Rational authentication protocols

ABSTRACT We use ideas from game theory to improve two families of authentication protocols, namely password-based and manual authentication schemes. The protocols will be transformed so that even if an intruder attacks different protocol runs between honest nodes, its expected payoff will still be lower than when it does not attack. A rational intruder, who always tries to maximise its payoff, therefore has no incentive to attack any protocol run among trustworthy parties

Distributed computing building blocks for rational agents

Following [4] we extend and generalize the game-theoretic model of distributed computing, identifying different utility functions that encompass different potential preferences of players in a distributed system. A good distributed algorithm in the game-theoretic context is one that prohibits the agents (processors with interests) from de-viating from the protocol; any deviation would result in the agent losing, i.e., reducing its utility at the end of the algorithm. We dis-tinguish between different utility functions in the context of dis-tributed algorithms, e.g., utilities based on communication prefer-ence, solution preference, and output preference. Given these pref-erences we construct two basic building blocks for game theoretic distributed algorithms, a wake-up building block resilient to any preference and in particular to the communication preference (to which previous wake-up solutions were not resilient), and a knowl-edge sharing building block that is resilient to any and in partic-ular to solution and output preferences. Using the building blocks we present several new algorithms for consensus, and renaming as well as a modular presentation of the leader election algorithm of [4]

Fair Leader Election for Rational Agents in Asynchronous Rings and Networks

We study a game theoretic model where a coalition of processors might collude to bias the outcome of the protocol, where we assume that the processors always prefer any legitimate outcome over a non-legitimate one. We show that the problems of Fair Leader Election and Fair Coin Toss are equivalent, and focus on Fair Leader Election. Our main focus is on a directed asynchronous ring of $n$ processors, where we investigate the protocol proposed by Abraham et al. \cite{abraham2013distributed} and studied in Afek et al. \cite{afek2014distributed}. We show that in general the protocol is resilient only to sub-linear size coalitions. Specifically, we show that $\Omega(\sqrt{n\log n})$ randomly located processors or $\Omega(\sqrt[3]{n})$ adversarially located processors can force any outcome. We complement this by showing that the protocol is resilient to any adversarial coalition of size $O(\sqrt[4]{n})$. We propose a modification to the protocol, and show that it is resilient to every coalition of size $\Theta(\sqrt{n})$, by exhibiting both an attack and a resilience result. For every $k \geq 1$, we define a family of graphs ${\mathcal{G}}_{k}$ that can be simulated by trees where each node in the tree simulates at most $k$ processors. We show that for every graph in ${\mathcal{G}}_{k}$, there is no fair leader election protocol that is resilient to coalitions of size $k$. Our result generalizes a previous result of Abraham et al. \cite{abraham2013distributed} that states that for every graph, there is no fair leader election protocol which is resilient to coalitions of size $\lceil \frac{n}{2} \rceil$.Comment: 48 pages, PODC 201

Information-Theoretic Secure Outsourced Computation in Distributed Systems

Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir\u27s secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using SSS to protect privacy in distributed signal processing. There are three main contributions to this dissertation. First, the proposed computing framework is shown to be significantly more efficient than GC. Second, a novel game-theoretical framework is proposed to analyze different types of collusion attacks. Third, using the proposed game-theoretical framework, specific mechanism designs are developed to deter collusion attacks in a fully distributed manner. Specifically, for a collusion attack with known detectors, I analyze it as games between secret owners and show that the attack can be effectively deterred by an explicit retaliation mechanism. For a general attack without detectors, I expand the scope of the game to include the computing agents and provide deterrence through deceptive collusion requests. The correctness and privacy of the protocols are proved under a covert adversarial model. Our experimental results demonstrate the efficiency of SSS-based protocols and the validity of our mechanism design

