Secure Computation without Agreement
Purchase on Springer.com
$29.95 / €24.95 / £19.95*
* Final gross prices may vary according to local VAT.
It has recently been shown that executions of authenticated Byzantine Agreement protocols in which more than a third of the parties are corrupted, cannot be composed concurrently, in parallel, or even sequentially (where the latter is true for deterministic protocols). This result puts into question any usage of authenticated Byzantine agreement in a setting where many executions take place. In particular, this is true for the whole body of work of secure multi-party protocols in the case that 1/3 or more of the parties are corrupted. Such protocols strongly rely on the extensive use of a broadcast channel, which is in turn realized using authenticated Byzantine Agreement. Essentially, this use of Byzantine Agreement cannot be eliminated since the standard definition of secure computation (for the case that less than 1/2 of the parties are corrupted) actually implies Byzantine Agreement. Moreover, it was accepted folklore that the use of a broadcast channel is essential for achieving secure multiparty computation, when 1/3 or more of the parties are corrupted.
In this paper we show that this folklore is false. We mildly relax the definition of secure computation allowing abort, and show how this definition can be reached. The difference between our definition and previous ones is as follows. Previously, if one honest party aborted then it was required that all other honest parties also abort. Thus, the parties agree on whether or not the protocol execution terminated successfully or not. In our new definition, it is possible that some parties abort while others receive output. Thus, there is no agreement regarding the success of the protocol execution. We stress that in all other aspects, our definition remains the same. In particular, if an output is received it is guaranteed to have been computed correctly. The novelty of the new definition is in decoupling the issue of agreement from the central security issues of privacy and correctness in secure computation. As a result the lower bounds of Byzantine Agreement no longer apply to secure computation. Indeed, we prove that secure multi-party computation can be achieved for any number of corrupted parties and without a broadcast channel (or trusted preprocessing phase as required for running authenticated Byzantine Agreement). An important corollary of our result is the ability to obtain multi-party protocols that compose.
- D. Beaver. Foundations of Secure Interactive Computing. In CRYPTO’91, Springer-Verlag (LNCS 576), pages 377–391, 1991.
- D. Beaver and S. Goldwasser. Multiparty Computation with Fault Majority. In CRYPTO’89, Springer-Verlag (LNCS 435), 1989.
- D. Beaver, S. Micali and P. Rogaway. The Round Complexity of Secure Protocols. In 22nd STOC, pages 503–513, 1990.
- M. Ben-Or, S. Goldwasser and A. Wigderson. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation. In 20th STOC, pages 1–10, 1988.
- R. Canetti. Security and Composition of Multi-party Cryptographic Protocols. Journal of Cryptology, Vol. 13(1), pages 143–202, 2000. CrossRef
- R. Canetti and M. Fischlin. Universally Composable Commitments. In CRYPTO, 2001.
- R. Canetti and H. Krawczyk. Universally Composable Notions of Key-Exchange and Secure Channels. In EUROCRYPT, 2002.
- D. Chaum, C. Crepeau and I. Damgard. Multi-party Unconditionally Secure Protocols. In 20th STOC, pages 11–19, 1988.
- D. Dolev. The Byzantine Generals Strike Again. Journal of Algorithms, 3(1):14–30, 1982. CrossRef
- P. Feldman and S. Micali. An Optimal Algorithm for Synchronous Byzantine Agreement. SIAM. J. Computing, 26(2):873–933, 1997. CrossRef
- M. Fischer, N. Lynch, and M. Merritt. Easy Impossibility Proofs for Distributed Consensus Problems. Distributed Computing, 1(1):26–39, 1986. CrossRef
- M. Fitzi, N. Gisin, U. Maurer and O. Von Rotz. Unconditional Byzantine Agreement and Multi-Party Computation Secure Against Dishonest Minorities from Scratch. To appear in Eurocrypt 2002.
- M. Fitzi, D. Gottesman, M. Hirt, T. Holenstein and A. Smith. Byzantine Agreement Secure Against Faulty Majorities From Scratch. To appear in PODC, 2002.
- Z. Galil, S. Haber and M. Yung. Cryptographic Computation: Secure Fault Tolerant Protocols and the Public Key Model. In CRYPTO 1987.
- O. Goldreich. Secure Multi-Party Computation. Manuscript. Preliminary version, 1998. Available from http://www.wisdom.weizmann.ac.il/~oded/pp.html.
- O. Goldreich, S. Micali and A. Wigderson. How to Play any Mental Game — A Completeness Theorem for Protocols with Honest Majority. In 19th STOC, pages 218–229, 1987. For details see .
- S. Goldwasser and L. Levin. Fair Computation of General Functions in Presence of Immoral Majority. In CRYPTO’90, Springer-Verlag (LNCS 537), pages 77–93, 1990.
- S. Goldwasser and Y. Lindell. Secure Computation Without Agreement (full version of this paper). IACR Cryptology ePrint Archive, Report 2002/040, http://eprint.iacr.org
- J. Kilian, Founding Cryptograph on Oblivious Transfer. In 20th STOC, pages 20–31, 1988.
- J. Kilian, A general completeness theorem for two-party games. In Proc. 23rd Annual ACM Symposium on the Theory of Computing, pp. 553–560, New Orleans, Louisiana, 6–8 May 1991.
- L. Lamport. The weak byzantine generals problem. In JACM, Vol. 30, pages 668–676, 1983. CrossRef
- L. Lamport, R. Shostack, and M. Pease. The Byzantine generals problem. ACM Trans. Prog. Lang. and Systems, 4(3):382–401, 1982. CrossRef
- Y. Lindell, A. Lysyanskaya and T. Rabin. On the Composition of Authenticated Byzantine Agreement. In 34th STOC, 2002.
- S. Micali and P. Rogaway. Secure Computation. Unpublished manuscript, 1992. Preliminary version in CRYPTO’91, Springer-Verlag (LNCS 576), pages 392`404, 1991.
- M. Pease, R. Shostak and L. Lamport. Reaching agreement in the presence of faults. In JACM, Vol. 27, pages 228–234, 1980. CrossRef
- B. Pfitzmann and M. Waidner. Information-Theoretic Pseudosignatures and Byzantine Agreement for t >= n/3. Technical Report RZ 2882 (#90830), IBM Research, 1996.
- T. Rabin and M. Ben-Or. Verifiable Secret Sharing and Multiparty Protocols with Honest Majority. In 21st STOC, pages 73–85, 1989.
- A. Yao. How to Generate and Exchange Secrets. In 27th FOCS, pages 162–167, 1986.
- Secure Computation without Agreement
- Book Title
- Distributed Computing
- Book Subtitle
- 16th International Conference, DISC 2002 Toulouse, France, October 28–30, 2002 Proceedings
- pp 17-32
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Industry Sectors
- eBook Packages
To view the rest of this content please follow the download PDF link above.