Abstract
In this work, we design and implement the first protocol for distributed generation of an RSA modulus that can support thousands of parties and offers security against active corruption of an arbitrary number of parties. In a nutshell, we first design a highly optimized protocol for this scale that is secure against passive corruptions, and then amplify its security to withstand active corruptions using lightweight succinct zero-knowledge proofs. Our protocol achieves security with "identifiable abort, "where a corrupted party is identified whenever the protocol aborts, and supports public verifiability.Our protocol against passive corruptions extends the recent work of Chen et al. (CRYPTO 2020) that, in turn, is based on the blueprint introduced in the original work of Boneh-Franklin protocol (CRYPTO 1997, J. ACM, 2001). Specifically, we reduce the task of sampling a modulus to secure distributed multiplication, which we implement via an efficient threshold additively homomorphic encryption scheme based on the Ring-LWE assumption. This results in a protocol where the (amortized) per-party communication cost grows logarithmically in the number of parties. In order to minimize the work done by the parties, we employ a "publicly verifiable"coordinator that is connected to all parties and only performs computations on public data.We implemented both the passive and the active variants of our protocol and ran experiments using 2 to 4, 000 parties. This is the first implementation of any MPC protocol that can scale to more than 1, 000 parties. For generating a 2048-bit modulus among 1, 000 parties, our passive protocol executed in under 6 minutes and the active variant ran in under 25 minutes.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 590-607 |
| Number of pages | 18 |
| ISBN (Electronic) | 9781728189345 |
| DOIs | |
| State | Published - May 2021 |
| Event | 42nd IEEE Symposium on Security and Privacy, SP 2021 - Virtual, San Francisco, United States Duration: 24 May 2021 → 27 May 2021 |
Publication series
| Name | Proceedings - IEEE Symposium on Security and Privacy |
|---|---|
| Volume | 2021-May |
| ISSN (Print) | 1081-6011 |
Conference
| Conference | 42nd IEEE Symposium on Security and Privacy, SP 2021 |
|---|---|
| Country/Territory | United States |
| City | Virtual, San Francisco |
| Period | 24/05/21 → 27/05/21 |
Bibliographical note
Publisher Copyright:© 2021 IEEE.
Funding
Carmit Hazay is supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office, and by ISF grant No. 1316/18. Yuval Ishai is supported by ERC Project NTSC (742754), NSF-BSF grant 2015782, BSF grant 2018393, We thank the Ethereum Foundation, Protocol Labs and the VDF Alliance for funding this project. We specifically thank Justin Drake, Dankrad Feist, Kelly Olson and Simon Peffers for giving us feedback throughout the development and relaying real-world concerns in deployment. We thank Nick Thompson for developing the initial transport architecture. We thank Matt DiBiase and Scott Catlin for their encouragement and logistical support. We thank the anonymous reviewers of IEEE S&P for insightful comments. and a joint Israel-India grant. Daniele Micciancio is supported in part by NSF award 1936703. abhi shelat is supported by NSF grant TWC-1646671.
| Funders | Funder number |
|---|---|
| NSF-BSF | 2015782 |
| NTSC | 742754 |
| National Science Foundation | 1936703, TWC-1646671 |
| European Commission | |
| United States-Israel Binational Science Foundation | 2018393 |
| Israel Science Foundation | 1316/18 |
| Ethereum Foundation |
Keywords
- Dishonest-majority
- Distributed-sampling
- RSA-modulus
- Secure-multiparty-computation
- VDF