Round-Preserving Parallel Composition of Probabilistic-Termination Cryptographic Protocols

An important benchmark for multi-party computation protocols (MPC) is their round complexity. For several important MPC tasks, (tight) lower bounds on the round complexity are known. However, for some of these tasks, such as broadcast, the lower bounds can be circumvented when the termination round of every party is not a priori known, and simultaneous termination is not guaranteed. Protocols with this property are called probabilistic-termination (PT) protocols. Running PT protocols in parallel affects the round complexity of the resulting protocol in somewhat unexpected ways. For instance, an execution of m protocols with constant expected round complexity might take O(log m) rounds to complete. In a seminal work, Ben-Or and El-Yaniv (Distributed Computing '03) developed a technique for parallel execution of arbitrarily many broadcast protocols, while preserving expected round complexity. More recently, Cohen et al. (CRYPTO '16) devised a framework for universal composition of PT protocols, and provided the first composable parallel-broadcast protocol with a simulation-based proof. These constructions crucially rely on the fact that broadcast is ``privacy free,'' and do not generalize to arbitrary protocols in a straightforward way. This raises the question of whether it is possible to execute arbitrary PT protocols in parallel, without increasing the round complexity. In this paper we tackle this question and provide both feasibility and infeasibility results. We construct a round-preserving protocol compiler, secure against a dishonest minority of actively corrupted parties, that compiles arbitrary protocols into a protocol realizing their parallel composition, while having a black-box access to the underlying protocols. Furthermore, we prove that the same cannot be achieved, using known techniques, given only black-box access to the functionalities realized by the protocols, unless merely security against semi-honest corruptions is required, for which case we provide a protocol.

[1]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[2]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[3]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[4]  Unconditionally secure signature schemes revisited , 2011, J. Math. Cryptol..

[5]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[6]  Iftach Haitner A Parallel Repetition Theorem for Any Interactive Argument , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[7]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[8]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[9]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[10]  Alex Samorodnitsky,et al.  On the Round Complexity of Randomized Byzantine Agreement , 2019, IACR Cryptol. ePrint Arch..

[11]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[12]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[13]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[14]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[15]  Junji Shikata,et al.  Security Notions for Unconditionally Secure Signature Schemes , 2002, EUROCRYPT.

[16]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Abhi Shelat,et al.  Adaptively Secure MPC with Sublinear Communication Complexity , 2019, Journal of Cryptology.

[18]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[19]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[20]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.

[21]  Junji Shikata,et al.  Information-Theoretically Secure Key-Insulated Multireceiver Authentication Codes , 2010, AFRICACRYPT.

[22]  Yuval Ishai,et al.  Secure Protocol Transformations , 2016, CRYPTO.

[23]  Ran El-Yaniv,et al.  Resilient-optimal interactive consistency in constant time , 2003, Distributed Computing.

[24]  Danny Dolev,et al.  Early stopping in Byzantine agreement , 1990, JACM.

[25]  Jonathan Katz,et al.  Fair Computation with Rational Players , 2012, EUROCRYPT.

[26]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires ~Omega(log n) Rounds , 2001, Electron. Colloquium Comput. Complex..

[27]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[28]  Craig Gentry,et al.  Two-Round Secure MPC from Indistinguishability Obfuscation , 2014, TCC.

[29]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[30]  Daniel Wichs,et al.  Two Round Multiparty Computation via Multi-key FHE , 2016, EUROCRYPT.

[31]  Mike Rosulek Must You Know the Code of f to Securely Compute f? , 2012, CRYPTO.

[32]  Yehuda Lindell,et al.  Sequential composition of protocols without simultaneous termination , 2002, PODC '02.

[33]  David C. Parkes,et al.  Fairness with an Honest Minority and a Rational Majority , 2009, TCC.

[34]  Anat Paskin-Cherniavsky,et al.  Secure Computation with Minimal Interaction, Revisited , 2015, CRYPTO.

[35]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[36]  Nancy A. Lynch,et al.  A Lower Bound for the Time to Assure Interactive Consistency , 1982, Inf. Process. Lett..

[37]  Joseph Y. Halpern,et al.  Rational secret sharing and multiparty computation: extended abstract , 2004, STOC '04.

[38]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[39]  Anat Paskin-Cherniavsky,et al.  Secure Multiparty Computation with Minimal Interaction , 2010, CRYPTO.

[40]  Jonathan Katz,et al.  Round-Efficient Secure Computation in Point-to-Point Networks , 2007, EUROCRYPT.

[41]  Birgit Pfitzmann,et al.  Unconditional Byzantine Agreement for any Number of Faulty Processors , 1992, STACS.

[42]  Georg Fuchsbauer,et al.  Efficient Rational Secret Sharing in Standard Communication Networks , 2010, IACR Cryptol. ePrint Arch..

[43]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[44]  Elaine Shi,et al.  Constant-Round MPC with Fairness and Guarantee of Output Delivery , 2015, CRYPTO.

[45]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[46]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[47]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[48]  Rafail Ostrovsky,et al.  Unconditionally-Secure Robust Secret Sharing with Compact Shares , 2012, EUROCRYPT.

[49]  Ueli Maurer,et al.  Rational Protocol Design: Cryptography against Incentive-Driven Adversaries , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[50]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[51]  Yehuda Lindell,et al.  Utility Dependence in Correct and Fair Rational Secret Sharing , 2009, Journal of Cryptology.

[52]  Matthias Fitzi,et al.  Efficient player-optimal protocols for strong and differential consensus , 2003, PODC '03.

[53]  Rafail Ostrovsky,et al.  Secure Multi-Party Computation with Identifiable Abort , 2014, CRYPTO.

[54]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[55]  Kai-Min Chung,et al.  The Knowledge Tightness of Parallel Zero-Knowledge , 2012, TCC.

[56]  Yehuda Lindell,et al.  Fairness Versus Guaranteed Output Delivery in Secure Multiparty Computation , 2014, Journal of Cryptology.

[57]  Rafael Pass,et al.  An Efficient Parallel Repetition Theorem , 2010, TCC.