Probabilistic Termination and Composability of Cryptographic Protocols

Ran Cohen; Sandro Coretti; Juan Garay; Vasileios Zikas

doi:10.1007/978-3-662-53015-3_9

Probabilistic Termination and Composability of Cryptographic Protocols

Ran Cohen, Sandro Coretti, Juan Garay, Vasileios Zikas

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

When analyzing the round complexity of multi-party computation (MPC), one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is impossible to implement a broadcast channel by a (deterministic) protocol in a sub-linear (in the number of corrupted parties) number of rounds. The seminal works of Rabin and Ben-Or from the early 80’s demonstrated that limitations as the above can be overcome by allowing parties to terminate in different rounds, igniting the study of protocols with probabilistic termination. However, absent a rigorous simulation-based definition, the suggested protocols are proven secure in a property-based manner, guaranteeing limited composability. In this work, we define MPC with probabilistic termination in the UC framework. We further prove a special universal composition theorem for probabilistic-termination protocols, which allows to compile a protocol using deterministic-termination hybrids into a protocol that uses expected-constant-round protocols for emulating these hybrids, preserving the expected round complexity of the calling protocol.

We showcase our definitions and compiler by providing the first composable protocols (with simulation-based security proofs) for the following primitives, relying on point-to-point channels: (1) expected-constant-round perfect Byzantine agreement, (2) expected-constant-round perfect parallel broadcast, and (3) perfectly secure MPC with round complexity independent of the number of parties.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2016
Publisher	Springer
Pages	240-269
Number of pages	30
ISBN (Electronic)	978-3-662-53015-3
ISBN (Print)	978-3-662-53014-6
DOIs	https://doi.org/10.1007/978-3-662-53015-3_9
Publication status	Published - 21 Jul 2016
Event	36th Annual International Cryptology Conference - University of California, Santa Barbara, United States Duration: 14 Aug 2016 → 18 Aug 2016 https://www.iacr.org/conferences/crypto2016/ https://www.iacr.org/conferences/crypto2016/index.html

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer, Berlin, Heidelberg
Volume	9816
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	36th Annual International Cryptology Conference
Abbreviated title	CRYPTO 2016
Country/Territory	United States
City	Santa Barbara
Period	14/08/16 → 18/08/16
Internet address	https://www.iacr.org/conferences/crypto2016/ https://www.iacr.org/conferences/crypto2016/index.html

Access to Document

10.1007/978-3-662-53015-3_9

https://link.springer.com/chapter/10.1007/978-3-662-53015-3_9

Cite this

@inproceedings{804e9a33a8b945c3a742f4c303c2839c,

title = "Probabilistic Termination and Composability of Cryptographic Protocols",

abstract = "When analyzing the round complexity of multi-party computation (MPC), one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is impossible to implement a broadcast channel by a (deterministic) protocol in a sub-linear (in the number of corrupted parties) number of rounds. The seminal works of Rabin and Ben-Or from the early 80{\textquoteright}s demonstrated that limitations as the above can be overcome by allowing parties to terminate in different rounds, igniting the study of protocols with probabilistic termination. However, absent a rigorous simulation-based definition, the suggested protocols are proven secure in a property-based manner, guaranteeing limited composability. In this work, we define MPC with probabilistic termination in the UC framework. We further prove a special universal composition theorem for probabilistic-termination protocols, which allows to compile a protocol using deterministic-termination hybrids into a protocol that uses expected-constant-round protocols for emulating these hybrids, preserving the expected round complexity of the calling protocol.We showcase our definitions and compiler by providing the first composable protocols (with simulation-based security proofs) for the following primitives, relying on point-to-point channels: (1) expected-constant-round perfect Byzantine agreement, (2) expected-constant-round perfect parallel broadcast, and (3) perfectly secure MPC with round complexity independent of the number of parties.",

author = "Ran Cohen and Sandro Coretti and Juan Garay and Vasileios Zikas",

year = "2016",

month = jul,

day = "21",

doi = "10.1007/978-3-662-53015-3_9",

language = "English",

isbn = "978-3-662-53014-6",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "240--269",

booktitle = "Advances in Cryptology – CRYPTO 2016",

address = "United Kingdom",

note = "36th Annual International Cryptology Conference, CRYPTO 2016 ; Conference date: 14-08-2016 Through 18-08-2016",

url = "https://www.iacr.org/conferences/crypto2016/, https://www.iacr.org/conferences/crypto2016/index.html",

