Efficient UC Commitment Extension with Homomorphism for Free (and Applications)

Homomorphic universally composable (UC) commitments allow for the sender to reveal the result of additions and multiplications of values contained in commitments without revealing the values themselves while assuring the receiver of the correctness of such computation on committed values. In this work, we construct essentially optimal additively homomorphic UC commitments from any (not necessarily UC or homomorphic) extractable commitment. We obtain amortized linear computational complexity in the length of the input messages and rate 1. Next, we show how to extend our scheme to also obtain multiplicative homomorphism at the cost of asymptotic optimality but retaining low concrete complexity for practical parameters. While the previously best constructions use UC oblivious transfer as the main building block, our constructions only require extractable commitments and PRGs, achieving better concrete efficiency and offering new insights into the sufficient conditions for obtaining homomorphic UC commitments. Moreover, our techniques yield public coin protocols, which are compatible with the Fiat-Shamir heuristic. These results come at the cost of realizing a restricted version of the homomorphic commitment functionality where the sender is allowed to perform any number of commitments and operations on committed messages but is only allowed to perform a single batch opening of a number of commitments. Although this functionality seems restrictive, we show that it can be used as a building block for more efficient instantiations of recent protocols for secure multiparty computation and zero knowledge non-interactive arguments of knowledge

Insured MPC: Efficient Secure Computation with Financial Penalties

Fairness in Secure Multiparty Computation (MPC) is known to be impossible to achieve in the presence of a dishonest majority. Previous works have proposed combining MPC protocols with Cryptocurrencies in order to financially punish aborting adversaries, providing an incentive for parties to honestly follow the protocol. This approach also yields privacy-preserving Smart Contracts, where private inputs can be processed with MPC in order to determine the distribution of funds given to the contract. The focus of existing work is on proving that this approach is possible and unfortunately they present monolithic and mostly inefficient constructions. In this work, we put forth the first modular construction of ``Insured MPC\u27\u27, where either the output of the private computation (which describes how to distribute funds) is fairly delivered or a proof that a set of parties has misbehaved is produced, allowing for financial punishments. Moreover, both the output and the proof of cheating are publicly verifiable, allowing third parties to independently validate an execution. We present a highly efficient compiler that uses any MPC protocol with certain properties together with a standard (non-private) Smart Contract and a publicly verifiable homomorphic commitment scheme to implement Insured MPC. As an intermediate step, we propose the first construction of a publicly verifiable homomorphic commitment scheme achieving composability guarantees and concrete efficiency. Our results are proven in the Global Universal Composability framework using a Global Random Oracle as the setup assumption. From a theoretical perspective, our general results provide the first characterization of sufficient properties that MPC protocols must achieve in order to be efficiently combined with Cryptocurrencies, as well as insights into publicly verifiable protocols. On the other hand, our constructions have highly efficient concrete instantiations, allowing for fast implementations

ALBATROSS: Publicly AttestabLe BATched Randomness Based On Secret Sharing

In this paper we present ALBATROSS, a family of multiparty randomness generation protocols with guaranteed output delivery and public verification that allows to trade off corruption tolerance for a much improved amortized computational complexity. Our basic stand alone protocol is based on publicly verifiable secret sharing (PVSS) and is secure under in the random oracle model under the decisional Diffie-Hellman (DDH) hardness assumption. We also address the important issue of constructing Universally Composable randomness beacons, showing two UC versions of Albatross: one based on simple UC NIZKs and another one based on novel efficient ``designated verifier\u27\u27 homomorphic commitments. Interestingly this latter version can be instantiated from a global random oracle under the weaker Computational Diffie-Hellman (CDH) assumption. An execution of ALBATROSS with $n$ parties, out of which up to $t=(1/2-\epsilon)\cdot n$ are corrupt for a constant $\epsilon>0$, generates $\Theta(n^2)$ uniformly random values, requiring in the worst case an amortized cost per party of $\Theta(\log n)$ exponentiations per random value. We significantly improve on the SCRAPE protocol (Cascudo and David, ACNS 17), which required $\Theta(n^2)$ exponentiations per party to generate one uniformly random value. This is mainly achieved via two techniques: first, the use of packed Shamir secret sharing for the PVSS; second, the use of linear $t$-resilient functions (computed via a Fast Fourier Transform-based algorithm) to improve the randomness extraction

