SCPP Blockchain Research Workshop

IITB Trust Lab is supporting a workshop on Blockchain research and applications that will take place at Rahul Bajaj Technology Innovation Center, IIT Bombay on Monday December 16, under the Seed Funding for Collaboration and Partnerships Project (SCPP). Led by Prof. Aniket Kate (Purdue University), Prof. Vinay J. Ribeiro (IIT Bombay) and Prof. Saravanan Vijayakumaran (IIT Bombay), this workshop is open to invited participants only.

This one-day workshop sponsored by IITB-SCPP and IITB Trust Lab features talks on Blockchain and Cryptography by speakers from Purdue University, IISc Bangalore, Supra Research, IIT Madras and IIT Bombay. The goal of the workshop is to seed new collaborations between IIT Bombay and the other institutes/industry.

Talk Titles

Foundations of Distributed Trust and Blockchain Oracle Networks by Prof. John Augustine

Rational Proofs and Rational Secure Computation by Prof. Chaya Ganesh

Verifiable Delay Functions by Prof. Chethan Kamath

Performing Secure Computation over Blockchains ‘Securely‘ by Prof. Aniket Kate

ANARKey: A New Approach to (socially) Recover Keys by Dr. Pratyay Mukherjee

John Augustine

About the Speaker:

John Augustine is a Professor in the Department of Computer Science and Engineering (CSE) at the Indian Institute of Technology Madras. He holds a PhD from the Donald Bren School of Information and Computer Sciences at UC Irvine. His research interests are in distributed algorithms specifically focusing on distributed trust issues that emerge in settings where participants may behave maliciously.

He has co-authored many refereed articles that have appeared in highly reputed conferences (SODA, FOCS, PODC, NEURIPS, DISC, SPAA, IPDPS, etc.) and journals (Algorithmica, SICOMP, TCS, JPDC, TPDS, etc). i He was the chair of the distributed computing track at ICDCN 2022 and is currently serving as an associate editor at the Journal of Parallel and Distributed Computing.

At IIT Madras, he is a founding member of the Cryptography, Cybersecurity, and Distributed Trust group (CCD), which has now grown to become the Centre for Cybersecurity Trust and Reliability (CyStar). He is also affiliated with the Theory group in CSE.

Talk Title

Foundations of Distributed Trust and Blockchain Oracle Networks

Abstract: In this talk, I will be presenting a distributed computing model that captures some core aspects of blockchain oracles. We model the network as a congested clique network — a formal model in distributed computing. This is a peer-to-peer network comprising k nodes connected in the form of a clique. The nodes can exchange small messages with each other in a synchronous manner. Up to $\beta k$ nodes, for some fixed $\beta \in [0,1]$, are Byzantine nodes that can behave arbitrarily (including colluding with each other). In fact, we assume that a single Byzantine adversary can choose which of the nodes to be Byzantine as the protocol progresses and can centrally control the behaviour of all Byzantine nodes. The nodes in this network can access an external source of data modeled as a global read-only array A of n bits. Access to each bit is an expensive query and we assume that such queries are always answered correctly (e.g., authorized governmental sources, reliable/reputable data repositories, etc.). Our goal is to solve problems while minimizing the maximum number of queries by good nodes. Under this setting, we study two problems. The download problem requires all good nodes to learn all n bits of A. This can trivially be solved using n queries per good node, but we show that $\tilde{O}(n/k + \sqrt{n})$ queries suffice. The download problem represents the brute force approach to computing any function on the bits in A. To complement this, we also present a more surgical problem that requires all good nodes to learn the disjunction of the bits in A. For this problem, we show that \tilde{O}(n/k) queries suffice. All our results hold with high probability.

Our work initiates the formal study of distributed oracle networks and uncovers many open questions. So we will end the talk with a brief discussion on plausible extensions and variations.

