A Quantum solution to the Byzantine agreement problem

We present a solution to an old and timely problem in distributed computing. Like Quantum Key Distribution (QKD), quantum channels make it possible to achieve taks classically impossible. However, unlike QKD, here the goal is not secrecy but agreement, and the adversary is not outside but inside the game, and the resources require qutrits.Comment: 4 pages, 1 figur

Multipartite Continuous Variable Solution for the Byzantine Agreement Problem

We demonstrate that the Byzantine Agreement (detectable broadcast) is also solvable in the continuous-variable scenario with multipartite entangled Gaussian states and Gaussian operations (homodyne detection). Within this scheme we find that Byzantine Agreement requires a minimum amount of entanglement in the multipartite states used in order to achieve a solution. We discuss realistic implementations of the protocol, which consider the possibility of having inefficient homodyne detectors, not perfectly correlated outcomes, and noise in the preparation of the resource states. The proposed protocol is proven to be robust and efficiently applicable under such non-ideal conditions.Comment: This paper supersedes and extends arXiv:quant-ph/0507249, title changed to match the published version, 11 pages, 3 figures, published versio

Solving the liar detection problem using the four-qubit singlet state

A method for solving the Byzantine agreement problem [M. Fitzi, N. Gisin, and U. Maurer, Phys. Rev. Lett. 87, 217901 (2001)] and the liar detection problem [A. Cabello, Phys. Rev. Lett. 89, 100402 (2002)] is introduced. The main advantages of this protocol are that it is simpler and is based on a four-qubit singlet state already prepared in the laboratory.Comment: REVTeX4, 4 page

On the Communication Complexity of Secure Computation

Information theoretically secure multi-party computation (MPC) is a central primitive of modern cryptography. However, relatively little is known about the communication complexity of this primitive. In this work, we develop powerful information theoretic tools to prove lower bounds on the communication complexity of MPC. We restrict ourselves to a 3-party setting in order to bring out the power of these tools without introducing too many complications. Our techniques include the use of a data processing inequality for residual information - i.e., the gap between mutual information and G\'acs-K\"orner common information, a new information inequality for 3-party protocols, and the idea of distribution switching by which lower bounds computed under certain worst-case scenarios can be shown to apply for the general case. Using these techniques we obtain tight bounds on communication complexity by MPC protocols for various interesting functions. In particular, we show concrete functions that have "communication-ideal" protocols, which achieve the minimum communication simultaneously on all links in the network. Also, we obtain the first explicit example of a function that incurs a higher communication cost than the input length in the secure computation model of Feige, Kilian and Naor (1994), who had shown that such functions exist. We also show that our communication bounds imply tight lower bounds on the amount of randomness required by MPC protocols for many interesting functions.Comment: 37 page

Detecting genuine multipartite continuous-variable entanglement

We derive necessary conditions in terms of the variances of position and momentum linear combinations for all kinds of separability of a multi-party multi-mode continuous-variable state. Their violations can be sufficient for genuine multipartite entanglement, provided the combinations contain both conjugate variables of all modes. Hence a complete state determination, for example by detecting the entire correlation matrix of a Gaussian state, is not needed.Comment: 13 pages, 3 figure

Greenberger-Horne-Zeilinger-like proof of Bell's theorem involving observers who do not share a reference frame

Vaidman described how a team of three players, each of them isolated in a remote booth, could use a three-qubit Greenberger-Horne-Zeilinger state to always win a game which would be impossible to always win without quantum resources. However, Vaidman's method requires all three players to share a common reference frame; it does not work if the adversary is allowed to disorientate one player. Here we show how to always win the game, even if the players do not share any reference frame. The introduced method uses a 12-qubit state which is invariant under any transformation $R_a \otimes R_b \otimes R_c$ (where $R_a = U_a \otimes U_a \otimes U_a \otimes U_a$, where $U_j$ is a unitary operation on a single qubit) and requires only single-qubit measurements. A number of further applications of this 12-qubit state are described.Comment: REVTeX4, 6 pages, 1 figur

Communication-Efficient MPC for General Adversary Structures

Abstract. A multiparty computation (MPC) protocol allows a set of players to compute a function of their inputs while keeping the inputs private and at the same time securing the correctness of the output. Most MPC protocols assume that the adversary can corrupt up to a fixed fraction of the number of players. Hirt and Maurer initiated the study of MPC under more general corruption patterns, in which the adversary is allowed to corrupt any set of players in some pre-defined collection of sets [6]. In this paper we consider this important direction of research and present significantly improved communication complexity of MPC protocols for general adversary structures. More specifically, ours is the first unconditionally secure protocol that achieves linear communication in the size of multiplicative Monotone Span Program representing the adversary structure in the malicious setting against any Q2 adversary structure, whereas all previous protocols were at least cubic

