1,074 research outputs found
Adaptively Secure Coin-Flipping, Revisited
The full-information model was introduced by Ben-Or and Linial in 1985 to
study collective coin-flipping: the problem of generating a common bounded-bias
bit in a network of players with faults. They showed that the
majority protocol can tolerate adaptive corruptions, and
conjectured that this is optimal in the adaptive setting. Lichtenstein, Linial,
and Saks proved that the conjecture holds for protocols in which each player
sends a single bit. Their result has been the main progress on the conjecture
in the last 30 years.
In this work we revisit this question and ask: what about protocols involving
longer messages? Can increased communication allow for a larger fraction of
faulty players?
We introduce a model of strong adaptive corruptions, where in each round, the
adversary sees all messages sent by honest parties and, based on the message
content, decides whether to corrupt a party (and intercept his message) or not.
We prove that any one-round coin-flipping protocol, regardless of message
length, is secure against at most strong adaptive
corruptions. Thus, increased message length does not help in this setting.
We then shed light on the connection between adaptive and strongly adaptive
adversaries, by proving that for any symmetric one-round coin-flipping protocol
secure against adaptive corruptions, there is a symmetric one-round
coin-flipping protocol secure against strongly adaptive corruptions.
Returning to the standard adaptive model, we can now prove that any symmetric
one-round protocol with arbitrarily long messages can tolerate at most
adaptive corruptions.
At the heart of our results lies a novel use of the Minimax Theorem and a new
technique for converting any one-round secure protocol into a protocol with
messages of bits. This technique may be of independent interest
Information-Theoretically Secure Voting Without an Honest Majority
We present three voting protocols with unconditional privacy and
information-theoretic correctness, without assuming any bound on the number of
corrupt voters or voting authorities. All protocols have polynomial complexity
and require private channels and a simultaneous broadcast channel. Our first
protocol is a basic voting scheme which allows voters to interact in order to
compute the tally. Privacy of the ballot is unconditional, but any voter can
cause the protocol to fail, in which case information about the tally may
nevertheless transpire. Our second protocol introduces voting authorities which
allow the implementation of the first protocol, while reducing the interaction
and limiting it to be only between voters and authorities and among the
authorities themselves. The simultaneous broadcast is also limited to the
authorities. As long as a single authority is honest, the privacy is
unconditional, however, a single corrupt authority or a single corrupt voter
can cause the protocol to fail. Our final protocol provides a safeguard against
corrupt voters by enabling a verification technique to allow the authorities to
revoke incorrect votes. We also discuss the implementation of a simultaneous
broadcast channel with the use of temporary computational assumptions, yielding
versions of our protocols achieving everlasting security
On the Round Complexity of Randomized Byzantine Agreement
We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that:
1) BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1/2+ o(1)].
2) BA protocols resilient against n/4 corruptions terminate at the end of the second round with probability at most 1-Theta(1).
3) For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against n/3 [resp., n/4] corruptions terminate at the end of the second round with probability at most o(1) [resp., 1/2 + o(1)].
The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI).
The third bound essentially matches the recent protocol of Micali (ITCS\u2717) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability
Anonymous Single-Sign-On for n designated services with traceability
Anonymous Single-Sign-On authentication schemes have been proposed to allow
users to access a service protected by a verifier without revealing their
identity which has become more important due to the introduction of strong
privacy regulations. In this paper we describe a new approach whereby anonymous
authentication to different verifiers is achieved via authorisation tags and
pseudonyms. The particular innovation of our scheme is authentication can only
occur between a user and its designated verifier for a service, and the
verification cannot be performed by any other verifier. The benefit of this
authentication approach is that it prevents information leakage of a user's
service access information, even if the verifiers for these services collude
which each other. Our scheme also supports a trusted third party who is
authorised to de-anonymise the user and reveal her whole services access
information if required. Furthermore, our scheme is lightweight because it does
not rely on attribute or policy-based signature schemes to enable access to
multiple services. The scheme's security model is given together with a
security proof, an implementation and a performance evaluation.Comment: 3
Broadcast and Verifiable Secret Sharing: New Security Models and Round Optimal Constructions
Broadcast and verifiable secret sharing (VSS) are central building blocks for secure multi-party computation. These protocols are required to be resilient against a Byzantine adversary who controls at most t out of the n parties running the protocol. In this dissertation, we consider the design of fault-tolerant protocols for broadcast and verifiable secret sharing with stronger security guarantees and improved round complexity.
Broadcast allows a party to send the same message to all parties, and all parties are assured they have received identical messages. Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct broadcast protocols tolerating any number of corrupted parties. We address two important issues related to broadcast: (1) Almost all existing protocols do not distinguish between corrupted parties (who do not follow the protocol) and honest parties whose secret (signing) keys have been compromised (but who continue to behave honestly); (2) all existing protocols for broadcast are insecure against an adaptive adversary who can choose which parties to corrupt as the protocol progresses. We propose new security models that capture these issues, and present tight feasibility and impossibility results.
In the problem of verifiable secret sharing, there is a designated player who shares a secret during an initial sharing phase such that the secret is hidden from an adversary that corrupts at most t parties. In a subsequent reconstruction phase of the protocol, a unique secret, well-defined by the view of honest players in the sharing phase, is reconstructed. The round complexity of VSS protocols is a very important metric of their efficiency. We show two improvements regarding the round complexity of information-theoretic VSS. First, we construct an efficient perfectly secure VSS protocol tolerating t < n/3 corrupted parties that is simultaneously optimal in both the number of rounds and the number of invocations of broadcast. Second, we construct a statistically secure VSS protocol tolerating t < n/2 corrupted parties that has optimal round complexity, and an efficient statistical VSS protocol tolerating t < n/2 corrupted parties that requires one additional round
Scalable Byzantine Reliable Broadcast
Byzantine reliable broadcast is a powerful primitive that allows a set of processes to agree on a message from a designated sender, even if some processes (including the sender) are Byzantine. Existing broadcast protocols for this setting scale poorly, as they typically build on quorum systems with strong intersection guarantees, which results in linear per-process communication and computation complexity.
We generalize the Byzantine reliable broadcast abstraction to the probabilistic setting, allowing each of its properties to be violated with a fixed, arbitrarily small probability. We leverage these relaxed guarantees in a protocol where we replace quorums with stochastic samples. Compared to quorums, samples are significantly smaller in size, leading to a more scalable design. We obtain the first Byzantine reliable broadcast protocol with logarithmic per-process communication and computation complexity.
We conduct a complete and thorough analysis of our protocol, deriving bounds on the probability of each of its properties being compromised. During our analysis, we introduce a novel general technique that we call adversary decorators. Adversary decorators allow us to make claims about the optimal strategy of the Byzantine adversary without imposing any additional assumptions. We also introduce Threshold Contagion, a model of message propagation through a system with Byzantine processes. To the best of our knowledge, this is the first formal analysis of a probabilistic broadcast protocol in the Byzantine fault model. We show numerically that practically negligible failure probabilities can be achieved with realistic security parameters
- âŠ