Chaya Ganesh

About the Speaker:

Chaya Ganesh is an Assistant Professor in the Department of Computer Science and Automation at Indian Institute of Science (IISc). Before joining IISc, she was a Post-Doctoral researcher in Aarhus University, and prior to that she received her PhD from NYU’s Courant Institute of Mathematical Sciences. Her research interests are broadly in Cryptography and Security. More recently, she is exploring efficient zero-knowledge proofs and rational cryptography. She has won the IBM global university award, Google and Protocol labs research grants, Infosys Young Investigator Award and Intel Rising Star award. She served as the Program Co-chair of the Theory and practice of Blockchain workshop, and helps co-organize Bangalore Crypto day.

Talk Title

Rational Proofs and Rational Secure Computation

Abstract: I will discuss two lines of work in rational cryptography.

(1) Rational Proof Systems: Our starting point is the notion of rational arguments, a variant of rational proofs (Azar and Micali, STOC 2012) where security holds against rational adversaries that are also computationally bounded. Rational arguments are an interesting primitive because they generally allow for very efficient protocols, and in particular sublinear verification (i.e. where the Verifier does not have to read the entire input). We provide the first construction of rational arguments for the class of polynomial computations and with logarithmic communication. We obtain this through a compiler from information-theoretic protocols and rational proofs for polynomial evaluation. We propose a new notion of extractability for rational arguments. Through this notion we can obtain arguments where knowledge of a witness is incentivized (rather than incentivizing mere soundness). We show how our compiler can also be applied to obtain efficient extractable rational arguments for NP.

(2) General secure computation for rational parties: We present a definition of rational secure computation that takes an entropic view of utilities and place this definition in the traditional hierarchy of semi-honest/malicious models. We discuss the applicability of this notion by extending the Dual GC protocol due to Mohassel and Franklin (PKC 2006) to make it rationally secure for functions for which parties are incentivised to use their true inputs._. Our starting point is the notion of rational arguments, a variant of rational proofs (Azar and Micali, STOC 2012) where security holds against rational adversaries that are also computationally bounded. Rational arguments are an interesting primitive because they generally allow for very efficient protocols, and in particular sublinear verification (i.e. where the Verifier does not have to read the entire input). We provide the first construction of rational arguments for the class of polynomial computations and with logarithmic communication. We obtain this through a compiler from information-theoretic protocols and rational proofs for polynomial evaluation. We propose a new notion of extractability for rational arguments. Through this notion we can obtain arguments where knowledge of a witness is incentivized (rather than incentivizing mere soundness). We show how our compiler can also be applied to obtain efficient extractable rational arguments for NP.

(2)_General secure computation for rational parties_. We present a definition of rational secure computation that takes an entropic view of utilities and place this definition in the traditional hierarchy of semi-honest/malicious models. We discuss the applicability of this notion by extending the Dual GC protocol due to Mohassel and Franklin (PKC 2006) to make it rationally secure for functions for which parties are incentivised to use their true inputs.

Chethan Kamath

About the Speaker:

Chethan Kamath is an Assistant Professor at the CSE Department at IIT Bombay, where he is a member of the Theory Group and IITB Trust Lab. His primary field of research is Cryptography, particularly its foundations. But his interests extend beyond to theoretical Computer Science.

Talk Title

Verifiable Delay Functions

Abstract: A verifiable delay function (VDF) is a slow-to-compute function whose output can be quickly and publicly verified given a proof. VDFs have been useful, e.g., in design of blockchains and construction of randomness beacons. In this talk, I will give an overview of the different constructions of VDFs, with focus on some of the newer post-quantum proposals.

Aniket Kate

About the Speaker:

Prof. Aniket Kate is an Associate Professor of Computer Science and a University Faculty Scholar at Purdue University. He is also the Chief Research Officer at Supra. He is an applied cryptographer and a privacy researcher. His research builds on and expands applied cryptography, distributed computing, and game theory to solve security/privacy problems in decentralized environments. His current projects focus on distributed ledgers (or blockchains) and secure computations. He is a recipient of the 2019 NSF CAREER Award.

Before joining Purdue in 2015, he was a junior faculty member at Saarland University, Germany. He completed his postdoctoral fellowship at Max Planck Institute for Software Systems (MPI-SWS) in Germany. He received his PhD from the University of Waterloo, Canada, and his masters from IIT-Bombay, India.