Generic Superlight Client for Permissionless Blockchains

We conduct a systematic study on the light client of permissionless blockchains, in the setting where the full nodes and the light clients are rational. Under such a game-theoretic model, we design a superlight-client protocol to enable a client to employ some relaying full nodes (e.g. two or one) to read the blockchain. The protocol is "generic", i.e., it can be deployed disregarding the underlying consensuses, and also "superlight", i.e., the computational cost of the light client to predicate the (non)existence of a transaction in the blockchain becomes a small constant. Since our protocol resolves a fundamental challenge of broadening the usage of blockchain technology, it captures a wide variety of important use-cases such as multi-chain wallets, DApp browsers and more

Resource-Efficient and Robust Distributed Computing

There has been a tremendous growth in the size of distributed systems in the past three decades. Today, distributed systems, such as the Internet, have become so large that they require highly scalable algorithms; algorithms that have asymptotically-small communication, computation, and latency costs with respect to the network size. Moreover, systems with thousands or even millions of parties distributed throughout the world is likely in danger of faults from untrusted parties. In this dissertation, we study scalable and secure distributed algorithms that can tolerate faults from untrusted parties. Throughout this work, we balance two important and often conflicting characteristics of distributed protocols: security and efficiency. Our first result is a protocol that solves the MPC problem in polylogarithmic communication and computation cost and is secure against an adversary than can corrupt a third of the parties. We adapted our synchronous MPC protocol to the asynchronous setting when the fraction of the corrupted parties are less than 1/8. Next, we presented a scalable protocol that solves the secret sharing problem between rational parties in polylogarithmic communication and computation cost. Furthermore, we presented a protocol that can solve the interactive communication problem over a noisy channel when the noise rate in unknown. In this problem, we have focused on the cost of the protocol in the resource-competitive analysis model. Unlike classic models, resource-competitive models consider the cost that the adversary must pay to succeed in corrupting the protocol

Novel Secret Sharing and Commitment Schemes for Cryptographic Applications

In the second chapter, the notion of a social secret sharing (SSS) scheme is introduced in which shares are allocated based on a player's reputation and the way she interacts with other parties. In other words, this scheme renews shares at each cycle without changing the secret, and it allows the trusted parties to gain more authority. Our motivation is that, in real-world applications, components of a secure scheme have different levels of importance (i.e., the number of shares a player has) and reputation (i.e., cooperation with other parties). Therefore, a good construction should balance these two factors accordingly. In the third chapter, a novel socio-rational secret sharing (SRS) scheme is introduced in which rational foresighted players have long-term interactions in a social context, i.e., players run secret sharing while founding and sustaining a public trust network. To motivate this, consider a repeated secret sharing game such as sealed-bid auctions. If we assume each party has a reputation value, we can then penalize (or reward) the players who are selfish (or unselfish) from game to game. This social reinforcement stimulates the players to be cooperative in the secret recovery phase. Unlike the existing protocols in the literature, the proposed solution is stable and it only has a single reconstruction round. In the fourth chapter, a comprehensive analysis of the existing dynamic secret sharing (DSS) schemes is first provided. In a threshold scheme, the sensitivity of the secret and the number of players may fluctuate due to various reasons. Moreover, a common problem with almost all secret sharing schemes is that they are ``one-time'', meaning that the secret and shares are known to everyone after secret recovery. We therefore provide new techniques where the threshold and/or the secret can be changed multiple times to arbitrary values after the initialization. In addition, we introduce a new application of dynamic threshold schemes, named sequential secret sharing (SQS), in which several secrets with increasing thresholds are shared among the players who have different levels of authority. In the fifth chapter, a cryptographic primitive, named multicomponent commitment scheme (MCS) is proposed where we have multiple committers and verifiers. This new scheme is used to construct different sealed-bid auction protocols (SAP) where the auction outcomes are defined without revealing the losing bids. The main reason for constructing secure auctions is the fact that the values of the losing bids can be exploited in future auctions and negotiations if they are not kept private. In our auctioneer-free protocols, bidders first commit to their bids before the auction starts. They then apply a decreasing price mechanism to define the winner and selling price in an unconditionally secure setting