Ashish Choudhary

The Round Complexity of Verifiable Secret Sharing Revisited

The round complexity of interactive protocols is one of their most important complexity measures. In this work we prove that existing lower bounds for the round complexity of VSS can be circumvented by introducing a negligible probability of error in the reconstruction phase. Previous results show matching lower and upper bounds of three rounds for VSS, with n = 3t + 1, where the reconstruction of the secrets always succeeds, i.e. with probability 1. In contrast we show that with a negligible probability of error in the reconstruction phase: 1 There exists an efficient 2-round VSS protocol for n = 3t + 1. If we assume that the adversary is non-rushing then we can achieve a 1-round reconstruction phase. 1 There exists an efficient 1-round VSS for t = 1 and n > 3. 1 We prove that our results are optimal both in resilience and number of sharing rounds by showing: 1 There does not exist a 2-round WSS (and hence VSS) for n ≤ 3t. 1 There does not exist a 1-round VSS protocol for t ? 2 and n ? 4.

Multi Party Distributed Private Matching, Set Disjointness and Cardinality of Set Intersection with Information Theoretic Security

In this paper, we focus on the specific problems of Private Matching, Set Disjointness and Cardinality of Set Intersection in information theoretic settings. Specifically, we give perfectly secure protocols for the above problems in n party settings, tolerating a computationally unbounded semi-honest adversary, who can passively corrupt at most t < n /2 parties. To the best of our knowledge, these are the first such information theoretically secure protocols in a multi-party setting for all the three problems. Previous solutions for Distributed Private Matching and Cardinality of Set Intersection were cryptographically secure and the previous Set Disjointness solution, though information theoretically secure, is in a two party setting. We also propose a new model for Distributed Private matching which is relevant in a multi-party setting.

Constant phase bit optimal protocols for perfectly reliable and secure message transmission

In this paper, we study the problem of perfectly reliable message transmission(PRMT) and perfectly secure message transmission(PSMT) between a sender S and a receiver R in a synchronous network, where S and R are connected by n vertex disjoint paths called wires, each of which facilitates bidirectional communication. We assume that atmost t of these wires are under the control of adversary. We present two-phase-bit optimal PRMT protocol considering Byzantine adversary as well as mixed adversary. We also present a three phase PRMT protocol which reliably sends a message containing l field elements by overall communicating O(l) field elements. This is a significant improvement over the PRMT protocol proposed in [10] to achieve the same task which takes log(t) phases. We also present a three-phase-bit-optimal PSMT protocol which securely sends a message consisting of t field elements by communicating O(t2) field elements.

Perfectly secure message transmission in directed networks tolerating threshold and non threshold adversary

In this paper we study Perfectly Secure Message Transmission (PSMT) between a sender S and a receiver R, connected in a directed synchronous network through multiple parallel edges (called wires), each of which are directed from S to R or vice-versa. The unreliability of the network is modeled by a Byzantine adversary with infinite computing power. We investigate the problem with two different adversarial settings: (i) threshold and (ii) non-threshold. In [1], the authors have characterized PSMT against a t-active threshold adversary in directed networks1. However, their PSMT protocol was exponential both in terms of number of phases2 and communication complexity. In addition, they also presented a polynomial phase PSMT protocol with n′ = max(3t-u+1, 2t+1) wires from S to R. In this paper, we significantly improve the exponential phase protocol and present an elegant and efficient three phase PSMT protocol with polynomial communication complexity (and computational complexity) with n= max(3t-2u+1, 2t+1) wires from S to R. Also with n′ = max(3t - u + 1, 2t + 1) wires from S to R, we are able to further improve the communication complexity of our three phase PSMT protocol. Our second contribution in this paper is the first ever characterization for any two phase PSMT protocol. Finally, we also characterize PSMT protocol in directed networks tolerating nonthreshold adversary. In [3], the authors have given the characterization for PSMT against non-threshold adversary. However, in their characterization, they have only considered the paths from S to R, excluding the feedback paths (i.e paths from R to S) and hence their characterization holds good only for single phase protocols. We characterize multiphase PSMT considering feedback paths.

