Aggregatable Distributed Key Generation

Gurkan, Kobi; Jovanovic, Philipp; Maller, Mary; Meiklejohn, Sarah; Stern, Gilad; Tomescu, Alin

doi:10.1007/978-3-030-77870-5_6

Cited by 27 publications

(21 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2. Cipher broadcast (Line 7-10, [16][17][18][19][20][21][22][23][24][25][26]. In this phase, the dealer broadcasts its actual input encrypted by the key shared in the earlier phase, i.e., A(0).…”

Section: Verifiable Random Functionmentioning

confidence: 99%

“…Given the recent elegant result of aggregatable public verifiable secret sharing (PVSS) due to Gurkan et al [22], constructing an exemplary Seeding protocol and proving its security are rather tedious, and thus we defer the proof for Lemma 1 along with the exemplary construction to Appendix C. Intuitively, it is simple to let each party send an aggregatable PVSS script carrying a random secret to the leader, so the leading party can aggregate them to produce an aggregated PVSS script committing an unpredictable nonce contributed by enough parties (e.g., 2f + 1). Then, before recovering the unpredictable secret hidden behind the aggregated PVSS script, the leader must send it to at least 2f + 1 parties to collect enough digital signatures to form a "certificate" to prove that the nonce is fixed and committed to the PVSS script.…”

Section: Properties It Satisfies the Next Properties With All But Neg...mentioning

confidence: 99%

“…Here we give an exemplary construction for reliable leaded seeding (Seeding) through the elegant idea of aggregatable public verifiable secret sharing (PVSS) in [22]. The general idea of [22] is to lift the beautiful Scrape PVSS scheme [16] to enable the aggregation of PVSS scripts from distinct participating parties, and along the way, it presents a way of using knowledge-of-signatures to allow each party to attach an aggregatable "tag" attesting its contribution in the aggregated PVSS script, thus ensuring that anyone can check the finally aggregated PVSS script pvss (and tag) to verify whether pvss indeed commits a polynomial collectively "generated" by more than f parties while preserving the size of communicated scripts minimal. It thus becomes immediate to follow the nice idea to construct an efficient Seeding protocol as shown in Alg.…”

Section: Appendix C An Implementation Of Seed Generationmentioning

confidence: 99%

“…For sake of completeness, we briefly review the cryptographic abstraction of the aggregatable PVSS scheme (with unforgeable tags attesting contributions) among n parties with a secrecy threshold t due to Gurkan et al [22]. Note that we mainly focus on abstracting the needed properties to construct and prove our Seeding protocol.…”

Section: Appendix C An Implementation Of Seed Generationmentioning

confidence: 99%

“…To lift PVSS scheme to enjoy aggregability, an aggregating algorithm can be added to the scheme [22], which naturally combines any two valid sharing scripts to form another one:…”

