Cryptology ePrint Archive: Report 2020/1590

RandPiper -- Reconfiguration-Friendly Random Beacons with Quadratic Communication

Adithya Bhat and Nibesh Shrestha and Aniket Kate and Kartik Nayak

Abstract: Random beacon protocols provide a continuous public source of randomness and their applications range from public lotteries to zero-knowledge proofs. Existing random beacon protocols in the bounded synchronous model sacrifice either the fault tolerance or the communication complexity for security, or ease of reconfigurability. This work overcomes the challenges with the existing works through a novel communication efficient combination of state machine replication and (publicly) verifiable secret sharing (PVSS/VSS) protocols.

We first design a new Byzantine fault-tolerant state machine replication protocol with $O(\kappa n^2)$ bits communication per consensus decision without using threshold signatures. Next, we design GRandPiper (Good Pipelined Random beacon), a random beacon protocol with bias-resistance and unpredictability, that uses PVSS and has a communication complexity of $O(\kappa n^2)$ always (best and worst cases), for a static adversary. However, GRandPiper allows an adaptive adversary to predict beacon values up to $t+1$ epochs into the future. Therefore, we design BRandPiper (Better RandPiper), that uses VSS and has a communication complexity of $O(\kappa fn^2)$, where $f$ is the actual number of faults, while offering a strong unpredictability with an advantage of only a single round even for an adaptive adversary.

Category / Keywords: cryptographic protocols / Random Beacons

Date: received 19 Dec 2020, last revised 27 Apr 2021

Contact author: bhat24 at purdue edu, nxs4564 at rit edu, aniket at purdue edu, kartik at cs duke edu

Available format(s): PDF | BibTeX Citation

Version: 20210427:235250 (All versions of this report)

Short URL: ia.cr/2020/1590