Hydra: Fast Isomorphic State Channels

State channels are an attractive layer-two solution for improving the throughput and latency of blockchains. They offer optimistic offchain settlement of payments and expedient offchain evolution of smart contracts between multiple parties without imposing any additional assumptions beyond those of the underlying blockchain. In the case of disputes, or if a party fails to respond, cryptographic evidence collected in the offchain channel is used to settle the last confirmed state onchain, such that in-progress contracts can be continued under mainchain consensus. A serious disadvantage present in current layer-two state channel protocols is that existing layer-one smart contract infrastructure and contract code cannot be reused offchain without change. In this paper, we introduce Hydra, an isomorphic multi-party state channel. Hydra simplifies offchain protocol and smart contract development by directly adopting the layer-one smart contract system, in this way allowing the same code to be used both on- and offchain. Taking advantage of the extended UTxO model, we develop a fast off-chain protocol for evolution of Hydra heads (our isomorphic state channels) that has smaller round complexity than all previous proposals and enables the state channel processing to advance on-demand, concurrently and asynchronously. We establish strong security properties for the protocol, and we present and evaluate extensive simulation results that demonstrate that Hydra approaches the physical limits of the network in terms of transaction confirmation time and throughput while keeping storage requirements at the lowest possible. Finally, our experimental methodology may be of independent interest in the general context of evaluating consensus protocols

MPC with Synchronous Security and Asynchronous Responsiveness

Two paradigms for secure MPC are synchronous and asynchronous protocols. While synchronous protocols tolerate more corruptions and allow every party to give its input, they are very slow because the speed depends on the conservatively assumed worst-case delay $\Delta$ of the network. In contrast, asynchronous protocols allow parties to obtain output as fast as the actual network allows, a property called responsiveness, but unavoidably have lower resilience and parties with slow network connections cannot give input. It is natural to wonder whether it is possible to leverage synchronous MPC protocols to achieve responsiveness, hence obtaining the advantages of both paradigms: full security with responsiveness up to $t$ corruptions, and extended security (full security or security with unanimous abort) with no responsiveness up to $T \ge t$ corruptions. We settle the question by providing matching feasibility and impossibility results: -For the case of unanimous abort as extended security, there is an MPC protocol if and only if $T + 2t < n$. -For the case of full security as extended security, there is an MPC protocol if and only if $T < n/2$ and $T + 2t < n$. In particular, setting $t = n/4$ allows to achieve a fully secure MPC for honest majority, which in addition benefits from having substantial responsiveness

Secure MPC: Laziness Leads to GOD

Motivated by what we call honest but lazy‚ parties in the context of secure multi party computation, we revisit the notion of multi-key FHE schemes (MFHE). In MFHE, any message encrypted using a public key $pk_i$ can be expanded so that the resulting ciphertext is encrypted with respect to a set of public keys $(pk_1,..,pk_n)$. Such expanded ciphertexts can be homomorphically evaluated with respect to any circuit to generate a ciphertext $ct$. Then, this ciphertext $ct$ can be partially decrypted using a secret key $sk_i$ (corresponding to the public key $pk_i$) to produce a partial decryption $p_i$. Finally, these partial decryptions $\{p_{i}\}_{i\in [n]}$ can be combined to recover the output. However, this definition of MFHE works only for $n$-out-of-$n$ access structures and, thus, each node in the system is a point of failure. In the context of honest but lazy‚ parties, it is necessary to be able to decrypt even when only given a subset of partial decryptions (say $t$ out of $n$). In order to solve this problem, we introduce a new notion of multi-key FHE designed to handle arbitrary access patterns that can reconstruct the output. We call it a threshold multi-key FHE scheme (TMFHE). \\ Our main contributions are the following: We formally define and construct TMFHE for any access structure given by a monotone boolean formula, assuming LWE. We construct the first simulation-extractable multi-string NIZK from polynomially hard LWE. We use TMFHE and our multi-string NIZK to obtain the first round-optimal (three round) MPC protocol in the plain model with guaranteed output delivery secure against malicious adversaries or, more generally, mixed adversaries (which supports honest but lazy‚ parties), assuming LWE. Our MPC protocols simultaneously achieve security against the maximum number of corruptions under which guaranteed output delivery is achievable, depth-proportional communication complexity, and reusability