Probabilistic Termination and Composability of Cryptographic Protocols

When analyzing the round complexity of multi-party protocols, one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is well known that it is impossible to implement a broadcast channel by a (deterministic) pr...

Full description

Saved in:
Bibliographic Details
Published in:Journal of cryptology Vol. 32; no. 3; pp. 690 - 741
Main Authors: Cohen, Ran, Coretti, Sandro, Garay, Juan, Zikas, Vassilis
Format: Journal Article
Language:English
Published: New York Springer US 15.07.2019
Springer Nature B.V
Subjects:
Channels
Coding and Information Theory
Combinatorics
Communications Engineering
Complexity
Computational Mathematics and Numerical Analysis
Computer Science
Computer simulation
Cryptography
Networks
Probability Theory and Stochastic Processes
Protocol
Simulation
Theorems
Probabilistic termination
Universal composition
Randomized Byzantine agreement
Cryptographic protocols
ISSN:0933-2790, 1432-1378
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:When analyzing the round complexity of multi-party protocols, one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is well known that it is impossible to implement a broadcast channel by a (deterministic) protocol in a sublinear (in the number of corrupted parties) number of rounds. The seminal works of Rabin and Ben-Or from the early 1980s demonstrated that limitations as the above can be overcome by using randomization and allowing parties to terminate at different rounds, igniting the study of protocols over point-to-point channels with probabilistic termination and expected constant round complexity. However, absent a rigorous simulation-based definition, the suggested protocols are proven secure in a property-based manner or via ad hoc simulation-based frameworks, therefore guaranteeing limited, if any, composability. In this work, we put forth the first simulation-based treatment of multi-party cryptographic protocols with probabilistic termination. We define secure multi-party computation (MPC) with probabilistic termination in the UC framework and prove a universal composition theorem for probabilistic termination protocols. Our theorem allows to compile a protocol using deterministic termination hybrids into a protocol that uses expected constant round protocols for emulating these hybrids, preserving the expected round complexity of the calling protocol. We showcase our definitions and compiler by providing the first composable protocols (with simulation-based security proofs) for the following primitives, relying on point-to-point channels: (1) expected constant round perfect Byzantine agreement, (2) expected constant round perfect parallel broadcast, and (3) perfectly secure MPC with round complexity independent of the number of parties.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0933-2790
1432-1378
DOI:10.1007/s00145-018-9279-y