Abstract
Single Secret Leader Election (SSLE) protocols allow a set of users to elect a leader among them so that the identity of the winner remains secret until she decides to reveal herself. This notion was formalized and implemented in a recent result by Boneh, et al. (ACM Advances on Financial Technology 2020) and finds important applications in the area of Proof of Stake blockchains.
In this paper we put forward new SSLE solutions that advance the state of the art both from a theoretical and a practical front. On the theoretical side we propose a new definition of SSLE in the universal composability framework. We believe this to be the right way to model security in highly concurrent contexts such as those of many blockchain related applications. Next, we propose a UC-realization of SSLE from public key encryption with keyword search (PEKS) and based on the ability of distributing the PEKS key generation and encryption algorithms. Finally, we give a concrete PEKS scheme with efficient distributed algorithms for key generation and encryption and that allows us to efficiently instantiate our abstract SSLE construction.
Our resulting SSLE protocol is very efficient, does not require participants to store any state information besides their secret keys and guarantees so called on-chain efficiency: the information to verify an election in the new block should be of size at most logarithmic in the number of participants. To the best of our knowledge, this is the first efficient SSLE scheme achieving this property.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Precisely, when the winner no longer wants to participate in future elections, there is no need to shuffle for the next election; we ignore this special case in our analysis.
- 2.
As in the TFHE solution, our protocol in practice requires periodic setup to refresh the secrets shared when many new users join (see Sect. 6 for a discussion on this).
- 3.
This number is justified by [Lab19], where \(O(\log ^2 N)\) new users are expected.
- 4.
We stress here that no efficient single round solution to directly produce c seems possible because of rushing attacks.
- 5.
For clarity note that group operations are denoted multiplicatively, and that we make use of the bracket notation, cf. Section 2.1.
- 6.
In Wee’s scheme \(\sigma = s \textbf{a}^\top \textbf{u}\), with \(\left[ {\textbf{a}^\top \textbf{u}}\right] _{1}\) being an extra element of the public key.
- 7.
- 8.
Here, as the candidate protocol we are assuming the one where each sub protocol is used to implement the corresponding command, i.e., \( \mathsf {SSLE.Reg} \) for \( \textsf{register} \), \( \mathsf {SSLE.Elect} \) for \( \textsf{elect} \), etc.
- 9.
i.e. such that an honest user \(P_i\) posses the key \( \textsf{sk} _\gamma \).
- 10.
When \( \mathcal {F}_ \textsf{SSLE} ^{\kappa , \eta } \) elects an honest user, the simulator learn its identity only after this party is instructed by the environment to claim victory through a \( \textsf{reveal} \) command.
- 11.
I.e. the cost to generate a shuffled list containing the pairs of the initial users. This has cost \(O(n^2)\) if everyone performs a shuffle, or \(O(\kappa n)\) using an approach similar to ours where a random committee of \(\kappa \) users shuffle the initial list.
References
Abdalla, M., et al.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 205–222. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_13
Azouvi, S., Cappelletti, D.: Private attacks in longest chain proof-of-stake protocols with single secret leader elections. In: Proceedings of the 3rd ACM Conference on Advances in Financial Technologies, pp. 170–182 (2021)
Azouvi, S., McCorry, P., Meiklejohn, S.: Betting on blockchain consensus with fantomette. CoRR, abs/1805.06786 (2018)
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315–334. IEEE Computer Society Press, May (2018)
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_30
Boneh, D., Eskandarian, S., Hanzlik, L., Greco, N.: Single secret leader election. In: Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, pp. 12–24 (2020)
Boneh, D., Gennaro, R., Goldfeder, S., Jain, A., Kim, S., Rasmussen, P.M.R., Sahai, A.: Threshold cryptosystems from threshold fully homomorphic encryption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. Part I, volume 10991 of LNCS, pp. 565–596. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-96884-1_19
Bentov, I., Gabizon, A., Mizrahi, A.: Cryptocurrencies without proof of work. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D.S., Brenner, M., Rohloff, K. (eds.) FC 2016 Workshops. LNCS, vol. 9604, pp. 142–157. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_10
Bentov, I., Pass, R., Shi, E.: Snow white: provably secure proofs of stake. Cryptology ePrint Archive, Report 2016/919 (2016). http://eprint.iacr.org/2016/919
