Toward Optimal Player Weights in Secure Distributed Protocols

Abstract

A secure threshold protocol for n players tolerating an adversary \( \mathcal{A} {\text{is}} {\text{feasible}} {\text{iff}} {\text{max}}_{{\text{a}}\varepsilon {\text{A}}} |a| {\text{ < }} \frac{n} {c}, {\text{where}} {\text{c}} {\text{ = }} {\text{2}} {\text{or}} {\text{c}} {\text{ = }} {\text{3}} \) structure depending on the adversary being eavesdropping (passive) or Byzantine (active) respectively [1]. However, there are situations where the threshold protocol Π for n players tolerating an adversary structure A may not be feasible but by letting each player P _i to act for a number of similar players, say w _i, a new secure threshold protocol Π tolerating A may be devised. Note that the new protocol Π has \( N = \sum\nolimits_{i = 1}^n {w_i } \) players and works with the same adversary structure A used in Π. The integer quantities w _i’s are called weights and we are interested in computing w _i’s so that 1. Π tolerates A even if Π does not tolerate A. 2. N = ∑ⁿ _i=1 w _i is minimum.

Since the best known secure threshold protocol over N players has a communication complexity of O(m N ² lg ∣F∣) bits [9], where m is the number of multiplication gates in the arithmetic circuit, over the finite field F, that describes the functionality of the protocol, it is evident that the weights assigned to the players have a direct influence on the complexity of the resulting secure weighted threshold protocol. In this work, we focus on computing the optimum N. We show that computing the optimum N is NP-Hard. Furthermore, we prove that the above problem of computing the optimum N is inapproximable within (1 - ∈) ln (∣A∣/c) + ln((∣A∣/c)^(1-∈)) -1/N ^* (c - 1), for any ∈ > 0 (and hence inapproximable within Ω(lg ∣A∣)), unless NP ⊂ DTIME(n ^{log log n}), where N ^* is the optimum solution.

The first author would like to thank Infosys Technologies Ltd., India for financial support.