Advances in Cryptology — CRYPTO ’87
Volume 293 of the series Lecture Notes in Computer Science pp 87119
Multiparty Computations Ensuring Privacy of Each Party’s Input and Correctness of the Result
 David ChaumAffiliated withCentre for Mathematics and Computer Science
 , Ivan B. DamgårdAffiliated withCentre for Mathematics and Computer Science
 , Jeroen van de GraafAffiliated withCentre for Mathematics and Computer Science
Abstract
A protocol is presented that allows a set of parties to collectively perform any agreed computation, where every party is able to choose secret inputs and verify that the resulting output is correct, and where all secret inputs are optimally protected.

One participant is allowed to hide his secrets unconditionally, i.e. the protocol releases no Shannon information about these secrets. This means that a participant with bounded resources can perform computations securely with a participant who may have unlimited computing power. To the best of our knowledge, our protocol is the first of its kind to provide this possibility.

The cost of our protocol is linear in the number of gates in a circuit performing the computation, and in the number of participants. We believe it is conceptually simpler and more efficient than other protocols solving related problems ([Y1], [GoMiWi] and [GaHaYu]). It therefore leads to practical solutions of problems involving small circuits.

The protocol is openly verifiable, i.e. any number of people can later come in and rechallenge any participant to verify that no cheating has occurred.

The protocol is optimally secure against conspiracies: even if n − 1 out of the n participants collude, they will not find out more about the remaining participants’ secrets than what they could already infer from their own input and the public output.

Each participant has a chance of undetected cheating that is only exponentially small in the amount of time and space needed for the protocol.

The protocol adapts easily, and with negligible extra cost, to various additional requirements, e.g. making part of the output private to some participant, ensuring that the participants learn the output simultaneously, etc.

Participants can prove relations between data used in different instances of the protocol, even if those instances involve different groups of participants. For example, it can be proved that the output of one computation was used as input to another, without revealing more about this data.

The protocol can be usen as an essential tool in proving that all languages in IP have zero knowledge proof systems, i.e. any statement which can be proved interactively can also be proved in zero knowledge.
The rest of this paper is organised as follows: First we survey some related results. Then Section 2 gives an intuitiveintroduction to the protocol. In Section 3, we present one of the main tools used in this paper: bit commitment schemes. Sections 4 and 5 contain the notation, terminology, etc. used in the paper. In Section 6, the protocol is presented, along with proofs of its security and correctness. In Section 7, we show how to adapt the protocol to various extra requirements and discuss some generalisations and optimisations. Finally, Section 8 contains some remarks on how to construct zero knowledge proof systems for any language in IP.
 Title
 Multiparty Computations Ensuring Privacy of Each Party’s Input and Correctness of the Result
 Book Title
 Advances in Cryptology — CRYPTO ’87
 Book Subtitle
 Proceedings
 Book Part
 Section 2:
 Pages
 pp 87119
 Copyright
 1988
 DOI
 10.1007/3540481842_7
 Print ISBN
 9783540187967
 Online ISBN
 9783540481843
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 293
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 SpringerVerlag Berlin Heidelberg
 Additional Links
 Topics
 Industry Sectors
 eBook Packages
 Editors

 Carl Pomerance ^{(1)}
 Editor Affiliations

 1. Department of Mathematics, The University of Georgia
 Authors

 David Chaum ^{(2)}
 Ivan B. Damgård ^{(2)}
 Jeroen van de Graaf ^{(2)}
 Author Affiliations

 2. Centre for Mathematics and Computer Science, Kruislaan 413, 1098 SJ, Amsterdam, the Netherlands
Continue reading...
To view the rest of this content please follow the download PDF link above.