5 research outputs found
Universally Composable Simultaneous Broadcast against a Dishonest Majority and Applications
Simultaneous broadcast (SBC) protocols, introduced in [Chor et al., FOCS 1985], constitute a special class of broadcast channels which, besides consistency, guarantee that all senders broadcast their messages independently of the messages broadcast by other parties. SBC has proved extremely useful in the design of various distributed computing constructions (e.g., multiparty computation, coin flipping, electronic voting, fair bidding). As with any communication channel, it is crucial that SBC security is composable, i.e., it is preserved under concurrent protocol executions. The work of [Hevia, SCN 2006] proposes a formal treatment of SBC in the state-of-the-art Universal Composability (UC) framework [Canetti, FOCS 2001] and a construction secure assuming an honest majority.
In this work, we provide a comprehensive revision of SBC in the UC setting and improve the results of [Hevia, SCN 2006]. In particular, we present a new SBC functionality that captures both simultaneity and liveness by considering a broadcast period such that (i) within this period all messages are broadcast independently and (ii) after the period ends, the session is terminated without requiring full participation of all parties. Next, we employ time-lock encryption (TLE) over a standard broadcast channel to devise an SBC protocol that realizes our functionality against any adaptive adversary corrupting up to all-but-one parties. In our study, we capture synchronicity via a global clock [Katz et al., TCC 2013], thus lifting the restrictions of the original synchronous communication setting used in [Hevia, SCN 2006]. As a building block of independent interest, we prove the first TLE protocol that is adaptively secure in the UC setting, strengthening the main result of [Arapinis et al., ASIACRYPT 2021].
Finally, we formally exhibit the power of our SBC construction in the design of UC-secure applications by presenting two interesting use cases: (i) distributed generation of uniform random strings, and (ii) decentralized electronic voting systems, without the presence of a special trusted party
Adaptively Secure Broadcast
A broadcast protocol allows a sender to distribute a message through a
point-to-point network to a set of parties, such that (i) all parties
receive the same message, even if the sender is corrupted, and (ii) this is
the sender\u27s message, if he is honest.
Broadcast protocols satisfying these properties are known to exist if and
only if , where denotes the total number of parties, and
denotes the maximal number of corruptions. When a setup allowing signatures
is available to the parties, then such protocols exist even for .
Broadcast is the probably most fundamental primitive in distributed
cryptography, and is used in almost any cryptographic (multi-party)
protocol. However, a broadcast protocol ``only\u27\u27 satisfying the above
properties might be insecure when being used in the context of another
protocol. In order to be safely usable within other protocols, a broadcast
protocol must satisfy a simulation-based security notion, which is secure
under composition.
In this work, we show that most broadcast protocols in the literature do
not satisfy a (natural) simulation-based security notion. We do not know of
any broadcast protocol which could be securely invoked in a multi-party
computation protocol in the secure-channels model. The problem is that
existing protocols for broadcast do not preserve the secrecy of the message
while being broadcasted, and in particular allow the adversary to corrupt
the sender (and change the message), depending on the message being
broadcasted. For example, when every party should broadcast a random bit,
the adversary could corrupt those parties that want to broadcast 0, and
make them broadcast 1.
More concretely, we show that simulatable broadcast in a model with secure
channels is possible if and only if , respectively when
a signature setup is available. The positive results are proven by
constructing secure broadcast protocols
Broadcast and Verifiable Secret Sharing: New Security Models and Round Optimal Constructions
Broadcast and verifiable secret sharing (VSS) are central building blocks for secure multi-party computation. These protocols are required to be resilient against a Byzantine adversary who controls at most t out of the n parties running the protocol. In this dissertation, we consider the design of fault-tolerant protocols for broadcast and verifiable secret sharing with stronger security guarantees and improved round complexity.
Broadcast allows a party to send the same message to all parties, and all parties are assured they have received identical messages. Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct broadcast protocols tolerating any number of corrupted parties. We address two important issues related to broadcast: (1) Almost all existing protocols do not distinguish between corrupted parties (who do not follow the protocol) and honest parties whose secret (signing) keys have been compromised (but who continue to behave honestly); (2) all existing protocols for broadcast are insecure against an adaptive adversary who can choose which parties to corrupt as the protocol progresses. We propose new security models that capture these issues, and present tight feasibility and impossibility results.
In the problem of verifiable secret sharing, there is a designated player who shares a secret during an initial sharing phase such that the secret is hidden from an adversary that corrupts at most t parties. In a subsequent reconstruction phase of the protocol, a unique secret, well-defined by the view of honest players in the sharing phase, is reconstructed. The round complexity of VSS protocols is a very important metric of their efficiency. We show two improvements regarding the round complexity of information-theoretic VSS. First, we construct an efficient perfectly secure VSS protocol tolerating t < n/3 corrupted parties that is simultaneously optimal in both the number of rounds and the number of invocations of broadcast. Second, we construct a statistically secure VSS protocol tolerating t < n/2 corrupted parties that has optimal round complexity, and an efficient statistical VSS protocol tolerating t < n/2 corrupted parties that requires one additional round
Universally Composable Simultaneous Broadcast against a Dishonest Majority and Applications
Simultaneous broadcast (SBC) protocols [Chor et al., FOCS 1985] constitute a
special class of broadcast channels which have proved extremely useful in the
design of various distributed computing constructions (e.g., multiparty
computation, coin flipping, e-voting, fair bidding). As with any communication
channel, it is crucial that SBC security is composable, i.e., it is preserved
under concurrent protocol executions. The work of [Hevia, SCN 2006] proposes a
formal treatment of SBC in the Universal Composability (UC) framework [Canetti,
FOCS 2001] and a construction secure assuming an honest majority. In this work,
we provide a comprehensive revision of SBC in the UC setting and improve the
results of [Hevia, SCN 2006]. In particular, we present a new SBC functionality
that captures both simultaneity and liveness by considering a broadcast period
such that (i) within this period all messages are broadcast independently and
(ii) after the period ends, the session is terminated without requiring
participation of all parties. Next, we employ time-lock encryption (TLE) over a
standard broadcast channel to devise an SBC protocol that realizes our
functionality against any adaptive adversary corrupting up to all-but-one
parties. In our study, we capture synchronicity via a global clock [Katz et
al., TCC 2013], thus lifting the restrictions of the original synchronous
communication setting used in [Hevia, SCN 2006]. As a building block of
independent interest, we prove the first TLE protocol that is adaptively secure
in the UC setting, strengthening the main result of [Arapinis et al., ASIACRYPT
2021]. Finally, we formally exhibit the power of our SBC construction in the
design of UC-secure applications by presenting two interesting use cases: (i)
distributed generation of uniform random strings, and (ii) decentralized
electronic voting systems, without the presence of a special trusted party