Verifiable secret sharing and multiparty protocols with honest majority

Rabin, Tal; Ben-Or, Michael

doi:10.1145/73007.73014

Cited by 713 publications

(499 citation statements)

References 9 publications

Supporting

Mentioning

491

Contrasting

Unclassified

Order By: Relevance

“…We consider statistical security (since, as mentioned above, perfect security is unachievable in this setting), and let κ denote the error parameter, κ ≥ 2n. [RB89] is a triple of protocols (ICSetup, ICValidate, ICReveal) which achieves a limited signature-like functionality for three players: a dealer D, intermediary I, and receiver R. D holds as input a secret s ∈ F, which he passes to I in ICSetup. ICValidate insures that even if D cheats, I knows a value which R will accept.…”

Section: Model Definitions and Toolsmentioning

confidence: 99%

“…This is the first linear VSS protocol enjoying such a small number of broadcast rounds without trusted setup, while running in an overall constant number of rounds. We first obtain a (3, 0)-broadcast, (9, 1)-round protocol which, at a high level, is inspired by the ((7, 0)-broadcast) protocol in [RB89]; we then apply a moderated-protocol transformation to shave off one additional broadcast round.…”

Section: A Broadcast-and Round-efficient Vss Protocolmentioning

confidence: 99%

“…We opt for the latter, since we feel that this protocol's structure lends itself best to a univariate polynomial description. At a high level, the protocol is inspired by that of Rabin and Ben-Or [RB89], and has a similar structure. First D distributes shares of a t-degree polynomial f where s := f (0) and of additional random t-degree polynomials g k .…”

Section: Protocol Wss-share(p D S)mentioning

confidence: 99%

See 2 more Smart Citations

Broadcast (and Round) Efficient Verifiable Secret Sharing

Garay

Givens

Ostrovsky

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Verifiable secret sharing (VSS) is a fundamental cryptographic primitive, lying at the core of secure multi-party computation (MPC) and, as the distributed analogue of a commitment functionality, used in numerous applications. In this paper we focus on unconditionally secure VSS protocols with honest majority.In this setting it is typically assumed that parties are connected pairwise by authenticated, private channels, and that in addition they have access to a "broadcast" channel. Because broadcast cannot be simulated on a point-to-point network when a third or more of the parties are corrupt, it is impossible to construct VSS (and more generally, MPC) protocols in this setting without using a broadcast channel (or some equivalent addition to the model).A great deal of research has focused on increasing the efficiency of VSS, primarily in terms of round complexity. In this work we consider a refinement of the round complexity of VSS, by adding a measure we term broadcast complexity. We view the broadcast channel as an expensive resource and seek to minimize the number of rounds in which it is invoked as well.We construct a (linear) VSS protocol which uses the broadcast channel only twice in the sharing phase, while running in an overall constant number of rounds.

show abstract

Section: Model Definitions and Toolsmentioning

confidence: 99%

Section: A Broadcast-and Round-efficient Vss Protocolmentioning

confidence: 99%

Section: Protocol Wss-share(p D S)mentioning

confidence: 99%

See 1 more Smart Citation

Broadcast (and Round) Efficient Verifiable Secret Sharing

Garay

Givens

Ostrovsky

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Over the last three decades, active research has been carried out in this area and many interesting and significant results have been obtained dealing with high efficiency, security against general adversaries, security against mixed type of corruptions, long-term security, provable security, etc (see [18,24,9,17,41,20,10,16,42,26,28,32,35,4,6] and their references). However, almost all these solutions are for the synchronous model, where it is assumed that every message in the network is delayed by a given constant.…”

Section: Verifiable Secret Sharing (Vss)mentioning

confidence: 99%

Communication Efficient Perfectly Secure VSS and MPC in Asynchronous Networks with Optimal Resilience

