Chandrasekharan Pandu Rangan

Bio: Chandrasekharan Pandu Rangan is an academic researcher from Indian Institute of Technology Madras. The author has contributed to research in topics: Communication complexity & Message broker. The author has an hindex of 7, co-authored 7 publications receiving 111 citations.

Simple and efficient asynchronous byzantine agreement with optimal resilience

Abstract: Consider a completely asynchronous network consisting of n parties where every two parties are connected by a private channel. An adversary At with unbounded computing power actively controls at most t = ([n/3] − 1) out of n parties in Byzantine fashion. In this setting, we say that π is a t-resilient, (1 − e)-terminating Asynchronous Byzantine Agreement (ABA) protocol, if π satisfies all the properties of Byzantine Agreement (BA) in asynchronous settings tolerating At and terminates (i.e every honest party terminates π with probability at least (1 − e). In this work, we present a new t-resilient, (1 − e)-terminating ABA protocol which privately communicates O(Cn6 κ) bits and A-casts1O(Cn6 κ) bits, where e = 2−Ω(κ) and C is the expected running time of the protocol. Moreover, conditioned on the event that our ABA protocol terminates, it does so in constant expected time; i.e., C = O(1). Our ABA protocol is to be compared with the only known t-resilient, (1 − e)-terminating ABA protocol of [5] in the same settings, which privately communicates O(Cn11 κ4) bits and A-casts O(Cn11 κ2 log(n)) bits, where e = 2−Ω(κ) and C = O(1). So our ABA achieves a huge gain in communication complexity in comparison to the ABA of [5], while keeping all other properties in place. In another landmark work, in PODC 2008, Abraham et. al [1] proposed a t-resilient, 1-terminating (called as almost-surely terminating in [1]) ABA protocol which privately communicates O(Cn6 log n) bits and A-casts O(Cn6 log n) bits. But ABA protocol of Abraham et. al. takes polynomial (C = O(n2)) expected time to terminate. Hence the merits of our ABA protocol over the ABA of Abraham et. al. are: (i) For any κ

On the Optimal Communication Complexity of Multiphase Protocols for Perfect Communication

Abstract: In the perfectly secure message transmission (PSMT) problem, two synchronized non-faulty players (or processors), the Sender S and the Receiver R are connected by n wires (each of which facilitates 2-way communication); S has a message, represented by a sequence oft elements from a finite field, that he wishes to send to R; after exchanging messages in phases R should correctly obtain S 's message, while an adversary listening on and actively controlling any set of t (or less) wires should have no information about S 's message. Similarly, in the problem of perfect reliable message transmission (PRMT), the receiver R should correctly obtain S's message, in spite of the adversary actively controlling any set oft (or less) wires.

Constant Size Ring Signature Without Random Oracle

Abstract: Ring signature enables an user to anonymously sign a message on behalf of a group of users termed as ‘ring’ formed in an ‘ad-hoc’ manner. A naive scheme produces a signature linear in the size of the ring, but this is extremely inefficient when ring size is large. Dodis et al. proposed a constant size scheme in EUROCRYPT’13, but its security is provided in random oracle model. Best known result without random oracle is a sub-linear size construction by Chandran et al. in ICALP’07 and a follow-up work by Essam Ghadafi in IMACC’13. Therefore, construction of a constant size ring signature scheme without random oracle meeting stringent security requirement still remained as an interesting open problem.

Efficient single phase unconditionally secure message transmission with optimum communication complexity

Abstract: Solenoid operated directional valves are disclosed requiring minimum labor costs for original manufacture, installation at sites of use and subsequent maintenance and repair, which have electrical apparatus for actuating the solenoids, including improved terminal blocks mounted on the valve body and electrical plugs and associated junction boxes by which electrical power is supplied to the terminal block for delivery to the appropriate solenoid, the terminal block and electrical plugs having electrical connectors to enable the electrical plug and junction box to be mounted in more than one position with respect to the terminal block while providing continuity of operation of the solenoids, ground connections and lamp indicator means.

Brief announcement: perfectly secure message transmission in directed networks re-visited

Abstract: Consider the following problem: a sender S and a receiver R are part of a directed synchronous network N and are connected by a number of uni-directional node disjoint paths/channels, each of which is abstracted as directed edge, called wire. Specifically, there exists n directed wires from S to R, denoted as f1, . . . .fn, also referred as top band and u directed wires from R to S, denoted as b1, . . . , bu, also referred as bottom band. There exists an adversary At, having unbounded computing power, who controls at most t wires (out of n + u wires) between S and R in Byzantine fashion. Thus, the adversary can read and corrupt the communication through the wires under its control in an arbitrary fashion. S and R do not share any information in advance. Now S intends to communicate a message m, containing ≥ 1 field elements from a finite field F to R. The challenge is to design a protocol such that after interacting in phases , as per the protocol, R should correctly output m without any error, irrespective of the behavior of At. Moreover, At should get no information about m what so ever, in information theoretic sense. This problem is called perfectly secure message transmission (PSMT) [2, 1]. PSMT problem is one of the foundation problems in secure distributed computing. Notice that since At is computationally unbounded, we cannot use classical cryptography tools, such as public key cryptograpgy, digital signatures, etc, to solve PSMT problem, as the security of these primitives are based on the assumption that adversary is computationally bounded. Desmedt et.al [1] have shown that PSMT over N , tolerating At is possible iff there exist n = max (3t − 2u + 1, 2t + 1) ∗Financial Support from Microsoft Research India Acknowledged. †Financial Support from Infosys Technology India Acknowledged. ‡Work supported by Project No. CSE/0506/076/DITX/CPAN on Protocols for Secure Communication and Computation, sponsored by Department of Information Technology, Govt. of India. A phase is a send from S to R or vice-versa.

