6 research outputs found
Efficient Asynchronous Byzantine Agreement without Private Setups
Efficient asynchronous Byzantine agreement (BA) protocols were mostly studied
with private setups, e.g., pre-setup threshold cryptosystem. Challenges remain
to reduce the large communication in the absence of such setups. Recently,
Abraham et al. (PODC'21) presented the first asynchronous validated BA (VBA)
with expected messages and rounds, relying on only public key
infrastructure (PKI) setup, but the design still costs
bits. Here is the number of parties, and is a cryptographic
security parameter.
In this paper, we reduce the communication of private-setup free asynchronous
BA to expected bits. At the core of our design, we give a
systematic treatment of common randomness protocols in the asynchronous
network, and proceed as: - We give an efficient reasonably fair common coin
protocol in the asynchronous setting with only PKI setup. It costs only
bits and rounds, and ensures that with at least 1/3
probability, all honest parties can output a common bit that is as if randomly
flipped. This directly renders more efficient private-setup free asynchronous
binary agreement (ABA) with expected bits and rounds. -
Then, we lift our common coin to attain perfect agreement by using a single
ABA. This gives us a reasonably fair random leader election protocol with
expected communication and expected constant rounds. It is
pluggable in all existing VBA protocols (e.g., Cachin et al., CRYPTO'01;
Abraham et al., PODC'19; Lu et al., PODC'20) to remove the needed private setup
or distributed key generation (DKG). As such, the communication of
private-setup free VBA is reduced to expected bits while
preserving fast termination in expected rounds
Combining Asynchronous and Synchronous Byzantine Agreement: The Best of Both Worlds
In the problem of byzantine agreement (BA), a set of n parties wishes to agree
on a value v by jointly running a distributed protocol. The protocol is deemed
secure if it achieves this goal in spite of a malicious adversary that
corrupts a certain fraction of the parties and can make them behave in
arbitrarily malicious ways. Since its first formalization by Lamport et al.
(TOPLAS `82), the problem of BA has been extensively studied in the literature
under many different assumptions. One common way to classify protocols for BA
is by their synchrony and network assumptions. For example, some protocols
offer resilience against up to a one-half fraction of corrupted parties by
assuming a synchronized, but possibly slow network, in which parties share a
global clock and messages are guaranteed to arrive after a given time D. By
comparison, other protocols achieve much higher efficiency and work without
these assumptions, but can tolerate only a one-third fraction of corrupted
parties. A natural question is whether it is possible to combine protocols
from these two regimes to achieve the ``best of both worlds\u27\u27: protocols that
are both efficient and robust. In this work, we answer this question in the
affirmative. Concretely, we make the following contributions:
* We give the first generic compilers that combine BA protocols under
different network and synchrony assumptions and preserve both the efficiency
and robustness of their building blocks. Our constructions are simple and rely
solely on a secure signature scheme.
* We prove that our constructions achieve optimal corruption bounds.
* Finally, we give the first efficient protocol for (binary) asynchronous
byzantine agreement (ABA) which tolerates adaptive corruptions and matches the
communication complexity of the best protocols in the static case
SoK: A Consensus Taxonomy in the Blockchain Era
Consensus (a.k.a. Byzantine agreement) is arguably one of the most fundamental problems in distributed systems, playing also an important role in the area of cryptographic protocols as the enabler of a (secure) broadcast functionality. While the problem has a long and rich history and has been analyzed from many different perspectives, recently, with the advent of blockchain protocols like Bitcoin, it has experienced renewed interest from a much wider community of researchers and has seen its application expand to various novel settings.
One of the main issues in consensus research is the many different variants of the problem that exist as well as the various ways the problem behaves when different setup, computational assumptions and network models are considered. In this work we perform a systematization of knowledge in the landscape of consensus research starting with the original formulation in the early 1980s up to the present
blockchain-based new class of consensus protocols. Our work is a roadmap for studying the consensus problem under its many guises, classifying the way it operates in many settings and highlighting the exciting new applications that have emerged in the blockchain era
Synchronous Consensus with Optimal Asynchronous Fallback Guarantees
Typically, protocols for Byzantine agreement (BA) are designed to run in either a synchronous network (where all messages are guaranteed to be delivered within some known time from when they are sent) or an asynchronous network (where messages may be arbitrarily delayed). Protocols designed for synchronous networks are generally insecure if the network in which they run does not ensure synchrony; protocols designed for asynchronous networks are (of course) secure in a synchronous setting as well, but in that case tolerate a lower fraction of faults than would have been possible if synchrony had been assumed from the start.