Insetos em presépios e as "formigas vestidas" de Jules Martin (1832-1906): uma curiosa manufatura paulistana do final do século XIX

Encontrados no Brasil desde os primórdios da colonização portuguesa, os presépios logo tiveram de adaptar-se à realidade local, circunstância muito propícia ao aparecimento de concepções heterodoxas e ao emprego de elementos exóticos da fauna e flora de cada região. Como registros envolvendo insetos são muito pouco comuns, chama a atenção que fêmeas de saúva, Atta sp. (Hymenoptera, Formicidae), tenham sido aproveitadas na composição de presépios no estado de São Paulo. Tendo subsistido pelo menos até a década 1960, os "presépios de formigas" existentes em cidades como Embu das Artes poderiam estar relacionados às "formigas vestidas" criadas por Jules Martin, curiosa manufatura paulistana do último quartel do século XIX.Present in Brazil since the beginning of Portuguese colonization, crèche nativity scenes were soon adapted to local reality, a propitious circumstance for the appearance of heterodox conceptions and the use of exotic elements of the fauna and flora peculiar to each region. As records about insects are very uncommon, it is noteworthy that females of leaf-cutting ants, Atta sp. (Hymenoptera, Formicidae), were used to compose crèche nativity scenes in São Paulo State. Having subsisted at least up to the decade of 1960, the "ant crèches" of cities such as Embu das Artes could be related to the then famous "dressed ants" created by Jules Martin, a curious manufacture of the city of São Paulo in the last quarter of the 19th century

Evolving Ramp Secret Sharing with a Small Gap

Evolving secret-sharing schemes, introduced by Komargodski, Naor, and Yogev (TCC 2016b), are secret-sharing schemes in which there is no a-priory upper bound on the number of parties that will participate. The parties arrive one by one and when a party arrives the dealer gives it a share; the dealer cannot update this share when other parties arrive. Motivated by the fact that when the number of parties is known, ramp secret-sharing schemes are more efficient than threshold secret-sharing schemes, we study evolving ramp secret-sharing schemes. Specifically, we study evolving $(b(j),g(j))$-ramp secret-sharing schemes, where $g,b: N \to N$ are non-decreasing functions. In such schemes, any set of parties that for some $j$ contains $g(j)$ parties from the first parties that arrive can reconstruct the secret, and any set such that for every $j$ contains less than $b(j)$ parties from the first parties that arrive cannot learn any information about the secret. We focus on the case that the gap is small, namely $g(j)-b(j)=j^{\beta}$ for $0<\beta<1$. We show that there is an evolving ramp secret-sharing scheme with gap $t^{\beta}$, in which the share size of the $j$-th party is $\tilde{O}(j^{4-\frac{1}{\log^2 {1/\beta}}})$. Furthermore, we show that our construction results in much better share size for fixed values of $\beta$, i.e., there is an evolving ramp secret-sharing scheme with gap $\sqrt{t}$, in which the share size of the $j$-th party is $\tilde{O}(j)$. Our construction should be compared to the best known evolving $g(j)$-threshold secret-sharing schemes (i.e., when $b(j)=g(j)-1$) in which the share size of the $j$-th party is $\tilde{O}(j^4)$. Thus, our construction offers a significant improvement for every constant $\beta$, showing that allowing a gap between the sizes of the authorized and unauthorized sets can reduce the share size. In addition, we present an evolving $(k/2,k)$-ramp secret-sharing scheme for a constant $k$ (which can be very big), where any set of parties of size at least $k$ can reconstruct the secret and any set of parties of size at most $k/2$ cannot learn any information about the secret. The share size of the $j$-th party in our construction is $O(\log k\log j)$. This is an improvement over the best known evolving $k$-threshold secret-sharing schemes in which the share size of the $j$-th party is $O(k\log j)$

Blackbox secret sharing revisited: A coding-theoretic approach with application to expansionless near-threshold schemes

