Non-interactive generation of shared pseudorandom sequences
We address the following problem: given a random seed secretly shared among a group of individuals, non-interactively generate pieces corresponding to a much longer shared pseudorandom sequence. Shared randomness is an essential resource in distributed computing and non-interactive ways of generating it can be useful in applications such as Byzantine Agreement, common coin flipping or secure computation protocols.
Our first result is negative: well known cryptographically strong pseudorandom number generators cannot be evaluated without interaction and, in particular, it is shown that constructions that recursively apply a one-way function to a random seed and output at each iteration the simultaneously hard bits in the input of the one-way function are actually incompatible with a homomorphic evaluation.
On the other hand, we show that pseudorandom generators that can be both proven cryptographically strong and sharedly evaluated without interaction do exist. A concrete implementation, under the RSA assumption, is described.
Unable to display preview. Download preview PDF.
- 1.S. Akl and P. Taylor. “Cryptographic solution to a problem of access control in a hierarchy.” ACM TOCS, 1, 1983, pp. 239–248.Google Scholar
- 2.W. Alexi, B. Chor, O. Goldreich and C.P. Schnorr. “RSA and Rabin Functions: Certain Parts are as Hard as the Whole.” SIAM Journal on Computing, vol. 17, no. 2, April 1988, pp. 194–209.Google Scholar
- 3.M. Ben-Or, S. Goldwasser and A. Wigderson. “Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation.” Proc. 20th STOC, ACM, 1988, pp. 1–10.Google Scholar
- 4.D. Beaver. “Foundations of Secure Interactive Computing.” Proc. Crypto '91, Springer-Verlag, LNCS vol. 576, pp. 377–391.Google Scholar
- 5.J.C. Benaloh. “Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret.” Proc. Crypto '86. Springer-Verlag, LNCS vol. 293, 1987.Google Scholar
- 6.M. Blum and S. Micali. “How to Generate Cryptographically Strong Sequences Of Pseudo-Random Bits.” Proc. 22nd FOCS, IEEE, 1982, pp. 112–117.Google Scholar
- 7.D. Beaver, S. Micali and P. Rogaway. “The Round Complexity of Secure Protocols.” Proc. 22nd STOC, ACM, 1990, pp. 503–513.Google Scholar
- 8.J. Carter and M. Wegman. “Universal Classes of Hash Functions.” Journal of Computer and System Sciences, 1979, vol. 18, pp. 143–154.Google Scholar
- 9.B. Chor and C. Dwork. “Randomization in Byzantine Agreement.” Advances in Computing Research, vol. 5, JAI Press, 1989, pp. 443–497.Google Scholar
- 10.B. Chor, S. Goldwasser, S. Micali and B. Awerbuch. “Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults.” Proc. 26th FOCS, IEEE, 1985, pp. 383–395.Google Scholar
- 11.J.-H. Evertse and E. van Heyst. “Which New RSA-Signatures Can Be Computed from Certain Given RSA-Signatures?” Journal of Cryptology, vol. 5, no. 1, 1992, pp. 41–52.Google Scholar
- 12.P. Feldman. “A Practical Scheme for Non-Interactive Verifiable Secret Sharing.” Proc. 28th FOCS, IEEE, 1987, pp. 427–437.Google Scholar
- 13.Y. Frankel and Y. Desmedt. “Classification of ideal homomorphic threshold schemes over finite Abelian groups.” Proc. Eurocrypt '92. To appear in Springer-Verlag, LNCS.Google Scholar
- 14.P. Feldman and S. Micali. “Optimal Algorithms for Byzantine Agreement.” Proc. 20th STOC, ACM, 1988, pp. 148–161.Google Scholar
- 15.Y. Frankel, Y. Desmedt and M. Burmester. “Non-existence of homomorphic general sharing schemes for some key spaces.” Proc. Crypto '92. To appear in Springer-Verlag, LNCS.Google Scholar
- 16.O. Goldreich, S. Micali and A. Wigderson. “How to Play Any Mental Game.” Proc. 19th STOC, ACM, 1987, pp. 218–229.Google Scholar
- 17.S. Goldwasser, S. Micali and C. Rackoff. The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Computing, vol. 18, no. 1, Feb. 1989, pp. 186–208.Google Scholar
- 18.J. Håstad. “Pseudo-Random Generators under Uniform Assumptions.” Proc. 22nd STOC, ACM, 1990, pp. 395–404.Google Scholar
- 19.R. Impagliazzo, L.A. Levin and M. Luby. “Pseudo-Random Generation from Oneway Functions.” Proc. 21st STOC, ACM, 1989, pp. 12–24.Google Scholar
- 20.R. Impagliazzo, M. Naor. “Efficient Cryptographic Schemes Provably as Secure as Subset Sum.” Proc. 30th FOCS, IEEE, 1989, pp. 236–241.Google Scholar
- 21.S. Micali and T. Rabin. “Collective Coin Tossing without Assumptions nor Broadcasting.” Proc. Crypto '90, Springer-Verlag, LNCS vol. 537, 1991.Google Scholar
- 22.S. Micali and P. Rogaway. Secure Computation. Proc. Crypto '91, Springer-Verlag, LNCS vol. 576, pp. 392–404.Google Scholar
- 23.T.P. Pedersen. “Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing.” Proc. Crypto '91, Springer-Verlag, LNCS vol. 576, 1992, pp. 129–140.Google Scholar
- 24.T. Rabin and M. Ben-Or. “Verifiable Secret Sharing and Multi-Party Protocols with Honest Majority.” Proc. 21st STOC, ACM, 1989, pp. 73–85.Google Scholar
- 25.A. Shamir. “On the Generation of Cryptographically Strong Pseudorandom Sequences.” ACM Trans. on Computer Systems, vol. 1, no. 1, Feb. 1983, pp. 38–44.Google Scholar
- 26.A.C. Yao. “Theory and Applications of Trapdoor Functions.” Proc. 23rd FOCS, IEEE, 1982, pp. 80–91.Google Scholar