Asynchronous Distributed Key Generation for Computationally Secure Randomness, Consensus, and Threshold Signatures

ACM Conference on Computer and Communications Security (CCS)


In this paper, we present the first Asynchronous Distributed Key Generation (ADKG) algorithm which is also the first distributed key generation algorithm that can generate cryptographic keys with a dual (𝑓, 2𝑓 + 1)βˆ’threshold (where 𝑓 is the number of faulty parties). As a result, using our ADKG we remove the trusted setup assumption that the most scalable consensus algorithms make. In order to create a DKG with a dual (𝑓, 2𝑓 + 1)βˆ’threshold we first answer in the affirmative the open question posed by Cachin et al. [7] on how to create an Asynchronous Verifiable Secret Sharing (AVSS) protocol with a reconstruction threshold of 𝑓 + 1 < π‘˜ ≀ 2𝑓 + 1, which is of independent interest. Our High-threshold-AVSS (HAVSS) uses an asymmetric bivariate polynomial to encode the secret. This enables the reconstruction of the secret only if a set of π‘˜ nodes contribute while allowing an honest node that did not participate in the sharing phase to recover his share with the help of 𝑓 + 1 honest parties.

Once we have HAVSS we can use it to bootstrap scalable partially synchronous consensus protocols, but the question on how to get a DKG in asynchrony remains as we need a way to produce common randomness. The solution comes from a novel Eventually Perfect Common Coin (EPCC) abstraction that enables the generation of a common coin from 𝑛 concurrent HAVSS invocations. EPCC’s key property is that it is eventually reliable, as it might fail to agree at most 𝑓 times (even if invoked a polynomial number of times). Using EPCC we implement an Eventually Efficient Asynchronous Binary Agreement (EEABA) which is optimal when the EPCC agrees and protects safety when EPCC fails.

Finally, using EEABA we construct the first ADKG which has the same overhead and expected runtime as the best partially synchronous DKG (𝑂(𝑛4) words, 𝑂(𝑓) rounds). As a corollary of our ADKG, we can also create the first Validated Asynchronous Byzantine Agreement (VABA) that does not need a trusted dealer to setup threshold signatures of degree 𝑛 βˆ’ 𝑓. Our VABA has an overhead of expected𝑂(𝑛2) words and 𝑂(1) time per instance, after an initial 𝑂(𝑛4) words and 𝑂(𝑓) time bootstrap via ADKG.

Related Publications

All Publications

ZKProof - April 22, 2020

Distributed Auditing Proofs of Liabilities

Kostas Chalkias, Kevin Lewi, Payman Mohassel, Valeria Nikolaenko

PLDI - July 15, 2020

Armada: Low-Effort Verification of High-Performance Concurrent Programs

Jacob R. Lorch, Yixuan Chen, Manos Kapritsos, Bryan Parno, Shaz Qadeer, Upamanyu Sharma, James R. Wilcox, Xueyuan Zhao

AFT - October 23, 2020

Winkle: Foiling Long-Range Attacks in Proof-of-Stake Systems

Sarah Azouvi, George Danezis, Valeria Nikolaenko

PLDI - July 15, 2020

Inductive Sequentialization of Asynchronous Programs

Bernhard Kragl, Constantin Enea, Thomas A. Henzinger, Suha Orhun Mutluergil, Shaz Qadeer

To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookies Policy