Matthias Fitzi scite author profile

Abstract. We show that if a set of players hold shares of a value a ∈ Fp for some prime p (where the set of shares is written [a]p), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharingsOur protocol is secure against active adversaries and works for any linear secret sharing scheme with a multiplication protocol. The complexity of our protocol is O( log ) invocations of the multiplication protocol for the underlying secret sharing scheme, carried out in O(1) rounds.This result immediately implies solutions to other long-standing open problems such as constant-rounds and unconditionally secure protocols for deciding whether a shared number is zero, comparing shared numbers, raising a shared number to a shared exponent and reducing a shared number modulo a shared modulus.

show abstract

Quantum Solution to the Byzantine Agreement Problem

Fitzi

2001

View full text Add to dashboard Cite

We present a solution to an old problem in distributed computing. In its simplest form, a sender has to broadcast some information to two receivers, but they have access only to pairwise communication channels. Unlike quantum key distribution, here the goal is not secrecy but agreement, and the adversary (one of the receivers or the sender himself) is not outside but inside the game. Using only classical channels this problem is provably impossible. The solution uses pairwise quantum channels and entangled qutrits.

show abstract

Efficient player-optimal protocols for strong and differential consensus

Fitzi

Garay²

2003

View full text Add to dashboard Cite

In this paper we consider the following two variants of the consensus problem. First, the strong consensus problem, where n players attempt to rea~:h agreement on a value initially held by one of the correct players, despite the (malicious) behavior of up to t of them. (Recall that in the standard version of the problem, the players are also required to decide on one of the correct players' input values, but only when they all start with the same value; otherwise, they can decide on a default.) Although the problem is closely related to the standard problem, the only known solution with the optimal number of players requires exponential computation and communication in the unconditional setting.Even though the decision would be a value originally held by a correct player, strong consensus allows for a decision value that is the least common among the correct players. We also formulate the 6-differential consensus problem, which specifies that the value agreed on must be of a certain plurality among the correct players --specifically, that the plurality of any other value cannot exceed the plurality of the decision value by more than 6.In this paper we study these problems, and present e~-cient protocols and tight lower bounds for several standard distributed computation models --unconditional, computational, synchronous, and asynchronous.

show abstract

Optimally efficient multi-valued byzantine agreement

Fitzi

Hirt

2006

View full text Add to dashboard Cite

All known protocols for Byzantine agreement (BA) among n players require the message to be communicated at least Ω(n 2 ) times, which results in an overall communication complexity of at least Ω( n 2 ) bits for an -bit message. We present the first BA protocol in which the message is communicated only O(n) times (the hidden factor is less than 2). More concretely, for a given synchronous broadcast protocol which communicates B(b) bits for reaching agreement on a b-bit message with security parameter κ, our construction yields a synchronous BA protocol with communication complexity O( n + nB(n + κ)) bits. Our reduction is information theoretically secure and tolerates up to t < n/2 corrupted players, which is optimal for the consensus variant of BA. Although this resilience is not optimal for the broadcast (Byzantine generals) variant, it is sufficient for most distributed applications that involve BA protocols since they typically require t < n/2.

show abstract

Towards Optimal and Efficient Perfectly Secure Message Transmission

Fitzi

Franklin

Garay³

et al.

View full text Add to dashboard Cite

Abstract. Perfectly secure message transmission (PSMT), a problem formulated by Dolev, Dwork, Waarts and Yung, involves a sender S and a recipient R who are connected by n synchronous channels of which up to t may be corrupted by an active adversary. The goal is to transmit, with perfect security, a message from S to R. PSMT is achievable if and only if n > 2t.For the case n > 2t, the lower bound on the number of communication rounds between S and R required for PSMT is 2, and the only known efficient (i.e., polynomial in n) two-round protocol involves a communication complexity of O(n 3 ) bits, where is the length of the message. A recent solution by Agarwal, Cramer and de Haan is provably communication-optimal by achieving an asymptotic communication complexity of O(n ) bits; however, it requires the messages to be exponentially large, i.e., = Ω(2 n ). In this paper we present an efficient communication-optimal tworound PSMT protocol for messages of length polynomial in n that is almost optimally resilient in that it requires a number of channels n ≥ (2 + ε)t, for any arbitrarily small constant ε > 0. In this case, optimal communication complexity is O( ) bits.

show abstract

Round-Optimal and Efficient Verifiable Secret Sharing

Fitzi

Garay²,

Gollakota

et al. 2006

View full text Add to dashboard Cite

Abstract. We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that no t of them obtain any information, but any t + 1 players obtain full information about the secret. The round complexity of a VSS protocol is defined as the number of rounds performed in the sharing phase. Gennaro, Ishai, Kushilevitz and Rabin showed that three rounds are necessary and sufficient when n > 3t. Sufficiency, however, was only demonstrated by means of an inefficient (i.e., exponential-time) protocol, and the construction of an efficient three-round protocol was left as an open problem.In this paper, we present an efficient three-round protocol for VSS. The solution is based on a three-round solution of so-called weak verifiable secret sharing (WSS), for which we also prove that three rounds is a lower bound. Furthermore, we also demonstrate that one round is sufficient for WSS when n > 4t, and that VSS can be achieved in 1 + ε amortized rounds (for any ε > 0) when n > 3t.

show abstract

From partial consistency to global broadcast

Fitzi

Maurer

2000

View full text Add to dashboard Cite

This paper considers unconditionally secure protocols for reliable broadcast among a set of n players, some of which may be corrupted by an active (Byzantine) adversary. In the standard model with a complete, synchronous network of pairwise authentic communication channels among the players, broadcast is achievable if and only if the number of corrupted players is less than n=3. We show that, by extending this model only by the existence of a broadcast channel among three players, global broadcast is achievable if and only if the number of corrupted players is less than n=2. Moreover, for this an even weaker primitive than broadcast among three players is sufficient. All protocols are efficient.

show abstract

Efficient Byzantine agreement secure against general adversaries

Fitzi

Maurer

1998

View full text Add to dashboard Cite

This paper presents protocols for Byzantine agreement, i.e. for reliable broadcast, among a set of n players, some of which may be controlled by an adversary. It is well-known that Byzantine agreement is possible if and only if the number of cheaters is less than n/3. In this paper we consider a general adversary that is specified by a set of subsets of the player set (the adversary structure), and any one of these subsets may be corrupted by the adversary. The only condition we need is that no three of these subsets cover the full player set. A result of Hirt and Maurer implies that this condition is necessary and sufficient for the existence of a Byzantine agreement protocol, but the complexity of their protocols is generally exponential in the number of players. The purpose of this paper is to present the first protocol with polynomial message and computation complexity for any (even exponentially large) specification of the adversary structure. This closes a gap in a recent result of Cramer, DamgArd and Maurer on applying span programs to secure multi-party computation.

show abstract

12 3 4 5

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Matthias Fitzi

Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation

Quantum Solution to the Byzantine Agreement Problem

Efficient player-optimal protocols for strong and differential consensus

Optimally efficient multi-valued byzantine agreement

Towards Optimal and Efficient Perfectly Secure Message Transmission

Round-Optimal and Efficient Verifiable Secret Sharing

From partial consistency to global broadcast

Efficient Byzantine agreement secure against general adversaries

Contact Info

Product

Resources

About