Fix some number of parties , and . We ask whether it is possible (given a public-key infrastructure) to design a BA protocol that (1) is resilient to corruptions when run in a synchronous network and (2) remains resilient to faults even if the network happens to be asynchronous. We show matching feasibility and infeasibility results demonstrating that this is possible if and only if
On the Communication Efficiency of Statistically-Secure Asynchronous MPC with Optimal Resilience
Secure multi-party computation (MPC) is a fundamental problem in secure distributed computing. An MPC protocol allows a set of mutually distrusting parties with private inputs to securely compute any publicly-known function of their inputs, by keeping their respective inputs as private as possible. While several works in the past have addressed the problem of designing communication-efficient MPC protocols in the synchronous communication setting, not much attention has been paid to the design of efficient MPC protocols in the asynchronous communication setting. In this work, we focus on the design of efficient asynchronous MPC (AMPC) protocol with statistical security, tolerating a computationally unbounded adversary, capable of corrupting up to parties out of the parties. The seminal work of Ben-Or, Kelmer and Rabin (PODC 1994) and later Abraham, Dolev and Stern (PODC 2020) showed that the optimal resilience for statistically-secure AMPC is . Unfortunately, the communication complexity of the protocol presented by Ben-Or et al is significantly high, where the communication complexity per multiplication is bits (where is the statistical-security parameter). To the best of our knowledge, no work has addressed the problem of improving the
communication complexity of the protocol of Ben-Or at al. In this work, our main contributions are the following.
-- We present a new statistically-secure AMPC protocol with the optimal resilience and where the communication complexity is bits per multiplication. Apart from improving upon the communication complexity of the protocol of Ben-Or et al, our protocol is relatively simpler and based on very few sub-protocols, unlike the protocol of Ben-Or et al which involves several layers of subprotocols. A central component of our AMPC protocol is a new and simple protocol for verifiable asynchronous complete secret-sharing (ACSS), which is of independent interest.
-- As a side result, we give the security proof for our AMPC protocol in the standard universal composability (UC) framework of Canetti (FOCS 2001, JACM 2020), which is now the defacto standard for proving the security of cryptographic protocols. This is unlike the protocol of Ben-Or et al, which was missing the formal security proofs
Detect, Pack and Batch: Perfectly-Secure MPC with Linear Communication and Constant Expected Time
We prove that perfectly-secure optimally-resilient secure Multi-Party Computation (MPC) for a circuit with gates and depth can be obtained in communication complexity and expected time. For and , this is the first perfectly-secure optimal-resilient MPC protocol with linear communication complexity per gate and constant expected time complexity per layer.
Compared to state-of-the-art MPC protocols in the player elimination framework [Beerliova and Hirt TCC\u2708, and Goyal, Liu, and Song CRYPTO\u2719], for and , our results significantly improve the run time from to expected while keeping communication complexity at .
Compared to state-of-the-art MPC protocols that obtain an expected time complexity [Abraham, Asharov, and Yanai TCC\u2721], for , our results significantly improve the communication complexity from to while keeping the expected run time at .
One salient part of our technical contribution is centered around a new primitive we call detectable secret sharing . It is perfectly-hiding, weakly-binding, and has the property that either reconstruction succeeds or parties are (privately) detected. On the one hand, we show that detectable secret sharing is sufficiently powerful to generate multiplication triplets needed for MPC. On the other hand, we show how to share secrets via detectable secret sharing with communication complexity of just . When sharing secrets, the communication cost is amortized to just field elements per secret.
Our second technical contribution is a new Verifiable Secret Sharing protocol that can share secrets at just word complexity. When sharing secrets, the communication cost is amortized to just filed elements per secret. The best prior required communication per secret