The round complexity of verifiable secret sharing and secure multicast

The <italic>round complexity</italic> of interactive protocols is one of their most important complexity measures. In this work we study the exact round complexity of two basic secure computation tasks: <italic>Verifiable Secret Sharing</italic> (VSS) and <italic>Secure Multicast</italic>. <italic>VSS</italic> allows a dealer to share a secret among several players in a way that would later allow a unique reconstruction of the secret. It is a well-studied primitive, which is used as a building block in virtually every general protocol for secure multi-party computation. <italic>Secure multicast</italic> is perhaps the simplest non-trivial instance of a secure computation. It allows a dealer to securely distribute an <italic>identical</italic> message to all players in a prescribed subset <italic>M</italic>. Both types of protocols are parameterized by the number of players, <italic>n</italic>, and a <italic>security threshold</italic>, <italic>t</italic>, which bounds the total number of malicious players (possibly including the dealer). We focus on a standard setting of <italic>perfect information-theoretic security</italic>, where all players have access to secure point-to-point channels and a common broadcast medium. For both types of primitives we prove, using related techniques, tight tradeoffs between the round complexity and the achievable security threshold. Specifically, for the VSS problem we show: 2-round VSS is possible iff <italic>n</italic>>4<italic>t</italic>, where the ``if'' direction is realized by an <italic>efficient</italic> protocol. 3-round VSS is possible iff <italic>n</italic>>3<italic>t</italic>, where the ``if'' direction is realized by an <italic>inefficient</italic> protocol. 4-round <italic>efficient</italic> VSS is possible if <italic>n</italic>>3<italic>t</italic>. For the secure multicast problem we show: 2-round secure multicast is (efficiently) possible iff

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[3]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[4]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[5]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[6]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[7]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[8]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[9]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[10]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[11]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[12]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[13]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[14]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[15]  Moti Yung,et al.  Perfectly secure message transmission , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[16]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[17]  Cynthia Dwork,et al.  Strong Verifiable Secret Sharing (Extended Abstract) , 1991, WDAG.

[18]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[19]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[20]  Silvio Micali,et al.  Secure Computation (Abstract) , 1991, CRYPTO.

[21]  Cynthia Dwork On Verification in Secret Sharing , 1991, CRYPTO.

[22]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[23]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[24]  Donald Beaver,et al.  Cryptographic Protocols Provably Secure Against Dynamic Adversaries , 1992, EUROCRYPT.

[25]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[26]  Piotr Berman,et al.  Bit optimal distributed consensus , 1992 .

[27]  Tal Rabin,et al.  Robust sharing of secrets when the dealer is honest or cheating , 1994, JACM.

[28]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[29]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[30]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[31]  Yuval Ishai,et al.  Private simultaneous messages protocols with applications , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[32]  Ronald Cramer,et al.  Efficient Multiparty Computations with Dishonest Minority , 1998 .

[33]  Moti Yung,et al.  Non-interactive cryptocomputing for NC/sup 1/ , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[34]  Matthias Fitzi,et al.  From partial consistency to global broadcast , 2000, STOC '00.

[35]  Matthew K. Franklin,et al.  Secure Communication in Minimal Connectivity Models , 1998, Journal of Cryptology.

[36]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[37]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[38]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[39]  Ivan Damgård,et al.  On the complexity of verifiable secret sharing and multiparty computation , 2000, STOC '00.

[40]  Donald Beaver Minimal-Latency Secure Function Evaluation , 2000, EUROCRYPT.