Arpita Patra

The Round Complexity of Verifiable Secret Sharing Revisited

The round complexity of interactive protocols is one of their most important complexity measures. In this work we prove that existing lower bounds for the round complexity of VSS can be circumvented by introducing a negligible probability of error in the reconstruction phase. Previous results show matching lower and upper bounds of three rounds for VSS, with n = 3t + 1, where the reconstruction of the secrets always succeeds, i.e. with probability 1. In contrast we show that with a negligible probability of error in the reconstruction phase: 1 There exists an efficient 2-round VSS protocol for n = 3t + 1. If we assume that the adversary is non-rushing then we can achieve a 1-round reconstruction phase. 1 There exists an efficient 1-round VSS for t = 1 and n > 3. 1 We prove that our results are optimal both in resilience and number of sharing rounds by showing: 1 There does not exist a 2-round WSS (and hence VSS) for n ≤ 3t. 1 There does not exist a 1-round VSS protocol for t ? 2 and n ? 4.

The Round Complexity of Verifiable Secret Sharing: The Statistical Case

We consider the round complexity of a basic cryptographic task: verifiable secret sharing (VSS). This well-studied primitive provides a good “test case” for our understanding of round complexity in general; moreover, VSS is important in its own right as a central building block for, e.g., Byzantine agreement and secure multi-party computation.

Multi Party Distributed Private Matching, Set Disjointness and Cardinality of Set Intersection with Information Theoretic Security

In this paper, we focus on the specific problems of Private Matching, Set Disjointness and Cardinality of Set Intersection in information theoretic settings. Specifically, we give perfectly secure protocols for the above problems in n party settings, tolerating a computationally unbounded semi-honest adversary, who can passively corrupt at most t < n /2 parties. To the best of our knowledge, these are the first such information theoretically secure protocols in a multi-party setting for all the three problems. Previous solutions for Distributed Private Matching and Cardinality of Set Intersection were cryptographically secure and the previous Set Disjointness solution, though information theoretically secure, is in a two party setting. We also propose a new model for Distributed Private matching which is relevant in a multi-party setting.

Computational verifiable secret sharing revisited

Verifiable secret sharing (VSS) is an important primitive in distributed cryptography that allows a dealer to share a secret among n parties in the presence of an adversary controlling at most t of them. In the computational setting, the feasibility of VSS schemes based on commitments was established over two decades ago. Interestingly, all known computational VSS schemes rely on the homomorphic nature of these commitments or achieve weaker guarantees. As homomorphism is not inherent to commitments or to the computational setting in general, a closer look at its utility to VSS is called for. In this work, we demonstrate that homomorphism of commitments is not a necessity for computational VSS in the synchronous or in the asynchronous communication model. We present new VSS schemes based only on the definitional properties of commitments that are almost as good as the existing VSS schemes based on homomorphic commitments. Importantly, they have significantly lower communication complexities than their (statistical or perfect) unconditional counterparts. Further, in the synchronous communication model, we observe that a crucial interactive complexity measure of round complexity has never been formally studied for computational VSS. Interestingly, for the optimal resiliency conditions, the least possible round complexity in the known computational VSS schemes is identical to that in the (statistical or perfect) unconditional setting: three rounds. Considering the strength of the computational setting, this equivalence is certainly surprising. In this work, we show that three rounds are actually not mandatory for computational VSS. We present the first two-round VSS scheme for n≥2t+1 and lower-bound the result tightly by proving the impossibility of one-round computational VSS for t≥2 or n≤3t. We also include a new two-round VSS scheme using homomorphic commitments that has the same communication complexity as the well-known three-round Feldman and Pedersen VSS schemes.

Constant phase bit optimal protocols for perfectly reliable and secure message transmission

In this paper, we study the problem of perfectly reliable message transmission(PRMT) and perfectly secure message transmission(PSMT) between a sender S and a receiver R in a synchronous network, where S and R are connected by n vertex disjoint paths called wires, each of which facilitates bidirectional communication. We assume that atmost t of these wires are under the control of adversary. We present two-phase-bit optimal PRMT protocol considering Byzantine adversary as well as mixed adversary. We also present a three phase PRMT protocol which reliably sends a message containing l field elements by overall communicating O(l) field elements. This is a significant improvement over the PRMT protocol proposed in [10] to achieve the same task which takes log(t) phases. We also present a three-phase-bit-optimal PSMT protocol which securely sends a message consisting of t field elements by communicating O(t2) field elements.

Indoor versus outdoor scene classification using probabilistic neural network

We propose a method for indoor versus outdoor scene classification using a probabilistic neural network (PNN). The scene is initially segmented (unsupervised) using fuzzy-means clustering (FCM) and features based on color, texture, and shape are extracted from each of the image segments. The image is thus represented by a feature set, with a separate feature vector for each image segment. As the number of segments differs from one scene to another, the feature set representation of the scene is of varying dimension. Therefore a modified PNN is used for classifying the variable dimension feature sets. The proposed technique is evaluated on two databases: IITM-SCID2 (scene classification image database) and that used by Payne and Singh in 2005. The performance of different feature combinations is compared using the modified PNN.

