Abstract
Broadcast is an essential primitive for secure computation. We focus in this paper on optimal resilience (i.e., when the number of corrupted parties t is less than a third of the computing parties n), and with no setup or cryptographic assumptions.
While broadcast with worst case t rounds is impossible, it has been shown [Feldman and Micali STOC’88, Katz and Koo CRYPTO’06] how to construct protocols with expected constant number of rounds in the private channel model. However, those constructions have large communication complexity, specifically \({\mathcal {O}}(n^2L+n^6\log n)\) expected number of bits transmitted for broadcasting a message of length L. This leads to a significant communication blowup in secure computation protocols in this setting.
In this paper, we substantially improve the communication complexity of broadcast in constant expected time. Specifically, the expected communication complexity of our protocol is \({\mathcal {O}}(nL+n^4\log n)\). For messages of length \(L=\varOmega (n^3 \log n)\), our broadcast has no asymptotic overhead (up to expectation), as each party has to send or receive \({\mathcal {O}}(n^3 \log n)\) bits. We also consider parallel broadcast, where n parties wish to broadcast L bit messages in parallel. Our protocol has no asymptotic overhead for \(L=\varOmega (n^2\log n)\), which is a common communication pattern in perfectly secure MPC protocols. For instance, it is common that all parties share their inputs simultaneously at the same round, and verifiable secret sharing protocols require the dealer to broadcast a total of \({\mathcal {O}}(n^2\log n)\) bits.
As an independent interest, our broadcast is achieved by a packed verifiable secret sharing, a new notion that we introduce. We show a protocol that verifies \({\mathcal {O}}(n)\) secrets simultaneously with the same cost of verifying just a single secret. This improves by a factor of n the state-of-the-art.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Broadcast extension protocols handle long messages efficiently at the cost of a small number of single-bit broadcasts.
- 2.
Using broadcast extension of [46] we can bring the asymptotic cost to \({\mathcal {O}}(nL)+E({\mathcal {O}}(n^7\log {n}))\) bits. However, the minimum message size to achieve this \(L = \varOmega (n^6\log {n})\). This is prohibitively high even for \(n = 100\).
- 3.
In fact, in each round of the protocol, each party performs \({\mathcal {O}}(n)\) verifiable secret sharings (VSSs), i.e., it has to broadcast \({\mathcal {O}}(n^3 \log n)\) bits. In [2] it has been shown how to reduce it to \({\mathcal {O}}(1)\) VSSs per party, i.e., each party might have to broadcast \({\mathcal {O}}(n^2 \log n)\).
- 4.
We call a bivariate polynomial where the degree in x is 2t and in y is t, i.e., \(S(x,y)=\sum _{i=0}^{2t}\sum _{j=0}^{t}a_{i,j}x^iy^j\) as a (2t, t)-bivariate polynomial.
- 5.
The \(\textsf{happy}\) bits will be used later for Multi-Moderated VSS in Sect. 6.
References
Aws latency monitoring. https://www.cloudping.co/grid. Accessed February 2022
Abraham, I., Asharov, G., Yanai, A.: Efficient perfectly secure computation with optimal resilience. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13043, pp. 66–96. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90453-1_3
Abraham, I., Devadas, S., Dolev, D., Nayak, K., Ren, L.: Synchronous byzantine agreement with expected O(1) rounds, expected \(O(n^2)\) communication, and optimal resilience. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 320–334. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_20
Abraham, I., Nayak, K.: Crusader agreement with \(\le 1/3\) error is impossible for \(n \le 3f\) if the adversary can simulate. Decentralized Thoughts, Blog Post (2021). https://tinyurl.com/decentralizedthougts. Accessed Sept 2021
Applebaum, B., Kachlon, E., Patra, A.: The round complexity of perfect MPC with active security and optimal resiliency. In: FOCS (2020)
Asharov, G., Cohen, R., Shochat, O.: Static vs. adaptive security in perfect MPC: a separation and the adaptive security of BGW. In: Conference on Information-Theoretic Cryptography - ITC 2022. (To Appear) (2022)
Asharov, G., Lindell, Y.: A full proof of the bgw protocol for perfectly secure multiparty computation. J. Cryptol. 30(1), 58–151 (2017). https://doi.org/10.1007/s00145-015-9214-4
Asharov, G., Lindell, Y., Rabin, T.: Perfectly-secure multiplication for any t \(<\) n/3. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 240–258. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-22792-9_14
Beerliová-Trubíniová, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 213–230. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_13
Ben-Or, M.: Another advantage of free choice: completely asynchronous agreement protocols (extended abstract). In: PODC (1983)
Ben-Or, M., El-Yaniv, R.: Resilient-optimal interactive consistency in constant time. Distrib. Comput. 16, 249–262 (2003). https://doi.org/10.1007/s00446-002-0083-3
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: ACM Symposium on Theory of Computing (1988)
Berman, P., Garay, J.A., Perry, K.J.: Bit optimal distributed consensus. In: Baeza-Yates, R., Manber, U. (eds.) Computer Science. Springer, Boston (1992)
Canetti, R.: Asynchronous secure computation. Technion - Computer Science Department - Technical report (1993)
Canetti, R.: Studies in secure multiparty computation and applications. Ph.D. thesis, Citeseer (1996)
Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000). https://doi.org/10.1007/s001459910006
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS (2001)
Canetti, R., Damgaard, I., Dziembowski, S., Ishai, Y., Malkin, T.: On adaptive vs. non-adaptive security of multiparty protocols. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 262–279. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_17
Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: ACM Symposium on Theory of Computing (1988)