Talk Title

Performing Secure Computation over Blockchains ‘Securely’

Abstract: Many threshold cryptosystems (or multi-party computation–MPC) in practice rely on broadcast channels for security and termination. A broadcast channel can only be built over point-to-point synchronous channels (and not otherwise). However, the Internet cannot be considered to be synchronous for latency-sensitive secure computations. Some contemporary solutions leverage blockchains as broadcast channels. However, blockchains (i.e., state machine replication (SMR) systems) only ensure that any two honest parties store the same prefix of messages in their logs. This makes blockchain unsuitable as true broadcast channels. Indeed, a single validator can force an honest sender’s message to not appear on a blockchain in time.

This talk advocates an alternative but natural design approach for building MPC. Thanks to recent tremendous growth in the blockchain space, we now have SMRs that offer sub-second latency and throughput beyond 200K msg/sec. We propose to employ blockchains for building MPC solutions; however, we treat blockchains as SMRs and not as broadcast channels. The talk will focus on securely designing different threshold cryptographic primitives and MPC protocols for use over the blockchains. We will also discuss the vision and challenges of converting any broadcast-based threshold cryptographic primitives to one using an SMR.

Pratyay Mukherjee

About the Speaker:

Pratyay Mukherjee is currently a Senior Director of Research at Supra, with previous roles as a (senior) researcher at Swirlds Labs, Visa Research, and as a postdoc in EECS at UC Berkeley. He holds a PhD in Comp Sc from Aarhus University (2015), an M.Tech in Comp Sc and Eng from IIT Kharagpur (2011), and a B.E. in Electronics and Telecom Eng from Jadavpur University (2008). His research centers on theoretical and applied cryptography, focusing on the analysis, design, and formalization of practical cryptographic problems. Recently he has been mostly focusing on the application of cryptography within the blockchain space.

Talk Title

ANARKey: A New Approach to (socially) Recover Keys

Abstract: In cryptocurrency, account security typically relies on a secret signing key; losing it makes funds totally inaccessible. To avoid such a

catastrophic scenario, securely backing up this key is essential. Social key recovery involves using trusted contacts (guardians) to restore access. This talk presents a new approach to social recovery within a community of crypto users, where each member holds only their secret key and can use others as guardians, forming a mutual backup structure. Unlike traditional secret sharing, which requires each guardian to store unique secret data for each key owner (and thereby incurs high secret storage requirement, growing linearly with the number of owners), our method–Bottom-Up Secret Sharing (BUSS)–eliminates any extra secret storage need by allowing owner-specific data to be stored publicly. I’ll conclude with performance metrics to demonstrate the practicality and also a few future directions.

This is based on a joint work with Aniket Kate (Supra/Purdue), Bhaskar Roberts (UC Berkeley), Hamza Saleem (Supra) and Pratik Sarkar (Supra).

Performing Secure Computation over Blockchains 'Securely' 9:30 AM to 10:10 AM

by Prof. Aniket Kate
Rational Proofs and Rational Secure Computation 10:10 AM - 10:50 AM

by Prof. Chaya Ganesh
ANARKey: A New Approach to (socially) Recover Keys 10:50 AM - 11:30 AM

by Dr. Pratyay Mukherjee
Tea/Coffee Break 11:30 AM - 11:50 AM
Foundations of Distributed Trust and Blockchain Oracle Networks 11:50 noon - 12:30 PM

by Prof. John Augustine
Verifiable Delay Functions 12:30 PM - 1:10 PM

by Prof. Chethan Kamath
Lunch break 1:10 PM - 2:30 PM
Brainstorming Session 2:30 PM - 4:30 PM

A closed session between the speakers & organizers.

Seed Funding for Collaboration and Partnerships Project (SCPP) is a component of the IoE initiative, aimed at fostering enduring relationships between IITB faculty members with foreign institutes, as well as accruing collaboration benefits to the Institute.

The scheme encourages the faculty members who would like to start new collaborations to apply under this scheme. The approved fund may be utilized for travel, conducting workshop(s) with the foreign collaborator(s), thereby facilitating increased interaction between larger number of the Institute’s faculty members with the foreign institutes and opening new collaboration avenues.