Scalable and Adaptively Secure Any-Trust Distributed Key Generation and All-hands Checkpointing
Hanwen Feng, Tiancheng Mai, Qiang Tang
TL;DR
The paper addresses the challenge of scalable, adaptively secure distributed key generation for large-scale DLog-based cryptosystems in blockchain contexts. It introduces Any-Trust DKG, which uses a small randomly sampled committee selected via VRF-based sortition, memory erasure, forward-secure signatures, and a non-committing encryption with a signature of knowledge to achieve (quasi-)linear per-node computation and communication, even against adaptive adversaries. A generic transformer enables applying conventional DKG protocols to weighted validator sets, and a practical extended broadcast channel leveraging a Public Bulletin Board and a Data Dispersal Network enables reliable broadcasting of large messages with minimal on-chain storage. The framework is applied to all-hands checkpointing into Bitcoin (Pikachu), achieving a single Bitcoin transaction per checkpoint and substantial cost savings over prior approaches like Babylon, while demonstrating feasibility at Filecoin-scale validator counts through implementation and evaluation. Overall, the work provides a practical path to large-scale, adaptively secure DKG for real-world blockchain deployments and cross-chain checkpointing, with implications for threshold cryptography in distributed systems.
Abstract
The classical distributed key generation protocols (DKG) are resurging due to their widespread applications in blockchain. While efforts have been made to improve DKG communication, practical large-scale deployments are still yet to come due to various challenges, including the heavy computation and communication (particularly broadcast) overhead in their adversarial cases. In this paper, we propose a practical DKG for DLog-based cryptosystems, which achieves (quasi-)linear computation and communication per-node cost with the help of a common coin, even in the face of the maximal amount of Byzantine nodes. Moreover, our protocol is secure against adaptive adversaries, which can corrupt less than half of all nodes. The key to our improvements lies in delegating the most costly operations to an Any-Trust group together with a set of techniques for adaptive security. This group is randomly sampled and consists of a small number of individuals. The population only trusts that at least one member in the group is honest, without knowing which one. Moreover, we present a generic transformer that enables us to efficiently deploy a conventional distributed protocol like our DKG, even when the participants have different weights. Additionally, we introduce an extended broadcast channel based on a blockchain and data dispersal network (such as IPFS), enabling reliable broadcasting of arbitrary-size messages at the cost of constant-size blockchain storage.