Perfectly secure message transmission in directed networks tolerating threshold and non threshold adversary

In this paper we study Perfectly Secure Message Transmission (PSMT) between a sender S and a receiver R, connected in a directed synchronous network through multiple parallel edges (called wires), each of which are directed from S to R or vice-versa. The unreliability of the network is modeled by a Byzantine adversary with infinite computing power. We investigate the problem with two different adversarial settings: (i) threshold and (ii) non-threshold. In [1], the authors have characterized PSMT against a t-active threshold adversary in directed networks1. However, their PSMT protocol was exponential both in terms of number of phases2 and communication complexity. In addition, they also presented a polynomial phase PSMT protocol with n′ = max(3t-u+1, 2t+1) wires from S to R. In this paper, we significantly improve the exponential phase protocol and present an elegant and efficient three phase PSMT protocol with polynomial communication complexity (and computational complexity) with n= max(3t-2u+1, 2t+1) wires from S to R. Also with n′ = max(3t - u + 1, 2t + 1) wires from S to R, we are able to further improve the communication complexity of our three phase PSMT protocol. Our second contribution in this paper is the first ever characterization for any two phase PSMT protocol. Finally, we also characterize PSMT protocol in directed networks tolerating nonthreshold adversary. In [3], the authors have given the characterization for PSMT against non-threshold adversary. However, in their characterization, they have only considered the paths from S to R, excluding the feedback paths (i.e paths from R to S) and hence their characterization holds good only for single phase protocols. We characterize multiphase PSMT considering feedback paths.

Simple and efficient asynchronous byzantine agreement with optimal resilience

Consider a completely asynchronous network consisting of <i>n</i> parties where every two parties are connected by a private channel. An adversary <i>A_t</i> with <i>unbounded computing power</i> actively controls at most <i>t</i> = ([<i>n</i>/3] − 1) out of <i>n</i> parties in Byzantine fashion. In this setting, we say that π is a <i>t</i>-resilient, (1 − ε)-terminating <i>Asynchronous Byzantine Agreement</i> (ABA) protocol, if π satisfies all the properties of Byzantine Agreement (BA) in asynchronous settings tolerating <i>A_t</i> and terminates (i.e every honest party terminates π with probability at least (1 − ε). In this work, we present a new <i>t</i>-resilient, (1 − ε)-terminating ABA protocol which <i>privately</i> communicates <i>O</i>(<i>Cn</i>⁶ κ) bits and A-casts¹ <i>O</i>(<i>Cn</i>⁶ κ) bits, where ε = 2^−Ω(κ) and <i>C</i> is the <i>expected running time</i> of the protocol. Moreover, conditioned on the event that our ABA protocol terminates, it does so in constant expected time; i.e., <i>C</i> = <i>O</i>(1). Our ABA protocol is to be compared with the <i>only known t</i>-resilient, (1 − ε)-terminating ABA protocol of [5] in the same settings, which <i>privately</i> communicates <i>O</i>(<i>Cn</i>¹¹ κ⁴) bits and A-casts <i>O</i>(<i>Cn</i>¹¹ κ² log(<i>n</i>)) bits, where ε = 2^−Ω(κ) and <i>C</i> = <i>O</i>(1). So our ABA achieves a huge gain in communication complexity in comparison to the ABA of [5], while keeping all other properties in place. In another landmark work, in PODC 2008, Abraham et. al [1] proposed a <i>t</i>-resilient, 1-terminating (called as <i>almost-surely terminating</i> in [1]) ABA protocol which privately communicates <i>O</i>(<i>Cn</i>⁶ log <i>n</i>) bits and A-casts <i>O</i>(<i>Cn</i>⁶ log <i>n</i>) bits. But ABA protocol of Abraham et. al. takes polynomial (<i>C</i> = <i>O</i>(<i>n</i>²)) expected time to terminate. Hence the merits of our ABA protocol over the ABA of Abraham et. al. are: (i) For any κ < <i>n</i>² log <i>n</i>, our ABA is better in terms of communication complexity (ii) conditioned on the event that our ABA protocol terminates, it does so in constant expected time (the constant is independent of <i>n</i>, <i>t</i> and κ), whereas ABA of Abraham et. al. takes polynomial expected time. Summing up, in a practical scenario where a faster and communication efficient ABA protocol is required, our ABA fits the bill better than ABA protocols of [5, 1]. For designing our ABA protocol, we present a novel and simple <i>asynchronous verifiable secret sharing</i> (AVSS) protocol which significantly improves the communication complexity of the only known AVSS protocol of [5] in the same settings. We believe that our AVSS can be used in many other applications for improving communication complexity and hence is of independent interest.

Between a Rock and a Hard Place: Interpolating between MPC and FHE

We present a computationally secure MPC protocol for threshold adversaries which is parametrized by a value L. When L = 2 we obtain a classical form of MPC protocol in which interaction is required for multiplications, as L increases interaction is reduced, in that one requires interaction only after computing a higher degree function. When L approaches infinity one obtains the FHE based protocol of Gentry, which requires no interaction. Thus one can trade communication for computation in a simple way. Our protocol is based on an interactive protocol for “bootstrapping” a somewhat homomorphic encryption (SHE) scheme. The key contribution is that our presented protocol is highly communication efficient enabling us to obtain reduced communication when compared to traditional MPC protocols for relatively small values of L.

On Minimal Connectivity Requirement for Secure Message Transmission in Asynchronous Networks

In the PSMT problem, a sender S and a receiver R are part of a distributed network and connected through n node disjoint paths, also called as wires among which at most t are controlled by an all powerful Byzantine adversary