TY - GEN

T1 - Distributed Merkle’s Puzzles

AU - Dinur, Itai

AU - Hasson, Ben

N1 - Funding Information:
I. Dinur—This research was supported by the Israel Science Foundation (grants no. 573/16 and 1903/20). The first author was additionally supported by the European Research Council under the ERC starting grant agreement no. 757731 (LightCrypt).
Publisher Copyright:
© 2021, International Association for Cryptologic Research.

PY - 2021/1/1

Y1 - 2021/1/1

N2 - Merkle’s puzzles were proposed in 1974 by Ralph Merkle as a key agreement protocol between two players based on symmetric-key primitives. In order to agree on a secret key, each player makes T queries to a random function (oracle), while any eavesdropping adversary has to make Ω(T2) queries to the random oracle in order to recover the key with high probability. The quadratic gap between the query complexity of the honest players and the eavesdropper was shown to be optimal by Barak and Mahmoody [CRYPTO’09]. We consider Merkle’s puzzles in a distributed setting, where the goal is to allow all pairs among M honest players with access to a random oracle to agree on secret keys. We devise a protocol in this setting, where each player makes T queries to the random oracle and communicates at most T bits, while any adversary has to make Ω(M· T2) queries to the random oracle (up to logarithmic factors) in order to recover any one of the keys with high probability. Therefore, the amortized (per-player) complexity of achieving secure communication (for a fixed security level) decreases with the size of the network. Finally, we prove that the gap of T· M between the query complexity of each honest player and the eavesdropper is optimal.

AB - Merkle’s puzzles were proposed in 1974 by Ralph Merkle as a key agreement protocol between two players based on symmetric-key primitives. In order to agree on a secret key, each player makes T queries to a random function (oracle), while any eavesdropping adversary has to make Ω(T2) queries to the random oracle in order to recover the key with high probability. The quadratic gap between the query complexity of the honest players and the eavesdropper was shown to be optimal by Barak and Mahmoody [CRYPTO’09]. We consider Merkle’s puzzles in a distributed setting, where the goal is to allow all pairs among M honest players with access to a random oracle to agree on secret keys. We devise a protocol in this setting, where each player makes T queries to the random oracle and communicates at most T bits, while any adversary has to make Ω(M· T2) queries to the random oracle (up to logarithmic factors) in order to recover any one of the keys with high probability. Therefore, the amortized (per-player) complexity of achieving secure communication (for a fixed security level) decreases with the size of the network. Finally, we prove that the gap of T· M between the query complexity of each honest player and the eavesdropper is optimal.

UR - http://www.scopus.com/inward/record.url?scp=85120084748&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-90453-1_11

DO - 10.1007/978-3-030-90453-1_11

M3 - Conference contribution

AN - SCOPUS:85120084748

SN - 9783030904524

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 310

EP - 332

BT - Theory of Cryptography - 19th International Conference, TCC 2021, Proceedings

A2 - Nissim, Kobbi

A2 - Waters, Brent

A2 - Waters, Brent

PB - Springer Science and Business Media Deutschland GmbH

T2 - 19th International Conference on Theory of Cryptography, TCC 2021

Y2 - 8 November 2021 through 11 November 2021

ER -