Daniele Friolo

PhD Graduate

PhD program:: XXXIII


co-supervisor: Daniele Venturi

Thesis title: New Perspectives in Multi-Party Computation: Low Round Complexity from New Assumptions, Financial Fairness and Public Verifiability

Research in Multi-Party Computation is constantly evolving over the years. Starting from the very first result by Yao in 1982, to serve new and more practical scenarios, a lot of different protocols with stronger security properties have been introduced and proven for several assumptions. For some functionalities, properties like public verifiability, fairness and round-optimality can be considered nowadays a minimal set of assumption to consider an MPC protocol practical. Asynchrony, in the sense that different parties should be able to join a protocol at different times, is fundamental for applications like decentralized lotteries, where the protocol execution can last even days. In such case, due to the involvement of monetary payments, parties must also be aware of what happens to their pockets when such protocols are run. In particular, they must be sure that the execution of a certain class of protocols is financially sustainable. We list below our three contributions to the thesis. We firstly introduce a new theoretical result, showing how to achieve low round MPC from new assumptions. In particular, we show how to construct maliciously secure oblivious transfer (M-OT) from a mild strengthening of key agreement (KA) which we call {\em strongly uniform} KA (SU-KA), where the latter roughly means that the messages sent by one party are computationally close to uniform, even if the other party is malicious. Our transformation is black-box, almost round preserving (adding only a constant overhead of two rounds), and achieves standard simulation-based security in the plain model. As we show, 2-round SU-KA can be realized from cryptographic assumptions such as low-noise LPN, high-noise LWE, Subset Sum, DDH, CDH and RSA---all with polynomial hardness---thus yielding a black-box construction of fully-simulatable, round-optimal, M-OT from the same set of assumptions (some of which were not known before). By invoking a recent result of Benhamouda and Lin (EUROCRYPT 2017), we also obtain (non-black-box) 5-round maliciously secure MPC in the plain model, from the same assumptions. Our second and third contributions are focused on the concrete application of MPC protocols achieving the aforementioned properties in real-world scenarios. In applications like decentralized lotteries, decentralized payment mechanisms like blockchains relying on smart contracts can be considered a powerful tool to enforce the correct behavior of cheating players with the aid of monetary incentives or punishments. In facts, a weaker version of fairness called fairness with penalties, firstly introduced in the lottery protocol of Andrychowicz et al. (S&P '14) and then formally defined by Bentov et al. (CRYPTO'14), can be used to ensure that corrupted players are incentivized to reveal the output to honest players. This can be done successfully through Bitcoin scripts or Ethereum smart contracts. In our second contribution, we consider executions of smart contracts on forking blockchains (e.g., Ethereum) and study security and delay issues due to forks. As security notion for modeling executions of smart contracts, we focus on MPC. In particular, we consider on-chain MPC executions with the aid of smart contracts. The classical double-spending problem tells us that messages of the MPC protocol should be confirmed on-chain before playing the next ones, thus slowing down the entire execution. This contribution consists of two results: - For the concrete case of fairly tossing multiple coins with penalties, we notice that the lottery protocol of Andrychowicz et al. becomes insecure if players do not wait for the confirmations of several transactions. In addition, we present a smart contract that instead retains security even when all honest players immediately answer to transactions appearing on-chain. We analyze the performance using Ethereum as testbed. - We design a compiler that takes any ``digital and universally composable'' MPC protocol (with or without honest majority), and transforms it into another one (for the same task and same setup) which maintains security even if all messages are played on-chain without delays. The special requirements on the starting protocol mean that messages consists only of bits (e.g., no hardware token is sent) and security holds also in the presence of other protocols. We further show that our compiler satisfies fairness with penalties as long as honest players only wait for confirmations once. By reducing the number of confirmations, our protocols can be significantly faster than natural constructions, maintaining at the same time public verifiability, asynchrony (obtained by making the parties posting messages to the blockchain via smart contracts), and fairness with penalties. As a third contribution, we survey the state-of-the-art blockchain based penalty protocols (i.e achieving fairness with penalties) and pioneer another type of fairness, financial fairness, that is closer to the real-world valuation of financial transactions. Intuitively, a penalty protocol is financially fair if the net present cost of participation of honest parties---i.e., the difference between the total value of cash inflows and the total value of cash outflows at the end of the protocol, weighted by the relative discount rate---is the same, even when some parties cheat. Then, we show that the ladder protocol (CRYPTO'14), and its variants (CCS'15 and CCS'16), fail to achieve financial fairness both in theory and in practice, while the penalty protocols of Kumaresan and Bentov (CCS'14) and Baum, David and Dowsley (FC'20) are financially fair. Moreover, It can be inferred that the fair with penalties extension of the generic compiler presented in our second contribution, based on CCS'14, is financially fair. Hence, our compiler is also financially sustainable.