}

Cohen, R, Coretti, S, Garay, J & Zikas, V 2016, Probabilistic Termination and Composability of Cryptographic Protocols. in Advances in Cryptology – CRYPTO 2016 . Lecture Notes in Computer Science, vol. 9816, Springer, pp. 240-269, 36th Annual International Cryptology Conference, Santa Barbara, California, United States, 14/08/16. https://doi.org/10.1007/978-3-662-53015-3_9

TY - GEN

T1 - Probabilistic Termination and Composability of Cryptographic Protocols

AU - Cohen, Ran

AU - Coretti, Sandro

AU - Garay, Juan

AU - Zikas, Vasileios

PY - 2016/7/21

Y1 - 2016/7/21

N2 - When analyzing the round complexity of multi-party computation (MPC), one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is impossible to implement a broadcast channel by a (deterministic) protocol in a sub-linear (in the number of corrupted parties) number of rounds. The seminal works of Rabin and Ben-Or from the early 80’s demonstrated that limitations as the above can be overcome by allowing parties to terminate in different rounds, igniting the study of protocols with probabilistic termination. However, absent a rigorous simulation-based definition, the suggested protocols are proven secure in a property-based manner, guaranteeing limited composability. In this work, we define MPC with probabilistic termination in the UC framework. We further prove a special universal composition theorem for probabilistic-termination protocols, which allows to compile a protocol using deterministic-termination hybrids into a protocol that uses expected-constant-round protocols for emulating these hybrids, preserving the expected round complexity of the calling protocol.We showcase our definitions and compiler by providing the first composable protocols (with simulation-based security proofs) for the following primitives, relying on point-to-point channels: (1) expected-constant-round perfect Byzantine agreement, (2) expected-constant-round perfect parallel broadcast, and (3) perfectly secure MPC with round complexity independent of the number of parties.

AB - When analyzing the round complexity of multi-party computation (MPC), one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is impossible to implement a broadcast channel by a (deterministic) protocol in a sub-linear (in the number of corrupted parties) number of rounds. The seminal works of Rabin and Ben-Or from the early 80’s demonstrated that limitations as the above can be overcome by allowing parties to terminate in different rounds, igniting the study of protocols with probabilistic termination. However, absent a rigorous simulation-based definition, the suggested protocols are proven secure in a property-based manner, guaranteeing limited composability. In this work, we define MPC with probabilistic termination in the UC framework. We further prove a special universal composition theorem for probabilistic-termination protocols, which allows to compile a protocol using deterministic-termination hybrids into a protocol that uses expected-constant-round protocols for emulating these hybrids, preserving the expected round complexity of the calling protocol.We showcase our definitions and compiler by providing the first composable protocols (with simulation-based security proofs) for the following primitives, relying on point-to-point channels: (1) expected-constant-round perfect Byzantine agreement, (2) expected-constant-round perfect parallel broadcast, and (3) perfectly secure MPC with round complexity independent of the number of parties.

UR - https://eprint.iacr.org/2016/350

U2 - 10.1007/978-3-662-53015-3_9

DO - 10.1007/978-3-662-53015-3_9

M3 - Conference contribution

SN - 978-3-662-53014-6

T3 - Lecture Notes in Computer Science

SP - 240

EP - 269

BT - Advances in Cryptology – CRYPTO 2016

PB - Springer

T2 - 36th Annual International Cryptology Conference

Y2 - 14 August 2016 through 18 August 2016

ER -

Probabilistic Termination and Composability of Cryptographic Protocols

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this