Patra

Choudhury

Rangan

2010

Progress in Cryptology – AFRICACRYPT 2010

View full text Add to dashboard Cite

Secure Multi-Party Computation (MPC) providing information theoretic security allows a set of n parties to securely compute an agreed function F over a finite field F, even if t parties are under the control of a computationally unbounded active adversary. Asynchronous MPC (AMPC) is an important variant of MPC, which works over an asynchronous network. It is well known that perfect AMPC is possible if and only if n ≥ 4t + 1, while statistical AMPC is possible if and only if n ≥ 3t + 1. In this paper, we study the communication complexity of AMPC protocols (both statistical and perfect) designed with exactly n = 4t + 1 parties. Our major contributions in this paper are as follows:1. Asynchronous Verifiable Secret Sharing (AVSS) is one of the main building blocks for AMPC.In this paper, we design two AVSS protocols with 4t + 1 parties: the first one is statistically secure and has non-optimal resilience, while the second one is perfectly secure and has optimal resilience. Both these schemes achieve a common interesting property, which was not achieved by the previous schemes. Specifically, our AVSS schemes allow to share a secret through a polynomial of degree at most d, where t ≤ d ≤ 2t. In contrast, the existing AVSS schemes can share a secret only through a polynomial of degree at most t. The new property of our AVSS simplifies the degree reduction step for the evaluation of multiplication gates in an AMPC protocol.2. Using our statistical AVSS, we design a statistical AMPC protocol with n = 4t + 1 which communicates O(n 2 ) field elements per multiplication gate. Though this protocol has non-optimal resilience, it significantly improves the communication complexity of the existing statistical AMPC protocols.3. We then present a perfect AMPC protocol with n = 4t + 1 (using our perfect AVSS scheme), which also communicates O(n 2 ) field elements per multiplication gate. This protocol improves on our statistical AMPC protocol as it has optimal resilience. To the best of our knowledge, this is the most communication efficient perfect AMPC protocol in the information theoretic setting. * A preliminary version of this paper appeared in [39].

show abstract

“…Moreover, if the model is augmented with a broadcast primitive, an active adversary can be tolerated who corrupts fewer than a 1/2-fraction of the players, at the cost of introducing non-zero yet negligible error probabilities [32]. For VSS it is required that the underlying LSSS is n − t-accepting and for secure multiplication the LSSS is required to satisfy the multiplication property.…”

Section: It Is Quasi-threshold (With a 2g Gap) This Means That A Tnmentioning

confidence: 99%

Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields

Chen

Cramer

2006

Lecture Notes in Computer Science

122

188

View full text Add to dashboard Cite

Abstract. We introduce algebraic geometric techniques in secret sharing and in secure multi-party computation (MPC) in particular. The main result is a linear secret sharing scheme (LSSS) defined over a finite field Fq, with the following properties. It is ideal. The number of players n can be as large as #C(Fq), whereC is an algebraic curve C of genus g defined over Fq. 2. It is quasi-threshold: it is t-rejecting and t +1+2g-accepting, but not necessarily t + 1-accepting. It is thus in particular a ramp scheme. High information rate can be achieved. 3. It has strong multiplication with respect to the t-threshold adversary structure, if t < 1 3 n − 4 3 g. This is a multi-linear algebraic property on an LSSS facilitating zero-error multi-party multiplication, unconditionally secure against corruption by an active t-adversary. 4. The finite field Fq can be dramatically smaller than n. This is by using algebraic curves with many Fq-rational points. For example, for each small enough , there is a finite field Fq such that for infinitely many n there is an LSSS over Fq with strong multiplication satisfying ( 1 3 − )n ≤ t < 1 3 n. 5. Shamir's scheme, which requires n > q and which has strong multiplication for t < 1 3 n, is a special case by taking g = 0. Now consider the classical ("BGW") scenario of MPC unconditionally secure (with zero error probability) against an active t-adversary with t < 1 3 n, in a synchronous n-player network with secure channels. By known results it now follows that there exist MPC protocols in this scenario, achieving the same communication complexities in terms of the number of field elements exchanged in the network compared with known Shamir-based solutions. However, in return for decreasing corruption tolerance by a small -fraction, q may be dramatically smaller than n. This tolerance decrease is unavoidable due to properties of MDS codes. The techniques extend to other models of MPC. Results on less specialized LSSS can be obtained from more general coding theory arguments.The authors independently submitted similar results to CRYPTO 2006 [5,8]. This paper is the result of merging those two papers.

show abstract

Verifiable secret sharing and multiparty protocols with honest majority

Cited by 713 publications

References 9 publications

Broadcast (and Round) Efficient Verifiable Secret Sharing

Broadcast (and Round) Efficient Verifiable Secret Sharing

Communication Efficient Perfectly Secure VSS and MPC in Asynchronous Networks with Optimal Resilience

Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields

Contact Info

Product

Resources

About