Results 1 
6 of
6
On 2Round Secure Multiparty Computation
 In Proc. Crypto ’02
, 2002
"... Abstract. Substantial efforts have been spent on characterizing the round complexity of various cryptographic tasks. In this work we study the round complexity of secure multiparty computation in the presence of an active (Byzantine) adversary, assuming the availability of secure pointtopoint chan ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
Abstract. Substantial efforts have been spent on characterizing the round complexity of various cryptographic tasks. In this work we study the round complexity of secure multiparty computation in the presence of an active (Byzantine) adversary, assuming the availability of secure pointtopoint channels and a broadcast primitive. It was recently shown that in this setting three rounds are sufficient for arbitrary secure computation tasks, with a linear security threshold, and two rounds are sufficient for certain nontrivial tasks. This leaves open the question whether every function can be securely computed in two rounds. We show that the answer to this question is “no”: even some very simple functions do not admit secure 2round protocols (independently of their communication and time complexity) and thus 3 is the exact round complexity of general secure multiparty computation. Yet, we also present some positive results by identifying a useful class of functions which can be securely computed in two rounds. Our results apply both to the informationtheoretic and to the computational notions of security.
Y.: Constantround multiparty computation using a blackbox pseudorandom generator
 In: CRYPTO. LNCS
, 2005
"... Abstract. We present a constantround protocol for general secure multiparty computation which makes a blackbox use of a pseudorandom generator. In particular, the protocol does not require expensive zeroknowledge proofs and its communication complexity does not depend on the computational complexi ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
Abstract. We present a constantround protocol for general secure multiparty computation which makes a blackbox use of a pseudorandom generator. In particular, the protocol does not require expensive zeroknowledge proofs and its communication complexity does not depend on the computational complexity of the underlying cryptographic primitive. Our protocol withstands an active, adaptive adversary corrupting a minority of the parties. Previous constantround protocols of this type were only known in the semihonest model or for restricted classes of functionalities. 1
On expected constantround protocols for Byzantine agreement
 In Advances in Cryptology — Crypto ’06
, 2006
"... In a seminal paper, Feldman and Micali show an nparty Byzantine agreement protocol in the plain model that tolerates t < n/3 malicious parties and runs in expected constant rounds. Here, resolving a question that had been open since their work, we show an expected constantround protocol for authen ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
In a seminal paper, Feldman and Micali show an nparty Byzantine agreement protocol in the plain model that tolerates t < n/3 malicious parties and runs in expected constant rounds. Here, resolving a question that had been open since their work, we show an expected constantround protocol for authenticated Byzantine agreement assuming honest majority (i.e., t < n/2), and relying only on the existence of signature schemes and a publickey infrastructure. Combined with existing results, this gives the first expected constantround protocol for secure computation with honest majority in a pointtopoint network under the same assumptions. Our key technical tool — a new primitive we introduce called moderated VSS — also yields a simpler proof of the FeldmanMicali result. In addition, we show a simple technique for sequential composition of Byzantine agreement protocols that do not achieve simultaneous termination, something that is inherent for protocols using o(t) rounds.
Roundefficient secure computation in pointtopoint networks
 In Advances in Cryptology — Eurocrypt ’07
, 2007
"... Abstract. Essentially all work studying the round complexity of secure computation assumes broadcast as an atomic primitive. Protocols constructed under this assumption tend to have very poor round complexity when compiled for a pointtopoint network due to the high overhead of emulating each invoc ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
Abstract. Essentially all work studying the round complexity of secure computation assumes broadcast as an atomic primitive. Protocols constructed under this assumption tend to have very poor round complexity when compiled for a pointtopoint network due to the high overhead of emulating each invocation of broadcast. This problem is compounded when broadcast is used in more than one round of the original protocol due to the complexity of handling sequential composition (when using roundefficient emulation of broadcast). We argue that if the goal is to optimize round complexity in pointtopoint networks, then it is preferable to design protocols — assuming a broadcast channel — minimizing the number of rounds in which broadcast is used rather than minimizing the total number of rounds. With this in mind, we present protocols for secure computation in a number of settings that use only a single round of broadcast. In all cases, we achieve optimal security threshold for adaptive adversaries, and obtain protocols whose round complexity (in a pointtopoint network) improves on prior work. 1
Improving the round complexity of VSS in pointtopoint networks
 In 35th International Colloquium on Automata, Languages and Programming (ICALP), volume 5126 of Lecture Notes in Computer Science
, 2008
"... We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfect VSS where the number of corrupted parties t satisfies t < n/3, with n the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfect VSS where the number of corrupted parties t satisfies t < n/3, with n the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC 2006) shows that, assuming a broadcast channel, 3 rounds are necessary and sufficient for efficient VSS. Existing protocols, however, treat the broadcast channel as being available “for free ” and do not attempt to minimize its usage. This approach leads to relatively poor round complexity when such protocols are compiled to run over a pointtopoint network. We show here a VSS protocol that is simultaneously optimal in terms of both the number of rounds and the number of invocations of broadcast. Our protocol also satisfies a certain “2level sharing ” property that makes it useful for constructing protocols for general secure computation. 1
Improving the round complexity of ’roundoptimal’ vss. Cryptology ePrint Archive, Report 2007/358
, 2007
"... We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfectlysecure VSS where the number of corrupted parties t satisfies t < n/3, with n being the total number of parties. Work of Gennaro et al. (STOC 2001) and Fi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfectlysecure VSS where the number of corrupted parties t satisfies t < n/3, with n being the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC 2006) shows that, assuming a broadcast channel, 3 rounds are necessary and sufficient for efficient VSS. The efficient 3round protocol of Fitzi et al., however, treats the broadcast channel as being available “for free ” and does not attempt to minimize its usage. As argued previously by the authors, this approach leads to poor round complexity when protocols are compiled for a pointtopoint network. We show here a VSS protocol that is simultaneously optimal in terms of both the number of rounds and the number of invocations of broadcast. Our protocol also has a certain “2level sharing ” property that makes it useful for constructing protocols for general secure computation. 1