30,394 research outputs found
On the Efficiency of Classical and Quantum Secure Function Evaluation
We provide bounds on the efficiency of secure one-sided output two-party
computation of arbitrary finite functions from trusted distributed randomness
in the statistical case. From these results we derive bounds on the efficiency
of protocols that use different variants of OT as a black-box. When applied to
implementations of OT, these bounds generalize most known results to the
statistical case. Our results hold in particular for transformations between a
finite number of primitives and for any error. In the second part we study the
efficiency of quantum protocols implementing OT. While most classical lower
bounds for perfectly secure reductions of OT to distributed randomness still
hold in the quantum setting, we present a statistically secure protocol that
violates these bounds by an arbitrarily large factor. We then prove a weaker
lower bound that does hold in the statistical quantum setting and implies that
even quantum protocols cannot extend OT. Finally, we present two lower bounds
for reductions of OT to commitments and a protocol based on string commitments
that is optimal with respect to both of these bounds
Shared vs Private Randomness in Distributed Interactive Proofs
In distributed interactive proofs, the nodes of a graph G interact with a powerful but untrustable prover who tries to convince them, in a small number of rounds and through short messages, that G satisfies some property. This series of interactions is followed by a phase of distributed verification, which may be either deterministic or randomized, where nodes exchange messages with their neighbors.
The nature of this last verification round defines the two types of interactive protocols. We say that the protocol is of Arthur-Merlin type if the verification round is deterministic. We say that the protocol is of Merlin-Arthur type if, in the verification round, the nodes are allowed to use a fresh set of random bits.
In the original model introduced by Kol, Oshman, and Saxena [PODC 2018], the randomness was private in the sense that each node had only access to an individual source of random coins. Crescenzi, Fraigniaud, and Paz [DISC 2019] initiated the study of the impact of shared randomness (the situation where the coin tosses are visible to all nodes) in the distributed interactive model.
In this work, we continue that research line by showing that the impact of the two forms of randomness is very different depending on whether we are considering Arthur-Merlin protocols or Merlin-Arthur protocols. While private randomness gives more power to the first type of protocols, shared randomness provides more power to the second. Our results also connect shared randomness in distributed interactive proofs with distributed verification, and new lower bounds are obtained
Recommended from our members
Distributed computing and cryptography with general weak random sources
The use of randomness in computer science is ubiquitous. Randomized protocols have turned out to be much more efficient than their deterministic counterparts. In addition, many problems in distributed computing and cryptography are impossible to solve without randomness. However, these applications typically require uniform random bits, while in practice almost all natural random phenomena are biased. Moreover, even originally uniform random bits can be damaged if an adversary learns some partial information about these bits. In this thesis, we study how to run randomized protocols in distributed computing and cryptography with imperfect randomness. We use the most general model for imperfect randomness where the weak random source is only required to have a certain amount of min-entropy. One important tool here is the randomness extractor. A randomness extractor is a function that takes as input one or more weak random sources, and outputs a distribution that is close to uniform in statistical distance. Randomness extractors are interesting in their own right and are closely related to many other problems in computer science. Giving efficient constructions of randomness extractors with optimal parameters is one of the major open problems in the area of pseudorandomness. We construct network extractor protocols that extract private random bits for parties in a communication network, assuming that they each start with an independent weak random source, and some parties are corrupted by an adversary who sees all communications in the network. These protocols imply fault-tolerant distributed computing protocols and secure multi-party computation protocols where only imperfect randomness is available. The probabilistic method shows that there exists an extractor for two independent sources with logarithmic min-entropy, while known constructions are far from achieving these parameters. In this thesis we construct extractors for two independent sources with any linear min-entropy, based on a computational assumption. We also construct the best known extractors for three independent sources and affine sources. Finally we study the problem of privacy amplification. In this model, two parties share a private weak random source and they wish to agree on a private uniform random string through communications in a channel controlled by an adversary, who has unlimited computational power and can change the messages in arbitrary ways. All previous results assume that the two parties have local uniform random bits. We show that this problem can be solved even if the two parties only have local weak random sources. We also improve previous results in various aspects by constructing the first explicit non-malleable extractor and giving protocols based on this extractor.Computer Science
Simulating quantum correlations as a distributed sampling problem
It is known that quantum correlations exhibited by a maximally entangled
qubit pair can be simulated with the help of shared randomness, supplemented
with additional resources, such as communication, post-selection or non-local
boxes. For instance, in the case of projective measurements, it is possible to
solve this problem with protocols using one bit of communication or making one
use of a non-local box. We show that this problem reduces to a distributed
sampling problem. We give a new method to obtain samples from a biased
distribution, starting with shared random variables following a uniform
distribution, and use it to build distributed sampling protocols. This approach
allows us to derive, in a simpler and unified way, many existing protocols for
projective measurements, and extend them to positive operator value
measurements. Moreover, this approach naturally leads to a local hidden
variable model for Werner states.Comment: 13 pages, 2 figure
A Game-theoretic Approach for Provably-Uniform Random Number Generation in Decentralized Networks
Many protocols in distributed computing rely on a source of randomness,
usually called a random beacon, both for their applicability and security. This
is especially true for proof-of-stake blockchain protocols in which the next
miner or set of miners have to be chosen randomly and each party's likelihood
to be selected is in proportion to their stake in the cryptocurrency.