A blackbox secret sharing (BBSS) scheme works in exactly the same way for all finite Abelian groups G; it can be instantiated for any such group G and only black-box access to its group operations and to random group elements is required. A secret is a single group element and each of the n players’ shares is a vector of such elements. Share-computation and secret-reconstruction is by integer linear combinations. These do not depend on G, and neither do the privacy and reconstruction parameters t, r. This classical, fundamental primitive was introduced by Desmedt and Frankel (CRYPTO 1989) in their context of “threshold cryptography.” The expansion factor is the total number of group elements in a full sharing divided by n. For threshold BBSS with t-privacy (Formula presented)-reconstruction and arbitrary n, constructions with minimal expansion (Formula presented) exist (CRYPTO 2002, 2005). These results are firmly rooted in number theory; each makes (different) judicious choices of orders in number fields admitting a vector of elements of very large length (in the number field degree) whose corresponding Vandermonde-determinant is sufficiently controlled so as to enable BBSS by a suitable adaptation of Shamir’s scheme. Alternative approaches generally lead to very large expansion. The state of the art of BBSS has not changed for the last 17 years. Our contributions are two-fold. (1) We introduce a novel, nontrivial, effective construction of BBSS based on coding theory instead of number theory. For threshold-BBSS we also achieve minimal expansion factor O(log n).(2) Our method is more versatile. Namely, we show, for the first time, BBSS that is near-threshold, i.e., r-t is an arbitrarily small constant fraction of n, and that has expansion factor O(1), i.e., individual share-vectors of constant length (“asymptotically expansionless”). Threshold can be concentrated essentially freely across full range. We also show expansion is minimal for near-threshold and that such BBSS cannot be attained by previous methods. Our general construction is based on a well-known mathematical principle, the local-global principle. More precisely, we first construct BBSS over local rings through either Reed-Solomon or algebraic geometry codes. We then “glue” these schemes together in a dedicated manner to obtain a global secret sharing scheme, i.e., defined over the integers, which, as we finally prove using novel insights, has the desired BBSS properties. Though our main purpose here is advancing BBSS for its own sake, we also briefly address possible protocol applications

Communication Lower Bounds for Statistically Secure MPC, with or without Preprocessing

We prove a lower bound on the communication complexity of unconditionally secure multiparty computation, both in the standard model with $n=2t+1$ parties of which $t$ are corrupted, and in the preprocessing model with $n=t+1$. In both cases, we show that for any $g \in \mathbb{N}$ there exists a Boolean circuit $C$ with $g$ gates, where any secure protocol implementing $C$ must communicate $\Omega(n g)$ bits, even if only passive and statistical security is required. The results easily extends to constructing similar circuits over any fixed finite field. This shows that for all sizes of circuits, the $O(n)$ overhead of all known protocols when $t$ is maximal is inherent. It also shows that security comes at a price: the circuit we consider could namely be computed among $n$ parties with communication only $O(g)$ bits if no security was required. Our results extend to the case where the threshold $t$ is suboptimal. For the honest majority case, this shows that the known optimizations via packed secret-sharing can only be obtained if one accepts that the threshold is $t= (1/2 - c)n$ for a constant $c$. For the honest majority case, we also show an upper bound that matches the lower bound up to a constant factor (existing upper bounds are a factor $\log n$ off for Boolean circuits)

Bird-spiders (Arachnida, Mygalomorphae) as perceived by the inhabitants of the village of Pedra Branca, Bahia State, Brazil

This paper deals with the conceptions, knowledge and attitudes of the inhabitants of the county of Pedra Branca, Bahia State, on mygalomorph spiders locally known as 'caranguejeiras' (bird-spiders). It is launched here a new filed within ethnozoology: ethnoarachnology, which is defined as the transdisciplinary study of the relationships between human beings and bird-spiders. Data were collected from February to June 2005 by means of open-ended interviews carried out with 30 individuals, which ages ranged from 13 to 86 years old. It was recorded some traditional knowledge regarding the following items: taxonomy, biology, habitat, ecology, seasonality, and behavior. Results show that bird-spiders are classified as "insects". The most commented aspect of the interaction between bird-spiders and inhabitants of Pedra Branca is related to their dangerousness, since they said these spiders are very venomous and can cause health problems. In general, the traditional zoological knowledge of Pedra Branca's inhabitants concerning these spiders is coherent with the academic knowledge