TY - GEN
T1 - Distributing Keys and Random Secrets with Constant Complexity
AU - Applebaum, Benny
AU - Pinkas, Benny
N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.
PY - 2025
Y1 - 2025
N2 - In the Distributed Secret Sharing Generation (DSG) problem n parties wish to obliviously sample a secret-sharing of a random value s taken from some finite field, without letting any of the parties learn s. Distributed Key Generation (DKG) is a closely related variant of the problem in which, in addition to their private shares, the parties also generate a public “commitment” gs to the secret. Both DSG and DKG are central primitives in the domain of secure multiparty computation and threshold cryptography. In this paper, we study the communication complexity of DSG and DKG. Motivated by large-scale cryptocurrency and blockchain applications, we ask whether it is possible to obtain protocols in which the communication per party is a constant that does not grow with the number of parties. We answer this question to the affirmative in a model where broadcast communication is implemented via a public bulletin board (e.g., a ledger). Specifically, we present a constant-round DSG/DKG protocol in which the number of bits that each party sends/receives from the public bulletin board is a constant that depends only on the security parameter and the field size but does not grow with the number of parties n. In contrast, in all existing solutions at least some of the parties send Ω(n) bits. Our protocol works in the near-threshold setting. Given arbitrary privacy/correctness parameters 0<τp<τc<1, the protocol tolerates up to τpn actively corrupted parties and delivers shares of a random secret according to some τpn-private τcn-correct secret sharing scheme, such that the adversary cannot bias the secret or learn anything about it. The protocol is based on non-interactive zero-knowledge proofs, non-interactive commitments and a novel secret-sharing scheme with special robustness properties that is based on Low-Density Parity-Check codes. As a secondary contribution, we extend the formal MPC-based treatment of DKG/DSG, and study new aspects of Affine Secret Sharing Schemes.
AB - In the Distributed Secret Sharing Generation (DSG) problem n parties wish to obliviously sample a secret-sharing of a random value s taken from some finite field, without letting any of the parties learn s. Distributed Key Generation (DKG) is a closely related variant of the problem in which, in addition to their private shares, the parties also generate a public “commitment” gs to the secret. Both DSG and DKG are central primitives in the domain of secure multiparty computation and threshold cryptography. In this paper, we study the communication complexity of DSG and DKG. Motivated by large-scale cryptocurrency and blockchain applications, we ask whether it is possible to obtain protocols in which the communication per party is a constant that does not grow with the number of parties. We answer this question to the affirmative in a model where broadcast communication is implemented via a public bulletin board (e.g., a ledger). Specifically, we present a constant-round DSG/DKG protocol in which the number of bits that each party sends/receives from the public bulletin board is a constant that depends only on the security parameter and the field size but does not grow with the number of parties n. In contrast, in all existing solutions at least some of the parties send Ω(n) bits. Our protocol works in the near-threshold setting. Given arbitrary privacy/correctness parameters 0<τp<τc<1, the protocol tolerates up to τpn actively corrupted parties and delivers shares of a random secret according to some τpn-private τcn-correct secret sharing scheme, such that the adversary cannot bias the secret or learn anything about it. The protocol is based on non-interactive zero-knowledge proofs, non-interactive commitments and a novel secret-sharing scheme with special robustness properties that is based on Low-Density Parity-Check codes. As a secondary contribution, we extend the formal MPC-based treatment of DKG/DSG, and study new aspects of Affine Secret Sharing Schemes.
KW - Distributed Key Generation
KW - Secret Sharing
KW - Secure Computation
UR - http://www.scopus.com/inward/record.url?scp=85211952013&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-031-78023-3_16
DO - https://doi.org/10.1007/978-3-031-78023-3_16
M3 - منشور من مؤتمر
SN - 9783031780226
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 485
EP - 516
BT - Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings
A2 - Boyle, Elette
A2 - Mahmoody, Mohammad
PB - Springer Science and Business Media Deutschland GmbH
T2 - 22nd Theory of Cryptography Conference, TCC 2024
Y2 - 2 December 2024 through 6 December 2024
ER -