{"title":"简要公告:异步安全分布式计算与可转移的无歧义再次访问","authors":"Rishabh Bhadauria, Ashish Choudhury","doi":"10.1145/3212734.3212777","DOIUrl":null,"url":null,"abstract":"In this paper, we consider two fundamental problems in secure distributed computing, namely Asynchronous Byzantine Agreement (ABA) and Asynchronous Secure Multi-party Computation (ASMPC). Our focus is on the honest majority setting, involving a set of n mutually distrusting parties, t of which can be under the control of a computationally bounded Byzantine adversary Adv, where t < n/2. It is well known that in the cryptographic setting where the parties have access to a public-key infrastructure (PKI) set-up and are connected by pair-wise channels, both ABA and ASMPC requires t n/3. However, Clement et al. (PODC 2012) and Backes et al. (PODC 2014) showed that it is possible to design computationally-secure ABA and ASMPC protocols respectively, even with t < n/2, provided the parties are available with a transferrable non-equivocation mechanism. Non-equivocation is a message authentication mechanism, which prevents a corrupt sender from sending conflicting messages to different parties. The transferability of the mechanism enables a receiver to verifiably transfer any authenticated statement to other parties, on behalf of the sender. In this paper, we revisit the work of Clement et al. and Backes et al. and show the following: 1. If n łeq 3t, then it is impossible to achieve the traditional notion of validity by any ABA protocol, which demands that if the inputs of all honest parties are same, say x, then all honest parties should output x at the end of the protocol. Moreover, this holds even if the parties are equipped with a transferrable non-equivocation mechanism. 2. The input phase of the ASMPC protocol of Backes et al (and hence the overall ASMPC protocol) may never terminate for the honest parties. The input phase runs an asynchronous primitive called Agreement on a Common Subset (ACS), which allows the honest parties to agree upon a common subset of n - t parties who provide their inputs for the computation. The ACS primitive runs n parallel instances of an ABA protocol, where the ith instance is to decide whether the ith party has provided its input. We show that since the underlying ABA instances does not satisfy the validity condition, the ACS primitive may never terminate for the honest parties; this results in the honest parties waiting indefinitely to identify the set of n - t input providers.","PeriodicalId":198284,"journal":{"name":"Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Brief Announcement: Asynchronous Secure Distributed Computing with Transferrable Non-equivocation Revisited\",\"authors\":\"Rishabh Bhadauria, Ashish Choudhury\",\"doi\":\"10.1145/3212734.3212777\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we consider two fundamental problems in secure distributed computing, namely Asynchronous Byzantine Agreement (ABA) and Asynchronous Secure Multi-party Computation (ASMPC). Our focus is on the honest majority setting, involving a set of n mutually distrusting parties, t of which can be under the control of a computationally bounded Byzantine adversary Adv, where t < n/2. It is well known that in the cryptographic setting where the parties have access to a public-key infrastructure (PKI) set-up and are connected by pair-wise channels, both ABA and ASMPC requires t n/3. However, Clement et al. (PODC 2012) and Backes et al. (PODC 2014) showed that it is possible to design computationally-secure ABA and ASMPC protocols respectively, even with t < n/2, provided the parties are available with a transferrable non-equivocation mechanism. Non-equivocation is a message authentication mechanism, which prevents a corrupt sender from sending conflicting messages to different parties. The transferability of the mechanism enables a receiver to verifiably transfer any authenticated statement to other parties, on behalf of the sender. In this paper, we revisit the work of Clement et al. and Backes et al. and show the following: 1. If n łeq 3t, then it is impossible to achieve the traditional notion of validity by any ABA protocol, which demands that if the inputs of all honest parties are same, say x, then all honest parties should output x at the end of the protocol. Moreover, this holds even if the parties are equipped with a transferrable non-equivocation mechanism. 