Computational verifiable secret sharing revisited

Abstract: Verifiable secret sharing (VSS) is an important primitive in distributed cryptography that allows a dealer to share a secret among n parties in the presence of an adversary controlling at most t of them. In the computational setting, the feasibility of VSS schemes based on commitments was established over two decades ago. Interestingly, all known computational VSS schemes rely on the homomorphic nature of these commitments or achieve weaker guarantees. As homomorphism is not inherent to commitments or to the computational setting in general, a closer look at its utility to VSS is called for. In this work, we demonstrate that homomorphism of commitments is not a necessity for computational VSS in the synchronous or in the asynchronous communication model. We present new VSS schemes based only on the definitional properties of commitments that are almost as good as the existing VSS schemes based on homomorphic commitments. Importantly, they have significantly lower communication complexities than their (statistical or perfect) unconditional counterparts. Further, in the synchronous communication model, we observe that a crucial interactive complexity measure of round complexity has never been formally studied for computational VSS. Interestingly, for the optimal resiliency conditions, the least possible round complexity in the known computational VSS schemes is identical to that in the (statistical or perfect) unconditional setting: three rounds. Considering the strength of the computational setting, this equivalence is certainly surprising. In this work, we show that three rounds are actually not mandatory for computational VSS. We present the first two-round VSS scheme for n≥2t+1 and lower-bound the result tightly by proving the impossibility of one-round computational VSS for t≥2 or n≤3t. We also include a new two-round VSS scheme using homomorphic commitments that has the same communication complexity as the well-known three-round Feldman and Pedersen VSS schemes.

Reaching Consensus for Asynchronous Distributed Key Generation

Abstract: We give a protocol for Asynchronous Distributed Key Generation (A-DKG) that is optimally resilient (can withstand f Our A-DKG protocol relies on several building blocks that are of independent interest. We define and design a Proposal Election (PE) protocol that allows parties to retrospectively agree on a validproposal after enough proposals have been sent from different parties. With constant probability the elected proposal was proposed by a nonfaulty party. In building our PE protocol, we design a Verifiable Gather protocol which allows parties to communicate which proposals they have and have not seen in a verifiable manner. The final building block to our A-DKG is a Validated Asynchronous Byzantine Agreement (VABA) protocol. We use our PE protocol to construct a VABA protocol that does not require leaders or an asynchronous DKG setup. Our VABA protocol can be used more generally when it is not possible to use threshold signatures.

Truly Efficient $2$ -Round Perfectly Secure Message Transmission Scheme

Abstract: In the model of perfectly secure message transmission (PSMT) schemes, there are n channels between a sender and a receiver. An infinitely powerful adversary A may corrupt (observe and forge) the messages sent through t out of n channels. The sender wishes to send a secret s to the receiver perfectly privately and perfectly reliably without sharing any key with the receiver. In this paper, we show the first 2-round PSMT for n = 2t + 1 such that not only the transmission rate is O(n) but also the computational costs of the sender and the receiver are both polynomial in n. This means that we solve the open problem raised by Agarwal, Cramer, and de Haan at CRYPTO 2006. The main novelty of our approach is to introduce a notion of pseudobasis to the coding theory. It will be an independent interest for coding theory, too.

The Round Complexity of Verifiable Secret Sharing: The Statistical Case

Abstract: We consider the round complexity of a basic cryptographic task: verifiable secret sharing (VSS). This well-studied primitive provides a good “test case” for our understanding of round complexity in general; moreover, VSS is important in its own right as a central building block for, e.g., Byzantine agreement and secure multi-party computation.

The disagreement power of an adversary

Abstract: At the heart of distributed computing lies the fundamental result that the level of agreement that can be obtained in an asynchronous shared memory model where t processes can crash is exactly t + 1. In other words, an adversary that can crash any subset of size at most t can prevent the processes from agreeing on t values. But what about all the other 22n−1−(n+1) adversaries that are not uniform in this sense and might crash certain combination of processes and not others? This paper presents a precise way to classify all adversaries. We introduce the notion of disagreement power: the biggest integer k for which the adversary can prevent processes from agreeing on k values. We show how to compute the disagreement power of an adversary and derive n equivalence classes of adversaries.