Research products

11573/1695924 - 2023 - Multi-key and Multi-input Predicate Encryption from Learning with Errors
Francati, D.; Friolo, D.; Malavolta, G.; Venturi, D. - 04b Atto di convegno in volume
conference: EUROCRYPT (Lione)
book: Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23-27, 2023, Proceedings, Part III - (978-3-031-30619-8; 978-3-031-30620-4)

11573/1702050 - 2023 - Registered (Inner-Product) Functional Encryption
Francati, Danilo; Friolo, Daniele; Maitra, Monosij; Malavolta, Giulio; Rahimi, Ahmadreza; Venturi, Daniele - 04b Atto di convegno in volume
conference: 29th International Conference on the Theory and Application of Cryptology and Information Security (Guangzhou, China)
book: Advances in Cryptology - ()

11573/1702054 - 2023 - On the Complete Non-malleability of the Fujisaki-Okamoto Transform
Friolo, D.; Salvino, M.; Venturi, D. - 04b Atto di convegno in volume
conference: 21st International Conference on Applied Cryptography and Network Security, ACNS 2023 (Kyoto, Japan)
book: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) - ()

11573/1691957 - 2023 - MARTSIA: Enabling Data Confidentiality for Blockchain-Based Process Execution
Marangone, Edoardo; Di Ciccio, Claudio; Friolo, Daniele; Nemmi, Eugenio Nerio; Venturi, Daniele; Weber, Ingo - 04b Atto di convegno in volume
conference: Enterprise Design, Operations, and Computing - 27th International Conference, EDOC 2023 (Groningen, The Netherlands)
book: Enterprise Design, Operations, and Computing - 27th International Conference, EDOC 2023, Groningen, The Netherlands, October 30 - November 3, 2023, Proceedings - (978-3-031-46586-4; 978-3-031-46587-1)

11573/1698900 - 2022 - Efficient Proofs of Knowledge for Threshold Relations
Avitabile, G.; Botta, V.; Friolo, D.; Visconti, I. - 04b Atto di convegno in volume
conference: European Symposium On Research In Computer Security (Copenhagen; Denmark)
book: Computer Security – ESORICS 2022 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part III - (978-3-031-17142-0; 978-3-031-17143-7)

11573/1673702 - 2022 - Cryptographic and Financial Fairness
Friolo, D.; Massacci, F.; Ngo, C. N.; Venturi, D. - 01a Articolo in rivista
paper: IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (New York, N.Y.: IEEE, 2006-) pp. 3391-3406 - issn: 1556-6013 - wos: WOS:000864326600002 (3) - scopus: 2-s2.0-85137560209 (4)

11573/1718867 - 2021 - Terrorist Attacks for Fake Exposure Notifications in Contact Tracing Systems
Avitabile, G.; Friolo, D.; Visconti, I. - 04b Atto di convegno in volume
conference: International Conference on Applied Cryptography and Network Security (Kamakura; Japan)
book: Applied Cryptography and Network Security 19th International Conference, ACNS 2021, Kamakura, Japan, June 21–24, 2021, Proceedings, Part I - (978-3-030-78371-6)

11573/1595570 - 2021 - Shielded Computations in Smart Contracts Overcoming Forks
Botta, V.; Friolo, D.; Venturi, D.; Visconti, I. - 04b Atto di convegno in volume
conference: Financial Cryptography and Data Security Conference (Virtual Conference)
book: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) - (978-3-662-64321-1; 978-3-662-64322-8)

