Swiper: a new paradigm for efficient weighted distributed protocols

Andrei Tonkikh; Luciano Freitas

Paper 2023/1164

Swiper: a new paradigm for efficient weighted distributed protocols

Andrei Tonkikh

, Télécom Paris

Luciano Freitas

, Télécom Paris

Abstract

The majority of fault-tolerant distributed algorithms are designed assuming a nominal corruption model, in which at most a fraction $f_{n}$ of parties can be corrupted by the adversary. However, due to the infamous Sybil attack, nominal models are not sufficient to express the trust assumptions in open (i.e., permissionless) settings. Instead, permissionless systems typically operate in a weighted model, where each participant is associated with a weight and the adversary can corrupt a set of parties holding at most a fraction of the total weight. In this paper, we suggest a simple way to transform a large class of protocols designed for the nominal model into the weighted model. To this end, we formalize and solve three novel optimization problems, which we collectively call the weight reduction problems, that allow us to map large real weights into small integer weights while preserving the properties necessary for the correctness of the protocols. In all cases, we manage to keep the sum of the integer weights to be at most linear in the number of parties, resulting in extremely efficient protocols for the weighted model. Moreover, we demonstrate that, on weight distributions that emerge in practice, the sum of the integer weights tends to be far from the theoretical worst case and, sometimes, even smaller than the number of participants. While, for some protocols, our transformation requires an arbitrarily small reduction in resilience (i.e., ), surprisingly, for many important problems, we manage to obtain weighted solutions with the same resilience () as nominal ones. Notable examples include erasure-coded distributed storage and broadcast protocols, verifiable secret sharing, and asynchronous consensus. Although there are ad-hoc weighted solutions to some of these problems, the protocols yielded by our transformations enjoy all the benefits of nominal solutions, including simplicity, efficiency, and a wider range of possible cryptographic assumptions.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Published elsewhere. Minor revision. PODC '24: Proceedings of the 43rd ACM Symposium on Principles of Distributed Computing
DOI: 10.1145/3662158.3662799
Keywords: weight reduction distributed protocols weighted cryptography threshold cryptography consensus random oracles broadcast
Contact author(s): andrei tonkikh @ gmail com
lfreitas @ telecom-paris fr
History: 2024-11-04: last of 2 revisions; 2023-07-28: received; See all versions
Short URL: https://ia.cr/2023/1164
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1164,
      author = {Andrei Tonkikh and Luciano Freitas},
      title = {Swiper: a new paradigm for efficient weighted distributed protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1164},
      year = {2023},
      doi = {10.1145/3662158.3662799},
      url = {https://eprint.iacr.org/2023/1164}
}