Byzantine Agreement and Multi-Party Computation (MPC). Aris Tentes. What is Byzantine Agreement/General?. History of the name (Byzantium 1453) Simulation of broadcasting: i) P sends a value to n players and they must decide on the same value (B General)
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Byzantine Agreementand Multi-Party Computation (MPC)
Aris Tentes
i)P sends a value to n players and they must decide on the same value (B General)
ii)Every player has a value and all players
must decide on the majority(B Agreement)
t of the players may be dishonest.Therefore we achieve broadcasting iff the following are satisfied:
1.Termination
2.Agreement: all correct players decide on
the same value
3.Validity:if P is correct all correct players
decide on his value.(B.Generals)
if all correct players have the same value
the all correct players decide on this value.(B.Agreement)
B.General => B. Agreement:
Every player broadcasts his value and then decides on the majority of the values received
B. Agreement => B.General:
Player P sends his value to all players and then all players decide on the same value using a B. Agreement protocol.
Theorem: We cannot have a secure BA if t >=n/3.
Proof:
Simple case n=3 and t=1 and using contradiction
Intuitively:
I) Weak Agreement
II) Graded Agreement
III) King Agreement
Goal:If Pi is correct with output yi {0,1} then all correct players have output {yi , ┴}.
1) Pi sends xi to every Pj
0 , #0>2t
2) Every Pi yi = 1 , #1>2t
┴, else
Goal:If Pi is correct with yi {0,1} and gi=1then every Pj correct has yj = yi.
1)Run the WeakAgreement protocol with output zi.
2) Pi sends zi to every Pj.
0 , #0>#1
3) Every Pi yi =
1 , #1>#0
1 , if #yi >2t
3) Every Pi gi =
0 , else
Goal:A player Pk is selected to be the king.If the king is correct then all correct players have the same output.
1)Run the GradedAgreement protocol
2) Pk sends zk to every Pj
zj , if gj=1
3) Every Pi yi =
zk , else
The general sends his value to all players and then they run the Agreement protocol above.(Broadcast)
A perfectly secure BA protocol cannot have less than:
1) t+1 rounds
2) O(nt) bit complexity
3) t≥n/3
Open problem:It is not known if a protocol exists satisfying these lower bounds.
It is not known if a protocol with both t+1 rounds and O(n^2) bit complexity exists.
Secure function evaluation:
There are N parties who want to compute a function of their inputs but do not trust each other.
Examlpes:
1)Dating problem
2)Yao’s millionair ‘s problem.
The obvious solution is that each party gives his input to a trusted (TP) who does the computation for them.
MPC: A MPC protocol simulates this trusted party.
For the mixed model (passive+active+fail-stop adversary) there exists a perfect secure MPC protocol
iff
3ta + 2tp + tf < n
The dealer P who wants to share a secret s selects a random polynomial of degree t:
fs(x)= s + r1x + . . . . . + rt x^t
and sends to processor Pi his share si = f(ai).
Up to t players cannot reveal the secret.