Section: C2 Aggregatable Pvss With Weight Tagsmentioning

confidence: 99%

See 4 more Smart Citations

Efficient Asynchronous Byzantine Agreement without Private Setups

Gao¹,

Lu²,

Lu³

et al. 2021

Preprint

View full text Add to dashboard Cite

Though recent breakthroughs have greatly improved the efficiency of asynchronous Byzantine agreement protocols, they mainly focused on the setting with private setups, e.g., assuming a trusted dealer to establish non-interactive threshold cryptosystems. Challenges remain to reduce the large communication complexities in the absence of private setups, for example: (i) for asynchronous binary agreement (ABA) with optimal resilience, prior private-setup free protocols (Cachin et al., CCS' 2002; Kokoris-Kogias et al., CCS' 2020) have to incur O(λn 4 ) bits and O(n 3 ) messages; (ii) for asynchronous multi-valued agreement with external validity (VBA), Abraham et al. [2] very recently gave the first elegant construction with O(n 3 ) messages, relying on only public key infrastructure (PKI), but the design still costs O(λn 3 log n) bits. Here n is the number of participating parties and λ is the cryptographic security parameter. We for the first time close the remaining efficiency gap between the communication complexity and the message complexity of private-setup free asynchronous Byzantine agreements, i.e., reducing their communication cost to only O(λn 3 ) bits on average. At the core of our design, we give a systematic treatment of reasonably fair common randomness, and proceed as follows:-We construct a reasonably fair common coin (Canetti and Rabin, STOC' 1993) in the asynchronous setting with PKI instead of private setup, using only O(λn 3 ) bit and constant asynchronous rounds. The common coin protocol ensures that with at least 1/3 probability, all honest parties can output a common bit that is as if uniformly sampled, rendering a more efficient private-setup free ABA with expected O(λn 3 ) bit communication and constant running time.-More interestingly, we lift our reasonably fair common coin protocol to attain perfect agreement without incurring any extra factor in the asymptotic complexities, resulting in an efficient reasonably fair leader election primitive pluggable in all existing VBA protocols (including Cachin et al., CRYPTO' 2001; Abraham et al., PODC' 2019; Lu et al., PODC' 2020), thus reducing the communication of private-setup free VBA to expected O(λn 3 ) bits while preserving expected constant running time. This leader election primitive and its construction might be of independent interest. -Along the way, we also improve an important building block, asynchronous verifiable secret sharing (Canetti and Rabin, STOC' 1993) by presenting a private-setup free implementation costing only O(λn 2 ) bits in the PKI setting. By contrast, prior art having the same communication complexity (Backes et al., CT-RSA' 2013) has to rely on a private setup.

show abstract

Section: Verifiable Random Functionmentioning

confidence: 99%

Section: Properties It Satisfies the Next Properties With All But Neg...mentioning

confidence: 99%

Section: Appendix C An Implementation Of Seed Generationmentioning

confidence: 99%

Section: Appendix C An Implementation Of Seed Generationmentioning

confidence: 99%

“…To lift PVSS scheme to enjoy aggregability, an aggregating algorithm can be added to the scheme [22], which naturally combines any two valid sharing scripts to form another one:…”

Section: C2 Aggregatable Pvss With Weight Tagsmentioning

confidence: 99%

See 3 more Smart Citations

Efficient Asynchronous Byzantine Agreement without Private Setups

Gao¹,

Lu²,

Lu³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

Aggregatable Distributed Key Generation

Gurkan¹,

Jovanovic

Maller³

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we introduce a distributed key generation (DKG) protocol with aggregatable and publicly-verifiable transcripts. Compared with prior publicly-verifiable approaches, our DKG reduces the size of the final transcript and the time to verify it from O(n 2 ) to O(n log n), where n denotes the number of parties. As compared with prior non-publicly-verifiable approaches, our DKG leverages gossip rather than all-to-all communication to reduce verification and communication complexity. We also revisit existing DKG security definitions, which are quite strong, and propose new and natural relaxations. As a result, we can prove the security of our aggregatable DKG as well as that of several existing DKGs, including the popular Pedersen variant. We show that, under these new definitions, these existing DKGs can be used to yield secure threshold variants of popular cryptosystems such as El-Gamal encryption and BLS signatures. We also prove that our DKG can be securely combined with a new efficient verifiable unpredictable function (VUF), whose security we prove in the random oracle model. Finally, we experimentally evaluate our DKG and show that the perparty overheads scale linearly and are practical. For 64 parties, it takes 71 ms to share and 359 ms to verify the overall transcript, while for 8192 parties, it takes 8 s and 42.2 s respectively. cLabs, Ethereum Foundation.

show abstract

SoK: Decentralized Randomness Beacon Protocols

Raikwar

Gligoroski

2022

Information Security and Privacy

View full text Add to dashboard Cite

Aggregatable Distributed Key Generation

Cited by 27 publications

References 60 publications

Efficient Asynchronous Byzantine Agreement without Private Setups

Efficient Asynchronous Byzantine Agreement without Private Setups

Aggregatable Distributed Key Generation

SoK: Decentralized Randomness Beacon Protocols

Contact Info

Product

Resources

About