Paper 2019/1015

Asynchronous Distributed Key Generation for Computationally-Secure Randomness, Consensus, and Threshold Signatures.

Eleftherios Kokoris-Kogias, Dahlia Malkhi, and Alexander Spiegelman


In this paper, we present the first fully asynchronous distributed key generation (ADKG) algorithm as well as the first distributed key generation algorithm that can create keys with a dual $(f,2f+1)-$threshold that are necessary for scalable consensus (which so far needs a trusted dealer assumption). In order to create a DKG with a dual $(f,2f+1)-$ threshold we first answer in the affirmative the open question posed by Cachin et al. how to create an AVSS protocol with recovery thresholds $ f+1 < k \le 2f+1$, which is of independent interest. Our High-threshold-AVSS (\textit{HAVSS}) uses an asymmetric bi-variate polynomial, where the secret shared is hidden from any set of $k$ nodes but an honest node that did not participate in the sharing phase can still recover his share with only $n-2f$ shares, hence be able to contribute in the secret reconstruction. Another building block for ADKG is a novel \textit{Eventually Perfect} Common Coin (EPCC) abstraction and protocol that enables the participants to create a common coin that might fail to agree at most $f+1$ times (even if invoked a polynomial number of times). Using \textit{EPCC} we implement an Eventually Efficient Asynchronous Binary Agreement (EEABA) in which each instance takes $O(n^2)$ bits and $O(1)$ rounds in expectation, except for at most $f+1$ instances which may take $O(n^4)$ bits and $O(n)$ rounds in total. Using EEABA we construct the first fully Asynchronous Distributed Key Generation (ADKG) which has the same overhead and expected runtime as the best partially-synchronous DKG ($O(n^4)$ words, $O(n)$ rounds). As a corollary of our ADKG we can also create the first Validated Asynchronous Byzantine Agreement (VABA) in the authenticated setting that does not need a trusted dealer to setup threshold signatures of degree $n-f$. Our VABA has an overhead of expected $O(n^2)$ words and $O(1)$ time per instance after an initial $O(n^4)$ words and $O(n)$ time bootstrap via ADKG.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. ACM CCS 2020
threshold cryptographydistributed cryptographyasynchronous consensussecret sharing
Contact author(s)
lefteris2k @ gmail com
2020-09-22: last of 3 revisions
2019-09-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Eleftherios Kokoris-Kogias and Dahlia Malkhi and Alexander Spiegelman},
      title = {Asynchronous Distributed Key Generation for Computationally-Secure Randomness, Consensus, and Threshold Signatures.},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1015},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.