Perfectly Reliable and Secure Communication Tolerating Static and Mobile Mixed Adversary [chapter]

Ashish Choudhary, Arpita Patra, B. V. Ashwinkumar, K. Srinathan, C. Pandu Rangan
Lecture Notes in Computer Science  
In this paper, we study the issues related to the possibility, feasibility and optimality for perfectly secure message transmission (PSMT) in an undirected synchronous network, under the influence of a mixed adversary having unbounded computing power, who can corrupt some of the nodes in the network in Byzantine, fail-stop and passive fashion respectively. Specifically, we answer the following questions: (a) Possibility: Given a network and a mixed adversary, what is the necessary and
more » ... condition for the existence of any PSMT protocol over the network tolerating the adversary? (b) Feasibility: Once the existence of a protocol is ensured, then does there exist a polynomial time and efficient protocol on the given network? (c) Optimality: Given a message of specific length, what is the minimum communication complexity (lower bound) needed by any PSMT protocol to transmit the message and how to design a polynomial time protocol whose total communication complexity matches the lower bound on the communication complexity? We answer the above questions by considering two different types of mixed adversary, namely static mixed adversary and mobile mixed adversary. Intuitively, it is more difficult to tolerate a mobile mixed adversary (who can corrupt different set of nodes during different stages of the protocol) in comparison to its static counter part (who corrupts the same set of nodes throughout the protocol). However, surprisingly, we show that the connectivity requirement in the network and lower bound on communication 6 This is an extended, modified and elaborate version of [10] . The work was done when the author was an undergraduate student at IIT Madras. complexity of PSMT protocols is same against both static and mobile mixed adversary. To design our protocols against static and mobile mixed adversary, we use several new techniques, which are of independent interest. Consider the following problem: a sender S and a receiver R are part of an unreliable distributed synchronous network and are connected through intermediate nodes. The distrust in the network is modelled by an entity called adversary, who has unbounded computing power and who can corrupt some of the intermediate nodes in a variety of ways. S wishes to send to R a message m that consists of ℓ ≥ 1 field elements, selected uniformly from a finite field F. The challenge is to design a protocol, such that after interacting with S as per the protocol, R should output m without any error (perfect reliability) and at the same time, adversary should not get any information about m what so ever (perfect security). Moreover, this should happen irrespective of the behavior of the adversary. This problem is known as perfectly secure message transmission (PSMT). Security against such a powerful adversary is also known as non-cryptographic or information theoretic or Shannon security. Notice that since adversary has unbounded computing power, we cannot solve PSMT problem by using classical cryptographic primitives such as public key cryptography, digital signatures, authentication schemes, etc as the security of all these primitives holds good only against an adversary having bounded computing power. Why to Study PSMT: PSMT is one of the fundamental problems in secure distributed computing. There are two motivations to study PSMT problem. Many fundamental fault tolerant distributed computing primitives, such as secure multiparty computation (MPC) [56, 21, 6, 8, 42, 3, 4, 5] , Byzantine Agreement (BA) [41, 15, 13, 7, 26] , Verifiable Secret Sharing (VSS) [9, 6, 42, 20] , etc assume that there exists a direct and secure link between every two nodes in the network. This implies that the underlying network graph is a complete graph, which is an unrealistic assumption. In the networks, where S and R are not adjacent, PSMT protocols help to simulate a virtual secure link between S and R. This way, we can simulate a virtual complete network, over which the above fault tolerant primitives can be executed. The second motivation to study PSMT is to achieve information theoretic security. The security of all existing public key cryptosystems, digital signatures are based on the unproven hardness assumptions of certain number theoretic problems. However, the increase in computing speed and advent of new computing paradigms like Quantum computing [46] may render these assumptions very weak or useless in practice. But these factors have no effect on information theoretic security which is the strongest notion of security. Thus in a scenario, 2 when existing public key cryptosystems, digital signatures can not provide satisfactory security, PSMT protocols may help to provide effective alternative. A Taxonomy for PSMT Protocols: The PSMT problem was first proposed and solved by Dolev et.al [14] . Dolev et.al considered an undirected synchronous network and assumed that the adversary can corrupt t b nodes in the network in Byzantine fashion. Roughly speaking, if a node is Byzantine corrupted, then the adversary can not only listen all the information possessed by that node, but also can force the node to deviate from the protocol in any arbitrary manner. The work of Dolev et.al is followed by several other works, which considered PSMT problem in several network settings and adversarial model. For example, the underlying network model may be undirected graph [14, 45, 50, 1, 16, 36, 25] , directed graph [12, 32, 37, 34] or hypergraph [19, 52] . The communication in the network could be synchronous [14, 45, 51, 25] or asynchronous [44, 11, 49] .
doi:10.1007/978-3-540-85093-9_15 fatcat:bgzagvzwtjhrjgghtkhopkndeu