Asynchronous Distributed Key Generation for Computationally-Secure Randomness, Consensus, and Threshold Signatures.

Kogias, Eleftherios Kokoris; Malkhi, Dahlia; Spiegelman, Alexander

doi:10.1145/3372297.3423364

Cited by 57 publications

(30 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Canny and Sorkin [17] study DKG protocols with poly-logarithmic communication and computation cost per-party, but their protocol relies on a trusted dealer that permutes the parties before the protocol starts. Kate et al [42,43] and Kokoris-Kogias et al [47] study DKG protocols in the asynchronous setting, unlike our work and most previous work. Schindler et al [58] use the Ethereum blockchain to instantiate the synchronous broadcast channel all DKG protocols mentioned so far assume, including ours.…”

Section: Related Workmentioning

confidence: 68%

Aggregatable Distributed Key Generation

Gurkan¹,

Jovanovic

Maller³

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we introduce a distributed key generation (DKG) protocol with aggregatable and publicly-verifiable transcripts. Compared with prior publicly-verifiable approaches, our DKG reduces the size of the final transcript and the time to verify it from O(n 2 ) to O(n log n), where n denotes the number of parties. As compared with prior non-publicly-verifiable approaches, our DKG leverages gossip rather than all-to-all communication to reduce verification and communication complexity. We also revisit existing DKG security definitions, which are quite strong, and propose new and natural relaxations. As a result, we can prove the security of our aggregatable DKG as well as that of several existing DKGs, including the popular Pedersen variant. We show that, under these new definitions, these existing DKGs can be used to yield secure threshold variants of popular cryptosystems such as El-Gamal encryption and BLS signatures. We also prove that our DKG can be securely combined with a new efficient verifiable unpredictable function (VUF), whose security we prove in the random oracle model. Finally, we experimentally evaluate our DKG and show that the perparty overheads scale linearly and are practical. For 64 parties, it takes 71 ms to share and 359 ms to verify the overall transcript, while for 8192 parties, it takes 8 s and 42.2 s respectively. cLabs, Ethereum Foundation.

show abstract

Section: Related Workmentioning

confidence: 68%

Aggregatable Distributed Key Generation

Gurkan¹,

Jovanovic

Maller³

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We show how to combine Verifiable Gather with random secret sharing [29] and an efficient Reliable Broadcast [11,12,16] to obtain a new primitive we call Proposal Election. Roughly speaking, in Proposal Election, every party inputs some externally valid value, and with constant probability, all parties output the same value that was proposed by a non-faulty party.…”

Section: Our Techniquesmentioning

confidence: 99%

“…Our protocol works in the authenticated model, assumes a Public Key Infrastructure (PKI), obtains optimal resilience (i.e., tolerates < 3 malicious parties), and terminates in (1) expected rounds using just˜( 3 ) expected words, where a word can contain a constant number of values and cryptographic signatures. Previously, the best protocol for A-DKG with optimal resilience is by Kokoris-Kogias, Malkhi, and Spiegelman [29] and it requires Ω( ) expected number of rounds and Ω( 4 ) expected number of words.…”

Section: Introductionmentioning

confidence: 99%

“…However, their solution relies heavily on leaders who may be adaptively targeted, and they still require time-outs to distinguish optimistic scenarios from worst-case scenarios. Recently Kokoris-Kogias, Malkhi and Spiegelman [29] presented a fully asynchronous solution which is leaderless and has ( 4 ) expected communication complexity. The actions of honest parties in their protocol are event-driven and there are no timeouts.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Reaching Consensus for Asynchronous Distributed Key Generation

Abraham

Jovanovic

Maller³

et al. 2021

Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing

View full text Add to dashboard Cite

We give a protocol for Asynchronous Distributed Key Generation (A-DKG) that is optimally resilient (can withstand < 3 faulty parties), has a constant expected number of rounds, has˜( 3 ) expected communication complexity, and assumes only the existence of a PKI. Prior to our work, the best A-DKG protocols required Ω( ) expected number of rounds, and Ω( 4 ) expected communication.Our A-DKG protocol relies on several building blocks that are of independent interest. We define and design a Proposal Election (PE) protocol that allows parties to retrospectively agree on a valid proposal after enough proposals have been sent from different parties.With constant probability the elected proposal was proposed by a nonfaulty party. In building our PE protocol, we design a Verifiable Gather protocol which allows parties to communicate which proposals they have and have not seen in a verifiable manner. The final building block to our A-DKG is a Validated Asynchronous Byzantine Agreement (VABA) protocol. We use our PE protocol to construct a VABA protocol that does not require leaders or an asynchronous DKG setup. Our VABA protocol can be used more generally when it is not possible to use threshold signatures. CCS CONCEPTS• Theory of computation → Distributed algorithms; Cryptographic protocols.

show abstract

“…Usually, one assumes that a trusted dealer is used to set up the random keys for all processes. However, this assumption can be relaxed by executing an ( 4 ) message complexity Asynchronous Distributed Key Generation protocol [30]. Either way, this scheme remains unpredictable only if the adversary is computationally bounded.…”

Section: Model and Building Blocksmentioning

confidence: 99%

All You Need is DAG

Keidar

Kokoris-Kogias

Naor

et al. 2021

Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing

Self Cite

View full text Add to dashboard Cite

We present DAG-Rider, the first asynchronous Byzantine Atomic Broadcast protocol that achieves optimal resilience, optimal amortized communication complexity, and optimal time complexity. DAG-Rider is post-quantum safe and ensures that all values proposed by correct processes eventually get delivered. We construct DAG-Rider in two layers: In the first layer, processes reliably broadcast their proposals and build a structured Directed Acyclic Graph (DAG) of the communication among them. In the second layer, processes locally observe their DAGs and totally order all proposals with no extra communication. CCS CONCEPTS• Theory of computation → Distributed algorithms; • Security and privacy → Distributed systems security.

show abstract

Asynchronous Distributed Key Generation for Computationally-Secure Randomness, Consensus, and Threshold Signatures.

Cited by 57 publications

References 26 publications

Aggregatable Distributed Key Generation

Aggregatable Distributed Key Generation

Reaching Consensus for Asynchronous Distributed Key Generation

All You Need is DAG

Contact Info

Product

Resources

About