Efficient and Universally Composable Single Secret Leader Election from Pairings

Single Secret Leader Election (SSLE) protocols allow a set of users to elect a leader among them so that the identity of the winner remains secret until she decides to reveal herself. This notion was formalized and implemented in a recent result by Boneh, et al. (ACM Advances on Financial Technology 2020) and finds important applications in the area of Proof of Stake blockchains. In this paper we put forward new SSLE solutions that advance the state of the art both from a theoretical and a practical front. On the theoretical side we propose a new definition of SSLE in the universal composability framework. We believe this to be the right way to model security in highly concurrent contexts such as those of many blockchain related applications. Next, we propose a UCrealization of SSLE from public key encryption with keyword search (PEKS) and based on the ability of distributing the PEKS key generation and encryption algorithms. Finally, we give a concrete PEKS scheme with efficient distributed algorithms for key generation and encryption and that allows us to efficiently instantiate our abstract SSLE construction. Our resulting SSLE protocol is very efficient, does not require participants to store any state information besides their secret keys and guarantees so called on-chain efficiency: the information to verify an election in the new block should be of size at most logarithmic in the number of participants. To the best of our knowledge, this is the first SSLE scheme achieving this property along with practical efficiency.

[1]  Ueli Maurer Zero-knowledge proofs of knowledge for group homomorphisms , 2015, Des. Codes Cryptogr..

[2]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[3]  Ariel Gabizon,et al.  Cryptocurrencies Without Proof of Work , 2014, Financial Cryptography Workshops.

[4]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[5]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[6]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[7]  Marcin Andrychowicz,et al.  Fair Two-Party Computations via Bitcoin Deposits , 2014, Financial Cryptography Workshops.

[8]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[9]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[10]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[11]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[12]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[13]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[14]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[15]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[16]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[17]  Daniel Tschudi,et al.  Proof-of-Stake Protocols for Privacy-Aware Blockchains , 2019, IACR Cryptol. ePrint Arch..

[18]  Markulf Kohlweiss,et al.  On the Non-malleability of the Fiat-Shamir Transform , 2012, INDOCRYPT.

[19]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[20]  Sarah Meiklejohn,et al.  Betting on Blockchain Consensus with Fantomette , 2018, ArXiv.

[21]  Dan Boneh,et al.  Threshold Cryptosystems From Threshold Fully Homomorphic Encryption , 2018, IACR Cryptol. ePrint Arch..

[22]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[23]  Aggelos Kiayias,et al.  Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[24]  Ignacio Cascudo,et al.  ALBATROSS: publicly AttestabLe BATched Randomness based On Secret Sharing , 2020, IACR Cryptol. ePrint Arch..

[25]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[26]  Rafael Dowsley,et al.  Insured MPC: Efficient Secure Computation with Financial Penalties , 2020, Financial Cryptography.

[27]  Hoeteck Wee,et al.  Attribute-Hiding Predicate Encryption in Bilinear Groups, Revisited , 2017, TCC.

[28]  Dan Boneh,et al.  Single Secret Leader Election , 2020, IACR Cryptol. ePrint Arch..

[29]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[30]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[31]  Tommaso Gagliardoni,et al.  The Wonderful World of Global Random Oracles , 2018, IACR Cryptol. ePrint Arch..

[32]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[33]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.