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October (2001)
Cascudo, I., David, B.: ALBATROSS: publicly attestable batched randomness based on secret sharing. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. Part III, volume 12493 of LNCS, pp. 311–341. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-64840-4_11
Camenisch, J., Drijvers, M., Gagliardoni, T., Lehmann, A., Neven, G.: The wonderful world of global random oracles. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 280–312. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_11
Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_2
Canetti, R., Jain, A., Scafuro, A.: Practical UC security with a global random oracle. In: Ahn, G.-J., Yung, M., Li, N., editors, ACM CCS 2014, pp. 597–608. ACM Press, November (2014)
Dembo, A., et al.: Everything is a race and Nakamoto always wins. In: Ligatti, J., Ou, X., Katz, J., Vigna, G., editors, ACM CCS 20, pp. 859–878. ACM Press, November (2020)
Faust, S., Kohlweiss, M., Marson, G.A., Venturi, D.: On the non-malleability of the fiat-shamir transform. In: Galbraith, S.D., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 60–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_5
Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs based on a single random string (Extended Abstract). In: 31st FOCS, pp. 308–317. IEEE Computer Society Press, October (1990)
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th FOCS, pp. 40–49. IEEE Computer Society Press, October (2013)
Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling byzantine agreements for cryptocurrencies. In: Proceedings of the 26th Symposium on Operating Systems Principles, SOSP ’17, pp. 51–68, New York, NY, USA (2017). Association for Computing Machinery
Ganesh, C., Orlandi, C., Pancholi, M., Takahashi, A., Tschudi, D.: Fiat–shamir bulletproofs are non-malleable (in the Algebraic Group Model). Cryptology ePrint Archive, Paper 2021/1393 (2021). https://eprint.iacr.org/2021/1393
Ganesh, C., Orlandi, C., Tschudi, D.: Proof-of-stake protocols for privacy-aware blockchains. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. Part I, volume 11476 of LNCS, pp. 690–719. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-17653-2_23
Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Appl. Math. 156(16), 3113–3121 (2008)
Kerber, T., Kiayias, A., Kohlweiss, M., Zikas, V.: Ouroboros crypsinous: privacy-preserving proof-of-stake. In: 2019 IEEE Symposium on Security and Privacy, pp. 157–174. IEEE Computer Society Press, May (2019)
Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_27
Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008)
Labs, P.: Secret single-leader election (SSLE) (2019) . https://web.archive.org/web/20191228170149/https://github.com/protocol/research-RFPs/blob/master/RFPs/rfp-6-SSLE.md
Maurer, U.: Zero-knowledge proofs of knowledge for group homomorphisms. Designs Codes Crypt. 77(2), 663–676 (2015)
Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: 38th FOCS, pp. 458–467. IEEE Computer Society Press, October (1997)
O’Neill, A.: Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556 (2010). http://eprint.iacr.org/2010/556
Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th FOCS, pp. 543–553. IEEE Computer Society Press, October (1999)
Wee, H.: Attribute-hiding predicate encryption in bilinear groups, revisited. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. Part I, volume 10677 of LNCS, pp. 206–233. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70500-2_8
Acknowledgements
This work has received funding in part from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program under project PICOCRYPT (grant agreement No. 101001283), by a research grant from Nomadic Labs and the Tezos Foundation, by the Programma ricerca di ateneo UNICT 2020-22 linea 2, by SECURING Project (PID2019-110873RJ-I00/MCIN/AEI/10.13039/501100011033), by the Spanish Government under projects SCUM (ref. RTI2018-102043-B-I00), CRYPTOEPIC (ref. UR2019-103816), RED2018-102321-T, and PRODIGY (TED2021-132464B-I00), and by the Madrid Regional Government under project BLOQUES (ref. S2018/TCS-4339). The last five projects are co-funded by European Union EIE, and NextGenerationEU/PRTR funds.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Catalano, D., Fiore, D., Giunta, E. (2023). Efficient and Universally Composable Single Secret Leader Election from Pairings. In: Boldyreva, A., Kolesnikov, V. (eds) Public-Key Cryptography – PKC 2023. PKC 2023. Lecture Notes in Computer Science, vol 13940. Springer, Cham. https://doi.org/10.1007/978-3-031-31368-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-31368-4_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-31367-7
Online ISBN: 978-3-031-31368-4
eBook Packages: Computer ScienceComputer Science (R0)