How should a blockchain keep a secret?

•

How should a blockchain keep a secret? 🔑 I recently spoke about this @ the Dagstuhl Seminar on Next-Generation Secure Distributed Computing organized by @cczurich, @aniketpkate, @julian_loss & @kartik1507 (Why? On-chain randomness, encrypt-to-a-smart-contract & more.)

Let's begin.

At the core of every blockchain that keeps a secret lies a *distributed key generation (DKG)* protocol, which helps the blockchain validators jointly establish a shared secret s. The key property: *only* validators who jointly have >66% stake can reconstruct s (or some f(s)).

In turn, at the core of every DKG lies a *secret sharing (SS)* scheme. For the proof-of-stake setting, a *weighted secret sharing (WSS)* scheme! Although, we know a couple of things about WSS (👇), the most efficient construction is still a black-box transformation from SS.

So, understanding how to build more efficient weighted secret sharing remains a very interesting question! For example, recent work leverages the Chinese Remainder Theorem to reduce the share size (although sacrifices reconstruction linearity).

A very convenient building block for DKGs is *publicly-verifiable (weighted) secret sharing (PVSS)* PVSS perfectly showcases why we should strive for elegance in cryptography! 🤌 Unless one has tried to implement a DKG before, its simplicity can be hard to appreciate.

Case in point: a *simple* t-out-of-n DKG from a t-out-of-n PVSS 👇

There is (and should be) more & more attention given to PVSS schemes, especially schemes that deal a group element secret, which are *extremely* efficient! (In fact, we at @Aptos_Network have built our own PVSS [DPTX24] and deployed it in production: youtube.com/watch?v=47TRNUTMAyo.)

The rest of the talk (alinush.github.io/2024/09/05/How-should-a-blockchain-keep-a-secret.html) touches on: 1. Silent setup (alinush.github.io/2024/05/02/what-in-the-smurf-is-a-silent-setup-multiverse-unpredictable-function.html) 2. Anti-collusion in secret sharing infras 3. Faster threshold crypto: e.g., eprint.iacr.org/2024/1575, eprint.iacr.org/2024/1516 (References to all cited papers are in the slides!)