Limits on the security of coin flips when half the processors are faulty
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Multiparty unconditionally secure protocols
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Flipping persuasively in constant time
SIAM Journal on Computing
Adaptively secure multi-party computation
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
On sharing secrets and Reed-Solomon codes
Communications of the ACM
Communications of the ACM
Noncryptographic Selection Protocols
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Probabilistic encryption & how to play mental poker keeping secret all partial information
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols
PODC '83 Proceedings of the second annual ACM symposium on Principles of distributed computing
An asynchronous [(n - 1)/3]-resilient consensus protocol
PODC '84 Proceedings of the third annual ACM symposium on Principles of distributed computing
Deterministic extractors for small-space sources
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
SFCS '83 Proceedings of the 24th Annual Symposium on Foundations of Computer Science
Verifiable secret sharing and achieving simultaneity in the presence of faults
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Byzantine agreement in constant expected time
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Public-Key Cryptosystems Resilient to Key Leakage
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
2-Source Extractors under Computational Assumptions and Cryptography with Defective Randomness
FOCS '09 Proceedings of the 2009 50th Annual IEEE Symposium on Foundations of Computer Science
Leakage-resilient zero knowledge
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Distributed computing with imperfect randomness
DISC'05 Proceedings of the 19th international conference on Distributed Computing
Multiparty computation secure against continual memory leakage
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
Leakage-Tolerant interactive protocols
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Distributed public key schemes secure against continual leakage
PODC '12 Proceedings of the 2012 ACM symposium on Principles of distributed computing
Continual leakage-resilient dynamic secret sharing in the split-state model
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Hi-index | 0.00 |
The ability to collectively toss a common coin among n parties in the presence of faults is an important primitive in the arsenal of randomized distributed protocols. In the case of dishonest majority, it was shown to be impossible to achieve less than 1/r bias in O(r) rounds (Cleve STOC '86). In the case of honest majority, in contrast, unconditionally secure O(1)-round protocols for generating common unbiased coins follow from general completeness theorems on multi-party secure protocols in the secure channels model (e.g., BGW, CCD STOC '88). However, in the O(1)-round protocols with honest majority, parties generate and hold secret values which are assumed to be perfectly hidden from malicious parties: an assumption which is crucial to proving the resulting common coin is unbiased. This assumption unfortunately does not seem to hold in practice, as attackers can launch side-channel attacks on the local state of honest parties and leak information on their secrets. In this work, we present an O(1)-round protocol for collectively generating an unbiased common coin, in the presence of leakage on the local state of the honest parties. We tolerate t ≥ (1/3 - ε)n computationallyunbounded Byzantine faults and in addition a Ω(1)-fraction leakage on each (honest) party's secret state. Our results hold in the memory leakage model (of Akavia, Goldwasser, Vaikuntanathan '08) adapted to the distributed setting. Additional contributions of our work are the tools we introduce to achieve the collective coin toss: a procedure for disjoint committee election, and leakage-resilient verifiable secret sharing.