stores are aggregated from their local databases. Raising the abstraction level and encapsulating integrity checks in the language primitives have benefited the modeling task considerably
    corecore