Current random beacons used in proof-of-stake protocols, such as Ouroboros
and Algorand, have two fundamental limitations: Either (i)~they rely on
pseudorandomness, e.g.~assuming that the output of a hash function is uniform,
which is a widely-used but unproven assumption, or (ii)~they generate their
randomness using a distributed protocol in which several participants are
required to submit random numbers which are then used in the generation of a
final random result. However, in this case, there is no guarantee that the
numbers provided by the parties are uniformly random and there is no incentive
for the parties to honestly generate uniform randomness. Most random beacons
have both limitations.
In this thesis, we provide a protocol for distributed generation of
randomness. Our protocol does not rely on pseudorandomness at all. Similar to
some of the previous approaches, it uses random inputs by different
participants to generate a final random result. However, the crucial difference
is that we provide a game-theoretic guarantee showing that it is in everyone's
best interest to submit uniform random numbers. Hence, our approach is the
first to incentivize honest behavior instead of just assuming it. Moreover, the
approach is trustless and generates unbiased random numbers. It is also
tamper-proof and no party can change the output or affect its distribution.
Finally, it is designed with modularity in mind and can be easily plugged into
existing distributed protocols such as proof-of-stake blockchains.Comment: 36 pages excluding reference. Game-theoretic Randomness for
Proof-of-Stake in MARBLE (2023
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers (Technical Report)
We consider the problem of verifying liveness for systems with a finite, but
unbounded, number of processes, commonly known as parameterised systems.
Typical examples of such systems include distributed protocols (e.g. for the
dining philosopher problem). Unlike the case of verifying safety, proving
liveness is still considered extremely challenging, especially in the presence
of randomness in the system. In this paper we consider liveness under arbitrary
(including unfair) schedulers, which is often considered a desirable property
in the literature of self-stabilising systems. We introduce an automatic method
of proving liveness for randomised parameterised systems under arbitrary
schedulers. Viewing liveness as a two-player reachability game (between
Scheduler and Process), our method is a CEGAR approach that synthesises a
progress relation for Process that can be symbolically represented as a
finite-state automaton. The method is incremental and exploits both
Angluin-style L*-learning and SAT-solvers. Our experiments show that our
algorithm is able to prove liveness automatically for well-known randomised
distributed protocols, including Lehmann-Rabin Randomised Dining Philosopher
Protocol and randomised self-stabilising protocols (such as the Israeli-Jalfon
Protocol). To the best of our knowledge, this is the first fully-automatic
method that can prove liveness for randomised protocols.Comment: Full version of CAV'16 pape
SoK: Public Randomness
Public randomness is a fundamental component in many cryptographic protocols and distributed systems and often plays a crucial role in ensuring their security, fairness, and transparency properties. Driven by the surge of interest in blockchain and cryptocurrency platforms and the usefulness of such component in those areas, designing secure protocols to generate public randomness in a distributed manner has received considerable attention in recent years. This paper presents a systematization of knowledge on the topic of public randomness with a focus on cryptographic tools providing public verifiability and key themes underlying these systems. We provide concrete insights on how state-of-the-art protocols achieve this task efficiently in an adversarial setting and present various research gaps that may be suitable for future research
SoK: Distributed Randomness Beacons
Motivated and inspired by the emergence of blockchains, many new protocols have recently been proposed for generating publicly verifiable randomness in a distributed yet secure fashion. These protocols work under different setups and assumptions, use various cryptographic tools, and entail unique trade-offs and characteristics. In this paper, we systematize the design of distributed randomness beacons (DRBs) as well as the cryptographic building blocks they rely on. We evaluate protocols on two key security properties, unbiasability and unpredictability, and discuss common attack vectors for predicting or biasing the beacon output and the countermeasures employed by protocols. We also compare protocols by communication and computational efficiency. Finally, we provide insights on the applicability of different protocols in various deployment scenarios and highlight possible directions for further research
- …