Secure Multi-Player Protocols: Fundamentals, Generality, and Efficiency

While classically cryptography is concerned with the problem of private communication among two entities, say players, in modern cryptography multi-player protocols play an important role. And among these, it is probably fair to say that secret sharing, and its stronger version verifiable secret sharing (VSS), as well as multi-party computation (MPC) belong to the most appealing and/or useful ones. The former two are basic tools to achieve better robustness of cryptographic schemes against malfunction or misuse by " decentralizing " the security from one single to a whole group of individuals (captured by the term threshold cryptography). The latter allows—at least in principle—to execute any collaboration among a group of players in a secure way that guarantees the correctness of the outcome but simultaneously respects the privacy of the participants. In this work, we study three aspects of secret sharing, VSS and MPC, which we denote by fundamentals, generality, and efficiency. By fundamentals we mean the quest for understanding why a protocol works and is secure in abstract (and hopefully simple) mathematical terms. By generality we mean generality with respect to the underlying mathematical structure, in other words, minimizing the mathematical axioms required to do some task. And efficiency of course deals with the improvement of protocols with respect to some meaningful complexity measure. We briefly summarize our main results. (1) We give a complete characterization of black-box secret sharing in terms of simple algebraic conditions on the integer sharing coefficients, and we propose a black-box secret sharing scheme with minimal expansion factor. Note that, in contrast to the classical field-based secret sharing schemes, a black-box secret sharing scheme allows to share a secret sampled from an arbitrary Abelian group and requires only black-box access to the group operations and to random group elements. Such a scheme may be very useful in the construction of threshold cryptosystems based on groups with secret order (like RSA). (2) We show that without loss of efficiency, MPC can be based on arbitrary finite rings. This is in sharp contrast to the literature where essentially all MPC protocols require a much stronger mathematical structure, namely a field. Apart from its theoretical value, this can lead to efficiency improvements since it allows a greater freedom in the (mathematical) representation of the task that needs to be securely executed. (3) We propose a unified treatment of perfectly secure linear VSS and distributed commitments (a weaker version …

[1]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[2]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[3]  Ivan Damgård,et al.  On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase , 2001, CRYPTO.

[4]  Stefan Dziembowski Multiparty Computations Information-Theoretically Secure Against an Adaptive Adversary , 2002 .

[5]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[6]  Yvo Desmedt,et al.  Perfect Homomorphic Zero-Knowledge Threshold Schemes over any Finite Abelian Group , 1994, SIAM J. Discret. Math..

[7]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[8]  Richard E. Blahut,et al.  Principles and practice of information theory , 1987 .

[9]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[10]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[11]  Gustavus J. Simmons,et al.  Authentication Theory/Coding Theory , 1985, CRYPTO.

[12]  H. Lenstra,et al.  Euclidean number fields of large degree , 1976 .

[13]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[14]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[15]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[16]  Ronald Cramer,et al.  Non-interactive Distributed-Verifier Proofs and Proving Relations among Commitments , 2002, ASIACRYPT.

[17]  Ronald Cramer,et al.  Optimal Black-Box Secret Sharing over Arbitrary Abelian Groups , 2002, CRYPTO.

[18]  Piotr Berman,et al.  Towards Optimal Distributed Consensus (Extended Abstract) , 1989, FOCS 1989.

[19]  Masayuki Abe Robust distributed multiplication without interaction , 1999 .

[20]  Ivan Damgård,et al.  Zero-Knowledge Proofs for Finite Field Arithmetic or: Can Zero-Knowledge be for Free? , 1997 .

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Brian King,et al.  Randomness Required for Linear Threshold Sharing Schemes Defined over Any Finite Abelian Group , 2001, ACISP.

[23]  Matthias Fitzi,et al.  General Adversaries in Unconditional Multi-party Computation , 1999, ASIACRYPT.

[24]  Ueli Maurer,et al.  Linear VSS and Distributed Commitments Based on Secret Sharing and Pairwise Checks , 2002, CRYPTO.

[25]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[26]  Gustavus J. Simmons,et al.  How to (Really) Share a Secret , 1988, CRYPTO.

[27]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation ? Corrected Version ?? , 1998 .

[28]  Ueli Maurer,et al.  Efficient Secure Multi-party Computation , 2000, ASIACRYPT.

[29]  Giovanni Di Crescenzo,et al.  Existence of multiplicative secret sharing schemes with polynomial share expansion , 1999, SODA '99.

[30]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[31]  Jesper Buus Nielsen,et al.  On Protocol Security in the Cryptographic Model , 2003 .

[32]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[33]  Yvo Desmedt,et al.  Efficient Multiplicative Sharing Schemes , 1996, EUROCRYPT.

[34]  Mads J. Jurik,et al.  Extensions to the Paillier Cryptosystem with Applications to Cryptological Protocols , 2003 .

[35]  Stuart A. Kurtz,et al.  A discrete logarithm implementation of zero-knowledge blobs , 1987 .

[36]  Stefan Dantchev On Resolution Complexity of Matching Principles , 2002 .

[37]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[38]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[39]  Anna Gál,et al.  Combinatorial methods in boolean function complexity , 1995 .

[40]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[41]  Martin Hirt,et al.  Multi party computation: efficient protocols, general adversaries, and voting , 2001 .

[42]  Giovanni Di Crescenzo,et al.  Multiplicative Non-abelian Sharing Schemes and their Application to Threshold Cryptography , 1994, ASIACRYPT.

[43]  Matthias Fitzi,et al.  Efficient Byzantine Agreement Secure Against General Adversaries , 1998, DISC.

[44]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[45]  Yuval Ishai,et al.  Efficient Multi-party Computation over Rings , 2003, EUROCRYPT.

[46]  Rasmus K. Ursem,et al.  Models for Evolutionary Algorithms and Their Applications in System Identification and Control Optimization , 2003 .

[47]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[48]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[49]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[50]  Yvo Desmedt,et al.  Some results in linear secret sharing , 2000 .

[51]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[52]  Ueli Maurer,et al.  Secure multi-party computation made simple , 2002, Discret. Appl. Math..

[53]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[54]  Ingemar Ingemarsson,et al.  A Construction of Practical Secret Sharing Schemes using Linear Block Codes , 1992, AUSCRYPT.

[55]  Claus Brabrand,et al.  Domain Specific Languages for Interactive Web Services , 2003 .

[56]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[57]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[58]  Ueli Maurer,et al.  Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract) , 1997, PODC '97.

[59]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[60]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[61]  M. Oliver,et al.  Structure and Hierarchy in Real-Time Systems , 2002 .

[62]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[63]  Yvo Desmedt,et al.  A Comment on the Efficiency of Secret Sharing Scheme over Any Finite Abelian Group , 1998, ACISP.

[64]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[65]  Carles Padró,et al.  Secret Sharing Schemes with Detection of Cheaters for a General Access Structure , 1999, Des. Codes Cryptogr..

[66]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[67]  Yuval Ishai,et al.  The round complexity of verifiable secret sharing and secure multicast , 2001, STOC '01.

[68]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[69]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[70]  Ueli Maurer,et al.  Robustness for Free in Unconditional Multi-party Computation , 2001, CRYPTO.

[71]  Donald Beaver Minimal-Latency Secure Function Evaluation , 2000, EUROCRYPT.

[72]  Yuval Ishai,et al.  On the power of nonlinear secret-sharing , 2001, Proceedings 16th Annual IEEE Conference on Computational Complexity.

[73]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[74]  Donald Beaver,et al.  Quorum-Based Secure Multi-party Computation , 1998, EUROCRYPT.