Simple and efficient asynchronous byzantine agreement with optimal resilience

Consider a completely asynchronous network consisting of <i>n</i> parties where every two parties are connected by a private channel. An adversary <i>A_t</i> with <i>unbounded computing power</i> actively controls at most <i>t</i> = ([<i>n</i>/3] − 1) out of <i>n</i> parties in Byzantine fashion. In this setting, we say that π is a <i>t</i>-resilient, (1 − ε)-terminating <i>Asynchronous Byzantine Agreement</i> (ABA) protocol, if π satisfies all the properties of Byzantine Agreement (BA) in asynchronous settings tolerating <i>A_t</i> and terminates (i.e every honest party terminates π with probability at least (1 − ε). In this work, we present a new <i>t</i>-resilient, (1 − ε)-terminating ABA protocol which <i>privately</i> communicates <i>O</i>(<i>Cn</i>⁶ κ) bits and A-casts¹ <i>O</i>(<i>Cn</i>⁶ κ) bits, where ε = 2^−Ω(κ) and <i>C</i> is the <i>expected running time</i> of the protocol. Moreover, conditioned on the event that our ABA protocol terminates, it does so in constant expected time; i.e., <i>C</i> = <i>O</i>(1). Our ABA protocol is to be compared with the <i>only known t</i>-resilient, (1 − ε)-terminating ABA protocol of [5] in the same settings, which <i>privately</i> communicates <i>O</i>(<i>Cn</i>¹¹ κ⁴) bits and A-casts <i>O</i>(<i>Cn</i>¹¹ κ² log(<i>n</i>)) bits, where ε = 2^−Ω(κ) and <i>C</i> = <i>O</i>(1). So our ABA achieves a huge gain in communication complexity in comparison to the ABA of [5], while keeping all other properties in place. In another landmark work, in PODC 2008, Abraham et. al [1] proposed a <i>t</i>-resilient, 1-terminating (called as <i>almost-surely terminating</i> in [1]) ABA protocol which privately communicates <i>O</i>(<i>Cn</i>⁶ log <i>n</i>) bits and A-casts <i>O</i>(<i>Cn</i>⁶ log <i>n</i>) bits. But ABA protocol of Abraham et. al. takes polynomial (<i>C</i> = <i>O</i>(<i>n</i>²)) expected time to terminate. Hence the merits of our ABA protocol over the ABA of Abraham et. al. are: (i) For any κ < <i>n</i>² log <i>n</i>, our ABA is better in terms of communication complexity (ii) conditioned on the event that our ABA protocol terminates, it does so in constant expected time (the constant is independent of <i>n</i>, <i>t</i> and κ), whereas ABA of Abraham et. al. takes polynomial expected time. Summing up, in a practical scenario where a faster and communication efficient ABA protocol is required, our ABA fits the bill better than ABA protocols of [5, 1]. For designing our ABA protocol, we present a novel and simple <i>asynchronous verifiable secret sharing</i> (AVSS) protocol which significantly improves the communication complexity of the only known AVSS protocol of [5] in the same settings. We believe that our AVSS can be used in many other applications for improving communication complexity and hence is of independent interest.

On Minimal Connectivity Requirement for Secure Message Transmission in Asynchronous Networks

In the PSMT problem, a sender S and a receiver R are part of a distributed network and connected through n node disjoint paths, also called as wires among which at most t are controlled by an all powerful Byzantine adversary

Constant phase efficient protocols for secure message transmission in directed networks

{\mathcal{A}_t}

Returning and non-returning parallel communicating finite automata are equivalent

. S has a message m , which S intends to send to R. The challenge is to design a protocol, such that at the end, R should correctly output m without any error (perfect reliability) and

Probabilistic perfectly reliable and secure message transmission - possibility, feasibility and optimality

{\mathcal{A}_t}

Unconditionally Reliable and Secure Message Transmission in Directed Networks Revisited

should not get any information about m , what so ever, in information theoretic sense (perfect security). The problem of USMT is same as PSMT, except that R should output m with a small probability of error. Sayeed et al. [15] have given a PSMT protocol in an asynchronous network tolerating