2. The input phase of the ASMPC protocol of Backes et al (and hence the overall ASMPC protocol) may never terminate for the honest parties. The input phase runs an asynchronous primitive called Agreement on a Common Subset (ACS), which allows the honest parties to agree upon a common subset of n - t parties who provide their inputs for the computation. The ACS primitive runs n parallel instances of an ABA protocol, where the ith instance is to decide whether the ith party has provided its input. We show that since the underlying ABA instances does not satisfy the validity condition, the ACS primitive may never terminate for the honest parties; this results in the honest parties waiting indefinitely to identify the set of n - t input providers.\",\"PeriodicalId\":198284,\"journal\":{\"name\":\"Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3212734.3212777\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3212734.3212777","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
摘要
本文研究了安全分布式计算中的两个基本问题,即异步拜占庭协议(ABA)和异步安全多方计算(ASMPC)。我们的重点是诚实多数设置,涉及一组n个互不信任的各方,其中t可以在计算有限的拜占庭对手Adv的控制下,其中t < n/2。众所周知,在加密设置中,各方可以访问公钥基础设施(PKI)设置并通过成对通道连接,ABA和ASMPC都需要t n/3。然而,Clement等人(PODC 2012)和Backes等人(PODC 2014)表明,即使在t < n/2的情况下,只要各方具有可转移的非模棱两可机制,也可以分别设计计算安全的ABA和ASMPC协议。非模棱两可是一种消息身份验证机制,它可以防止损坏的发送方向不同方发送冲突的消息。该机制的可转移性使接收方能够代表发送方将任何经过验证的声明以可验证的方式传输给其他方。在本文中,我们回顾了Clement et al.和Backes et al.的工作,并展示了以下内容:如果n łeq 3t,则不可能通过任何ABA协议实现传统的有效性概念,这要求如果所有诚实方的输入相同,例如x,则所有诚实方应在协议结束时输出x。此外,即使各方配备了可转让的不含糊其词机制,这一点也成立。2. Backes等人的ASMPC协议的输入阶段(因此整个ASMPC协议)可能永远不会为诚实方终止。输入阶段运行一个称为公共子集协议(ACS)的异步原语,它允许诚实的各方就n - t个为计算提供输入的各方的公共子集达成一致。ACS原语运行n个ABA协议的并行实例,其中第i个实例决定第i方是否提供了其输入。我们证明,由于底层的ABA实例不满足有效性条件,对于诚实的双方,ACS原语可能永远不会终止;这导致诚实的各方无限期地等待来识别n个输入提供者的集合。
Brief Announcement: Asynchronous Secure Distributed Computing with Transferrable Non-equivocation Revisited
In this paper, we consider two fundamental problems in secure distributed computing, namely Asynchronous Byzantine Agreement (ABA) and Asynchronous Secure Multi-party Computation (ASMPC). Our focus is on the honest majority setting, involving a set of n mutually distrusting parties, t of which can be under the control of a computationally bounded Byzantine adversary Adv, where t < n/2. It is well known that in the cryptographic setting where the parties have access to a public-key infrastructure (PKI) set-up and are connected by pair-wise channels, both ABA and ASMPC requires t n/3. However, Clement et al. (PODC 2012) and Backes et al. (PODC 2014) showed that it is possible to design computationally-secure ABA and ASMPC protocols respectively, even with t < n/2, provided the parties are available with a transferrable non-equivocation mechanism. Non-equivocation is a message authentication mechanism, which prevents a corrupt sender from sending conflicting messages to different parties. The transferability of the mechanism enables a receiver to verifiably transfer any authenticated statement to other parties, on behalf of the sender. In this paper, we revisit the work of Clement et al. and Backes et al. and show the following: 1. If n łeq 3t, then it is impossible to achieve the traditional notion of validity by any ABA protocol, which demands that if the inputs of all honest parties are same, say x, then all honest parties should output x at the end of the protocol. Moreover, this holds even if the parties are equipped with a transferrable non-equivocation mechanism. 2. The input phase of the ASMPC protocol of Backes et al (and hence the overall ASMPC protocol) may never terminate for the honest parties. The input phase runs an asynchronous primitive called Agreement on a Common Subset (ACS), which allows the honest parties to agree upon a common subset of n - t parties who provide their inputs for the computation. The ACS primitive runs n parallel instances of an ABA protocol, where the ith instance is to decide whether the ith party has provided its input. We show that since the underlying ABA instances does not satisfy the validity condition, the ACS primitive may never terminate for the honest parties; this results in the honest parties waiting indefinitely to identify the set of n - t input providers.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