Chen, J.: Optimal error-free multi-valued byzantine agreement. In: DISC (2021)
Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: 26th Annual Symposium on Foundations of Computer Science (1985)
Coan, B.A., Welch, J.L.: Modular construction of nearly optimal byzantine agreement protocols. In: ACM Symposium on Principles of Distributed Computing (1989)
Cohen, R., Coretti, S., Garay, J., Zikas, V.: Probabilistic termination and composability of cryptographic protocols. J. Cryptology 32(3), 690–741 (2018). https://doi.org/10.1007/s00145-018-9279-y
Cramer, R., Damgård, I., Maurer, U.: General secure multi-party computation from any linear secret-sharing scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 316–334. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_22
Damgård, I., David, B., Giacomelli, I., Nielsen, J.B.: Compact VSS and efficient homomorphic UC commitments. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 213–232. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_12
Das, S., Xiang, Z., Ren, L.: Asynchronous data dissemination and its applications. In: ACM CCS Conference on Computer and Communications Security (2021)
Dolev, D., Reischuk, R.: Bounds on information exchange for byzantine agreement. In: Symposium on Principles of Distributed Computing (1982)
Dolev, D., Reischuk, R.: Bounds on information exchange for byzantine agreement. J. ACM (JACM) 32(1), 191–204 (1985)
Feldman, P., Micali, S.: Optimal algorithms for byzantine agreement. In: ACM Symposium on Theory of Computing (1988)
Feldman, P.N.: Optimal Algorithms for Byzantine Agreement. Ph.D. thesis, Massachusetts Institute of Technology (1988)
Feldman, P., Micali, S.: An optimal probabilistic protocol for synchronous byzantine agreement. SIAM J. Comput. 26(4), 873–933 (1997)
Fischer, M.J., Lynch, N.A.: A lower bound for the time to assure interactive consistency. Information Processing Letters (1982)
Fitzi, M., Garay, J.A.: Efficient player-optimal protocols for strong and differential consensus. In: PODC (2003)
Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: ACM Symposium on Theory of Computing (1992)
Ganesh, C., Patra, A.: Optimal extension protocols for byzantine broadcast and agreement. Distrib. Comput. 34, 59–77 (2021). https://doi.org/10.1007/s00446-020-00384-1
Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: The round complexity of verifiable secret sharing and secure multicast. In: STOC (2001)
Gennaro, R., Rabin, M.O., Rabin, T.: Simplified vss and fast-track multiparty computations with applications to threshold cryptography. In: PODC (1998)
Goldreich, O., Petrank, E.: The best of both worlds: guaranteeing termination in fast randomized byzantine agreement protocols. Inf. Process. Lett. 36(1), 45–49 (1990)
Goyal, V., Liu, Y., Song, Y.: Communication-efficient unconditional mpc with guaranteed output delivery. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 85–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_4
Hirt, M., Maurer, U., Przydatek, B.: Efficient secure multi-party computation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 143–161. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_12
Katz, J., Koo, C.-Y.: On expected constant-round protocols for byzantine agreement. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 445–462. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_27
Katz, J., Koo, C.-Y., Kumaresan, R.: Improving the round complexity of VSS in point-to-point networks. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 499–510. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_41
Kushilevitz, E., Lindell, Y., Rabin, T.: Information-theoretically secure protocols and security under composition. In: STOC (2006)
Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4, 382–401 (1982)
Lindell, Y., Lysyanskaya, A., Rabin, T.: Sequential composition of protocols without simultaneous termination. In: PODC (2002)
Nayak, K., Ren, L., Shi, E., Vaidya, N.H., Xiang, Z.: Improved extension protocols for byzantine broadcast and agreement. arXiv preprint. arXiv:2002.11321 (2020)
Patra, A.: Error-free multi-valued broadcast and byzantine agreement with optimal communication complexity. In: Fernàndez Anta, A., Lipari, G., Roy, M. (eds.) OPODIS 2011. LNCS, vol. 7109, pp. 34–49. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25873-2_4
Pease, M., Shostak, R., Lamport, L.: Reaching agreement in the presence of faults. J. ACM (JACM) 27(2), 228–234 (1980)
Rabin, M.O.: Randomized byzantine generals. In: Symposium on Foundations of Computer Science (1983)
Shrestha, N., Bhat, A., Kate, A., Nayak, K.: Synchronous distributed key generation without broadcasts. IACR Cryptology ePrint Archive (2021)
Turpin, R., Coan, B.A.: Extending binary byzantine agreement to multivalued byzantine agreement. Inf. Process. Lett. 18(2), 73–76 (1984)
Acknowledgements
Gilad Asharov is sponsored by the Israel Science Foundation (grant No. 2439/20), by JPM Faculty Research Award, by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office, and by the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 891234. Shravani Patil would like to acknowledge the support of DST National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS) 2020-2025. Arpita Patra would like to acknowledge the support of DST National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS) 2020-2025, Google India Faculty Award, and SERB MATRICS (Theoretical Sciences) Grant 2020-2023.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Abraham, I., Asharov, G., Patil, S., Patra, A. (2022). Asymptotically Free Broadcast in Constant Expected Time via Packed VSS. In: Kiltz, E., Vaikuntanathan, V. (eds) Theory of Cryptography. TCC 2022. Lecture Notes in Computer Science, vol 13747. Springer, Cham. https://doi.org/10.1007/978-3-031-22318-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-22318-1_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22317-4
Online ISBN: 978-3-031-22318-1
eBook Packages: Computer ScienceComputer Science (R0)