TY - GEN
T1 - Asymptotically Free Broadcast in Constant Expected Time via Packed VSS
AU - Abraham, Ittai
AU - Asharov, Gilad
AU - Patil, Shravani
AU - Patra, Arpita
N1 - Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Broadcast is an essential primitive for secure computation. We focus in this paper on optimal resilience (i.e., when the number of corrupted parties t is less than a third of the computing parties n), and with no setup or cryptographic assumptions. While broadcast with worst case t rounds is impossible, it has been shown [Feldman and Micali STOC’88, Katz and Koo CRYPTO’06] how to construct protocols with expected constant number of rounds in the private channel model. However, those constructions have large communication complexity, specifically O(n2L+ n6log n) expected number of bits transmitted for broadcasting a message of length L. This leads to a significant communication blowup in secure computation protocols in this setting. In this paper, we substantially improve the communication complexity of broadcast in constant expected time. Specifically, the expected communication complexity of our protocol is O(nL+ n4log n). For messages of length L= Ω(n3log n), our broadcast has no asymptotic overhead (up to expectation), as each party has to send or receive O(n3log n) bits. We also consider parallel broadcast, where n parties wish to broadcast L bit messages in parallel. Our protocol has no asymptotic overhead for L= Ω(n2log n), which is a common communication pattern in perfectly secure MPC protocols. For instance, it is common that all parties share their inputs simultaneously at the same round, and verifiable secret sharing protocols require the dealer to broadcast a total of O(n2log n) bits. As an independent interest, our broadcast is achieved by a packed verifiable secret sharing, a new notion that we introduce. We show a protocol that verifies O(n) secrets simultaneously with the same cost of verifying just a single secret. This improves by a factor of n the state-of-the-art.
AB - Broadcast is an essential primitive for secure computation. We focus in this paper on optimal resilience (i.e., when the number of corrupted parties t is less than a third of the computing parties n), and with no setup or cryptographic assumptions. While broadcast with worst case t rounds is impossible, it has been shown [Feldman and Micali STOC’88, Katz and Koo CRYPTO’06] how to construct protocols with expected constant number of rounds in the private channel model. However, those constructions have large communication complexity, specifically O(n2L+ n6log n) expected number of bits transmitted for broadcasting a message of length L. This leads to a significant communication blowup in secure computation protocols in this setting. In this paper, we substantially improve the communication complexity of broadcast in constant expected time. Specifically, the expected communication complexity of our protocol is O(nL+ n4log n). For messages of length L= Ω(n3log n), our broadcast has no asymptotic overhead (up to expectation), as each party has to send or receive O(n3log n) bits. We also consider parallel broadcast, where n parties wish to broadcast L bit messages in parallel. Our protocol has no asymptotic overhead for L= Ω(n2log n), which is a common communication pattern in perfectly secure MPC protocols. For instance, it is common that all parties share their inputs simultaneously at the same round, and verifiable secret sharing protocols require the dealer to broadcast a total of O(n2log n) bits. As an independent interest, our broadcast is achieved by a packed verifiable secret sharing, a new notion that we introduce. We show a protocol that verifies O(n) secrets simultaneously with the same cost of verifying just a single secret. This improves by a factor of n the state-of-the-art.
KW - Broadcast
KW - Byzantine agreement
KW - MPC
UR - http://www.scopus.com/inward/record.url?scp=85146653251&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-22318-1_14
DO - 10.1007/978-3-031-22318-1_14
M3 - منشور من مؤتمر
SN - 9783031223174
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 384
EP - 414
BT - Theory of Cryptography - 20th International Conference, TCC 2022, Proceedings
A2 - Kiltz, Eike
A2 - Vaikuntanathan, Vinod
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th Theory of Cryptography Conference, TCC 2022
Y2 - 7 November 2022 through 10 November 2022
ER -