Public Key Cryptography – PKC 2010

Volume 6056 of the series Lecture Notes in Computer Science pp 88-106

On the Feasibility of Consistent Computations

  • Sven LaurAffiliated withUniversity of Tartu
  • , Helger LipmaaAffiliated withCybernetica ASTallinn University


In many practical settings, participants are willing to deviate from the protocol only if they remain undetected. Aumann and Lindell introduced a concept of covert adversaries to formalize this type of corruption. In the current paper, we refine their model to get stronger security guarantees. Namely, we show how to construct protocols, where malicious participants cannot learn anything beyond their intended outputs and honest participants can detect malicious behavior that alters their outputs. As this construction does not protect honest parties from selective protocol failures, a valid corruption complaint can leak a single bit of information about the inputs of honest parties. Importantly, it is often up to the honest party to decide whether to complain or not. This potential leakage is often compensated by gains in efficiency—many standard zero-knowledge proof steps can be omitted. As a concrete practical contribution, we show how to implement consistent versions of several important cryptographic protocols such as oblivious transfer, conditional disclosure of secrets and private inference control.


Consistency equivocal and extractable commitment oblivious transfer private inference control