ALBATROSS: publicly AttestabLe BATched Randomness based On Secret Sharing

In this paper we present ALBATROSS, a family of multiparty randomness generation protocols with guaranteed output delivery and public verification that allows to trade off corruption tolerance for a much improved amortized computational complexity. Our basic stand alone protocol is based on publicly verifiable secret sharing (PVSS) and is secure under in the random oracle model under the decisional DiffieHellman (DDH) hardness assumption. We also address the important issue of constructing Universally Composable randomness beacons, showing two UC versions of Albatross: one based on simple UC NIZKs and another one based on novel efficient “designated verifier” homomorphic commitments. Interestingly this latter version can be instantiated from a global random oracle under the weaker Computational Diffie-Hellman (CDH) assumption. An execution of ALBATROSS with n parties, out of which up to t = (1/2− ) · n are corrupt for a constant > 0, generates Θ(n) uniformly random values, requiring in the worst case an amortized cost per party of Θ(logn) exponentiations per random value. We significantly improve on the SCRAPE protocol (Cascudo and David, ACNS 17), which required Θ(n) exponentiations per party to generate one uniformly random value. This is mainly achieved via two techniques: first, the use of packed Shamir secret sharing for the PVSS; second, the use of linear t-resilient functions (computed via a Fast Fourier Transform-based algorithm) to improve the randomness extraction.

[1]  Ignacio Cascudo,et al.  SCRAPE: Scalable Randomness Attested by Public Entities , 2017, IACR Cryptol. ePrint Arch..

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Matthew Green,et al.  A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK , 2018, IACR Cryptol. ePrint Arch..

[4]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[5]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[6]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[7]  Tommaso Gagliardoni,et al.  The Wonderful World of Global Random Oracles , 2018, IACR Cryptol. ePrint Arch..

[8]  Ivan Damgård,et al.  Publicly Auditable Secure Multi-Party Computation , 2014, SCN.

[9]  Sarah Meiklejohn,et al.  Winning the Caucus Race: Continuous Leader Election via Public Randomness , 2018, ArXiv.

[10]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[11]  Ignacio Cascudo,et al.  Efficient UC Commitment Extension with Homomorphism for Free (and Applications) , 2018, IACR Cryptol. ePrint Arch..

[12]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[13]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[14]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[15]  Rafael Dowsley,et al.  Insured MPC: Efficient Secure Multiparty Computation with Punishable Abort , 2018, IACR Cryptol. ePrint Arch..

[16]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[17]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[18]  Jan Camenisch,et al.  A Framework for Practical Universally Composable Zero-Knowledge Protocols , 2011, IACR Cryptol. ePrint Arch..

[19]  NaorMoni,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004 .

[20]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[21]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[22]  Ignacio Cascudo,et al.  Rate-1, Linear Time and Additively Homomorphic UC Commitments , 2016, CRYPTO.

[23]  Michael J. Fischer,et al.  Scalable Bias-Resistant Distributed Randomness , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[24]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[25]  J. Tukey,et al.  An algorithm for the machine calculation of complex Fourier series , 1965 .

[26]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[27]  Rafael Dowsley,et al.  A Framework for Universally Composable Publicly Verifiable Cryptographic Protocols , 2020, IACR Cryptol. ePrint Arch..

[28]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[29]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[30]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[31]  Sean Bowe,et al.  Halo: Recursive Proof Composition without a Trusted Setup , 2019, IACR Cryptol. ePrint Arch..

[32]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[33]  Jing Chen,et al.  Algorand: A secure and efficient distributed ledger , 2019, Theor. Comput. Sci..

[34]  Jorge Luis Villar,et al.  Public Verifiability from Pairings in Secret Sharing Schemes , 2009, Selected Areas in Cryptography.

[35]  Oded Goldreich,et al.  The bit extraction problem or t-resilient functions , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[36]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[37]  Jorge Luis Villar,et al.  Publicly Verfiable Secret Sharing from Paillier's Cryptosystem , 2005, WEWoRC.

[38]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[39]  Benny Pinkas,et al.  Towards Scalable Threshold Cryptosystems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[40]  Yehuda Lindell,et al.  An Efficient Transform from Sigma Protocols to NIZK with a CRS and Non-programmable Random Oracle , 2015, TCC.

[41]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[42]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.