A Protocol for the Distributed Generation of Random Values and Some Applications

This paper introduces an efficient method to jointly generate provably random values between a set of n parties P = {P1, . . . , Pn}, where at most t < n 2 are corrupted by a rushing adversary. We call such a scheme a tRVG (random value generation) protocol. The correctness of our scheme, i.e. the randomness of the generated values, can be formally proven under the DDH assumption. In particular, even corrupted parties do not have the chance to bias the outcome to a non-uniform distribution. We then use t-RVG as a building block to develop an efficient protocol to jointly generate k 2 provably random keys for discrete log based cryptosystems. Our protocol is provably secure under the discrete logarithm assumption, if less than n/2 parties are corrupted. Compared to previous protocols for the same purpose, our protocol reduces the dominating factor for the communication costs, the number of reliable broadcasts, by a factor of n. Finally, we show how to use our techniques for Non-Malleable Robust Group Key Exchange.