CryptoDB
Sarah Meiklejohn
Publications
Year
Venue
Title
2023
CRYPTO
Bingo: Adaptivity and Asynchrony in Verifiable Secret Sharing and Distributed Key Generation
Abstract
We present Bingo, an adaptively secure and optimally resilient packed asynchronous verifiable secret sharing (PAVSS) protocol that allows a dealer to share f+1 secrets with a total communication complexity of O(λn^2) words, where λ is the security parameter and n is the number of parties. Using Bingo, we obtain an adaptively secure validated asynchronous Byzantine agreement (VABA) protocol that uses O(λn^3) expected words and constant expected time, which we in turn use to construct an adaptively secure high-threshold asynchronous distributed key generation (ADKG) protocol that uses O(λn^3) expected words and constant expected time. To the best of our knowledge, our ADKG is the first to allow for an adaptive adversary while matching the asymptotic complexity of the best known static ADKGs.
2021
EUROCRYPT
Aggregatable Distributed Key Generation
📺
Abstract
In this paper we introduce a distributed key generation (DKG) protocol with aggregatable and publicly verifiable transcripts. As compared with prior approaches, our DKG reduces the size of the final transcript and the time to verify it from O(n^2) to O(n), where n denotes the number of parties. We also revisit existing DKG security definitions, which are quite strong, and propose new and natural relaxations. As a result, we can prove the security of our aggregatable DKG as well as that of several existing DKGs, including the popular Pedersen variant. We show that, under these new definitions, these existing DKGs can be used to yield secure threshold variants of popular cryptosystems such as El-Gamal encryption and BLS signatures. We also prove that our DKG can be securely combined with a new efficient verifiable unpredictable function (VUF), whose security we prove in the random oracle model. Finally, we experimentally evaluate our DKG and show that the per-party overheads scale linearly and are practical: for 64 parties it takes 71ms to share and 359ms to verify the overall transcript, while these respective costs for 8192 parties are 8s and 42.2s.
2021
EUROCRYPT
An Evolution of Models for Zero-Knowledge Proofs
★
Abstract
This talk will explore some of the recent (hyper)activity in the space of zero-knowledge proofs, looking at the applications that are driving their development, the different models that have emerged to capture these new interactions, the constructions that we can achieve, and where there is still work left to do.
2019
ASIACRYPT
Quisquis: A New Design for Anonymous Cryptocurrencies
Abstract
Despite their usage of pseudonyms rather than persistent identifiers, most existing cryptocurrencies do not provide users with any meaningful levels of privacy. This has prompted the creation of privacy-enhanced cryptocurrencies such as Monero and Zcash, which are specifically designed to counteract the tracking analysis possible in currencies like Bitcoin. These cryptocurrencies, however, also suffer from some drawbacks: in both Monero and Zcash, the set of potential unspent coins is always growing, which means users cannot store a concise representation of the blockchain. Additionally, Zcash requires a common reference string and the fact that addresses are reused multiple times in Monero has led to attacks to its anonymity.In this paper we propose a new design for anonymous cryptocurrencies, Quisquis, that achieves provably secure notions of anonymity. Quisquis stores a relatively small amount of data, does not require trusted setup, and in Quisquis each address appears on the blockchain at most twice: once when it is generated as output of a transaction, and once when it is spent as input to a transaction. Our result is achieved by combining a DDH-based tool (that we call updatable keys) with efficient zero-knowledge arguments.
2018
CRYPTO
Updatable and Universal Common Reference Strings with Applications to zk-SNARKs
📺
Abstract
By design, existing (pre-processing) zk-SNARKs embed a secret trapdoor in a relation-dependent common reference strings (CRS). The trapdoor is exploited by a (hypothetical) simulator to prove the scheme is zero knowledge, and the secret-dependent structure facilitates a linear-size CRS and linear-time prover computation. If known by a real party, however, the trapdoor can be used to subvert the security of the system. The structured CRS that makes zk-SNARKs practical also makes deploying zk-SNARKS problematic, as it is difficult to argue why the trapdoor would not be available to the entity responsible for generating the CRS. Moreover, for pre-processing zk-SNARKs a new trusted CRS needs to be computed every time the relation is changed.In this paper, we address both issues by proposing a model where a number of users can update a universal CRS. The updatable CRS model guarantees security if at least one of the users updating the CRS is honest. We provide both a negative result, by showing that zk-SNARKs with private secret-dependent polynomials in the CRS cannot be updatable, and a positive result by constructing a zk-SNARK based on a CRS consisting only of secret-dependent monomials. The CRS is of quadratic size, is updatable, and is universal in the sense that it can be specialized into one or more relation-dependent CRS of linear size with linear-time prover computation.
2016
ASIACRYPT
2010
ASIACRYPT
Program Committees
- Crypto 2018
- Eurocrypt 2016
- Crypto 2015
- PKC 2015
Coauthors
- Ittai Abraham (1)
- Mihir Bellare (1)
- Allison Bishop (1)
- Melissa Chase (5)
- Prastudy Fauzi (1)
- David Freeman (1)
- Jens Groth (1)
- Kobi Gurkan (1)
- Philipp Jovanovic (2)
- Markulf Kohlweiss (4)
- Anna Lysyanskaya (3)
- Mary Maller (4)
- Sarah Meiklejohn (13)
- Rebekah Mercer (1)
- Ian Miers (1)
- Claudio Orlandi (1)
- Hovav Shacham (1)
- Gilad Stern (2)
- Susan Thomson (1)
- Alin Tomescu (1)