Broadcast is an essential primitive for secure computation. We focus in this paper on optimal resilience (i.e., when the number of corrupted parties t is less than a third of the computing parties n), and with no setup or cryptographic assumptions. While broadcast with worst case t rounds is impossible, it has been shown [Feldman and Micali STOC’88, Katz and Koo CRYPTO’06] how to construct protocols with expected constant number of rounds in the private channel model. However, those constructions have large communication complexity, specifically O(n2L+ n6log n) expected number of bits transmitted for broadcasting a message of length L. This leads to a significant communication blowup in secure computation protocols in this setting. In this paper, we substantially improve the communication complexity of broadcast in constant expected time. Specifically, the expected communication complexity of our protocol is O(nL+ n4log n). For messages of length L= Ω(n3log n), our broadcast has no asymptotic overhead (up to expectation), as each party has to send or receive O(n3log n) bits. We also consider parallel broadcast, where n parties wish to broadcast L bit messages in parallel. Our protocol has no asymptotic overhead for L= Ω(n2log n), which is a common communication pattern in perfectly secure MPC protocols. For instance, it is common that all parties share their inputs simultaneously at the same round, and verifiable secret sharing protocols require the dealer to broadcast a total of O(n2log n) bits. As an independent interest, our broadcast is achieved by a packed verifiable secret sharing, a new notion that we introduce. We show a protocol that verifies O(n) secrets simultaneously with the same cost of verifying just a single secret. This improves by a factor of n the state-of-the-art.
|Title of host publication||Theory of Cryptography - 20th International Conference, TCC 2022, Proceedings|
|Editors||Eike Kiltz, Vinod Vaikuntanathan|
|Publisher||Springer Science and Business Media Deutschland GmbH|
|Number of pages||31|
|State||Published - 2022|
|Event||20th Theory of Cryptography Conference, TCC 2022 - Chicago, United States|
Duration: 7 Nov 2022 → 10 Nov 2022
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||20th Theory of Cryptography Conference, TCC 2022|
|Period||7/11/22 → 10/11/22|
Bibliographical noteFunding Information:
Acknowledgements. Gilad Asharov is sponsored by the Israel Science Foundation (grant No. 2439/20), by JPM Faculty Research Award, by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office, and by the European Union’s Horizon 2020 research and innovation programme under the Marie Sk lodowska-Curie grant agreement No. 891234. Shravani Patil would like to acknowledge the support of DST National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS) 2020-2025. Arpita Patra would like to acknowledge the support of DST National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS) 2020-2025, Google India Faculty Award, and SERB MATRICS (Theoretical Sciences) Grant 2020-2023.
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
- Byzantine agreement