11573/1695840 - 2021 - Personalizing Cancer Pain Therapy: Insights from the Rational Use of Analgesics (RUA) Group
Varrassi, G.; Coluzzi, F.; Guardamagna, V. A.; Puntillo, F.; Sotgiu, G.; Vellucci, R.; Abrardi, L.; Aiello, A.; Albanese, G. V.; Alongi, A.; Altavilla, L.; Ambrosio, R.; Ammirati, L. A.; Bacchini, G. P.; Balbi, V.; Ballarin, S.; Balloni, A. G.; Bambagioni, V.; Bellavia, G.; Berte', R.; Bertolini, F.; Bertolucci, A.; Bilani, V.; Bonafede, E. V.; Bonato, C.; Bondi, F.; Bosco, M.; Bottino, F.; Branca, B.; Brizio, A.; Brogi, L.; Brollo, M.; Bruera, G.; Brusco, G.; Burato, A. M.; Caiozzi, S. F.; Calabrese, G.; Calligaris, M.; Cantisani, E.; Capecchi, S.; Caponi, S.; Carbone, M.; Carella, C.; Careri, M. C.; Carnicella, A.; Caruso, M. L.; Catania, E.; Cavo, A.; Cianci, G.; Cocchiarella, A.; Colombo, L.; Corsi, G.; Cortinovis, R.; Costantini, S.; Crispi, M.; Cuccu, G.; Cuomo, A.; Dalia, P.; D'amato, G.; De Chirico, C.; De Clementi, M.; De Gasperi, M.; De Lisi, A.; De Lucia, L.; De Martino, G.; De Toni, P.; De Tursi, M.; Defendi, S.; Degl'innocenti, M.; Santi, I. D.; Destro, M.; Di Bartolomeo, C.; Di Ciaula, G.; Di Fonzo, C.; Di Maggio, G.; Di Matteo, S.; Di Paolo, A.; Di Trapani, M. C.; Di Zio, I.; Diodati, M.; Dongiovanni, D.; D'urso, M.; Fabiani, M. G.; Facciuto, P.; Falco, V.; Faraone, E.; Fasano, M.; Ferrara, P.; Florian, C.; Fora, G.; Fornaro, F.; Forno, B.; Fortis, M.; Foti, S.; Friolo, D.; Gabris, A.; Galanti, D.; Galizia, B.; Gallo, P.; Gaudio, L.; Gentili, G.; Ginex, G.; Giuliani, J.; Gobber, G.; Amerelli, A. G.; Gorgni, S.; Gucciardino, C.; Ieri, T.; Ingui', M.; Jamara, G.; La Sala, A.; Lattuca, P.; Mauro, M. L.; Luigini, A.; Luisi, D.; Lungu, V.; Mabilia, R.; Macaluso, S.; Maglio, A.; Magnapera, A.; Maione, A.; Malorgio, F.; Mancuso, A.; Manni, A.; Marchesi, R.; Mariani, M.; Martini, A.; Massetti, M.; Mauceri, M.; Melo, M.; Merlotti, R.; Modugno, D.; Montagna, M. C.; Montanari, L.; Napolitano, G.; Nicodemo, M.; Orlandini, G.; Orlandini, F.; Orsi, P.; Pacifico, C.; Pagliaro, E.; Paladini, A.; Paolucci, V.; Pascazio, A.; Pastore, A.; Patanella, I.; Pedaci, E.; Pellegrini, A.; Pellerito, N.; Pepe, V.; Petreni, P.; Piazza, S.; Picchi, M.; Piccinelli, G.; Pignatelli, A.; Pinta, F.; Pinto, T.; Piovano, P. L.; Pirajno, G.; Pollastrini, C.; Potenza, I.; Provenzano, A.; Provinciali, N.; Puglia, L.; Putignano, D.; Ranucci, A.; Ravoni, G.; Redivo, L.; Ricchini, F.; Rizzi, F.; Romoli, M.; Ronga, G.; Rosafio, I.; Roselli, L.; Russano, M.; Russo, P.; Saetta, A.; Sarnelli, R.; Sartori, S.; Saviola, A.; Scandone, F.; Scibilia, C.; Silverj, E.; Sosta, E.; Sparacino, M. E.; Tavella, E.; Tempera, S.; Terranova, A.; Tomasini, V.; Trivellato, E.; Vallisneri, C.; Vannini, A.; Vassillo, M.; Verni, P.; Visconti, E.; Zaza, A.; Zizzetti, S. - 01a Articolo in rivista
paper: PAIN AND THERAPY (Heidelberg : Springer) pp. 605-617 - issn: 2193-8237 - wos: WOS:000629840200001 (8) - scopus: 2-s2.0-85102691598 (7)

11573/1512247 - 2020 - Vision: What If They All Die? Crypto Requirements For Key People
Nam Ngo, Chan; Friolo, Daniele; Massacci, Fabio; Venturi, Daniele; Battaiola, Ettore - 04b Atto di convegno in volume
conference: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (Genova; Italia)
book: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) - (978-1-7281-8598-9)

11573/1348933 - 2019 - A Black-Box Construction of Fully-Simulatable, Round-Optimal Oblivious Transfer from Strongly Uniform Key Agreement
Friolo, D.; Masny, D.; Venturi, D. - 04b Atto di convegno in volume
conference: 17th International Conference on Theory of Cryptography, TCC 2019 (Nuremberg; Germany)
book: Theory of Cryptography - (978-3-030-36029-0; 978-3-030-36030-6)

11573/1512239 - 2019 - Affordable Security or Big Guy vs Small Guy
Friolo, Daniele; Massacci, Fabio; Nam Ngo, Chan; Venturi, Daniele - 04b Atto di convegno in volume
conference: Security Protocols Workshop (Cambridge; UK)
book: Security Protocols XXVII - (978-3-030-57042-2)

© Università degli Studi di Roma "La Sapienza" - Piazzale Aldo Moro 5, 00185 Roma