Journal of Cryptology

, Volume 28, Issue 4, pp 745–768 | Cite as

Almost-Everywhere Secure Computation with Edge Corruptions

  • Nishanth Chandran
  • Juan A. Garay
  • Rafail Ostrovsky
Article

Abstract

We consider secure multi-party computation (MPC) in a setting where the adversary can separately corrupt not only the parties (nodes) but also the communication channels (edges), and can furthermore choose selectively and adaptively which edges or nodes to corrupt. Note that if an adversary corrupts an edge, even if the two nodes that share that edge are honest, the adversary can control the link and thus deliver wrong messages to both players. We consider this question in the information-theoretic setting, and require security against a computationally unbounded adversary.

In a fully connected network the above question is simple (and we also provide an answer that is optimal up to a constant factor). What makes the problem more challenging is to consider the case of sparse networks. Partially connected networks are far more realistic than fully connected networks, which led Garay and Ostrovsky [Eurocrypt’08] to formulate the notion of (unconditional) almost everywhere (a.e.) secure computation in the node-corruption model, i.e., a model in which not all pairs of nodes are connected by secure channels and the adversary can corrupt some of the nodes (but not the edges). In such a setting, MPC among all honest nodes cannot be guaranteed due to the possible poor connectivity of some honest nodes with other honest nodes, and hence some of them must be “given up” and left out of the computation. The number of such nodes is a function of the underlying communication graph and the adversarial set of nodes.

In this work we introduce the notion of almost-everywhere secure computation with edge corruptions, which is exactly the same problem as described above, except that we additionally allow the adversary to completely control some of the communication channels between two correct nodes—i.e., to “corrupt” edges in the network. While it is easy to see that an a.e. secure computation protocol for the original node-corruption model is also an a.e. secure computation protocol tolerating edge corruptions (albeit for a reduced fraction of edge corruptions with respect to the bound for node corruptions), no polynomial-time protocol is known in the case where a constant fraction of the edges can be corrupted (i.e., the maximum that can be tolerated) and the degree of the network is sublinear.

We make progress on this front, by constructing graphs of degree O(nϵ) (for arbitrary constant 0<ϵ<1) on which we can run a.e. secure computation protocols tolerating a constant fraction of adversarial edges. The number of given-up nodes in our construction is μn (for some constant 0<μ<1 that depends on the fraction of corrupted edges), which is also asymptotically optimal.

Key words

Almost-everywhere secure computation bounded-degree network Secure message transmission Byzantine agreement 

References

  1. [1]
    B. Barak, R. Canetti, Y. Lindell, R. Pass, T. Rabin, Secure computation without authentication, in Proceedings CRYPTO’05, The 25th Annual International Cryptology Conference, August 14–18, 2005, Santa Barbara, California, USA (2005), pp. 361–377 Google Scholar
  2. [2]
    A. Beimel, M. Franklin, Reliable communication over partially authenticated networks. Theor. Comput. Sci. 220(1), 185–210 (1999) MathSciNetCrossRefMATHGoogle Scholar
  3. [3]
    M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract), in STOC, Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, May 2–4, 1988, Chicago, Illinois, USA (1988), pp. 1–10 CrossRefGoogle Scholar
  4. [4]
    P. Berman, K. Diks, A. Pelc, Reliable broadcasting in logarithmic time with Byzantine link failures. J. Algorithms 22, 199–211 (1997). 1997 MathSciNetCrossRefMATHGoogle Scholar
  5. [5]
    P. Berman, J.A. Garay, Fast consensus in networks of bounded degree (extended abstract), in WDAG, Distributed Algorithms, the 4th International Workshop, September 24–26, 1990, Bari, Italy (1990), pp. 321–333 Google Scholar
  6. [6]
    N. Chandran, J.A. Garay, R. Ostrovsky, Improved fault tolerance and secure computation on sparse networks, in Proceedings ICALP (2), The 37th International Colloquium, ICALP 2010, Part II, July 6–10, 2010, Bordeaux, France (2010), pp. 249–260 Google Scholar
  7. [7]
    D. Chaum, C. Crépeau, I. Damgård, Multiparty unconditionally secure protocols (abstract), in STOC, Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, May 2–4, 1988, Chicago, Illinois, USA (1988), pp. 11–19 CrossRefGoogle Scholar
  8. [8]
    B. Chlebus, K. Diks, A. Pelc, Reliable broadcasting in hypercubes with random link and node failures, in Combinatorics, Probability and Computing, vol. 5 (1996) Google Scholar
  9. [9]
    K. Diks, A. Pelc, Reliable gossip schemes with random link failures, in Proc. of the 28th Annual Allerton Conference on Communication, Control and Computing, Allerton, Illinois (1990), pp. 978–987. Google Scholar
  10. [10]
    D. Dolev, The Byzantine generals strike again. J. Algorithms 3(1), 14–30 (1982) MathSciNetCrossRefMATHGoogle Scholar
  11. [11]
    D. Dolev, C. Dwork, O. Waarts, M. Yung, Perfectly secure message transmission, in FOCS, The 31st Annual Symposium on Foundations of Computer Science, October 22–24, 1990, St. Louis, Missouri, USA (1990), pp. 36–45 Google Scholar
  12. [12]
    C. Dwork, D. Peleg, N. Pippenger, E. Upfal, Fault tolerance in networks of bounded degree (preliminary version), in STOC, Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, May 28–30, 1986, Berkeley, California, USA (1986), pp. 370–379 CrossRefGoogle Scholar
  13. [13]
    M. Fitzi, J.A. Garay, Efficient player-optimal protocols for strong and differential consensus, in PODC, (2003), pp. 211–220 Google Scholar
  14. [14]
    J.A. Garay, C. Givens, R. Ostrovsky, Secure message transmission by public discussion: a brief survey, in Coding and Cryptology—The Third International Workshop, IWCC Proceedings 2011, May 30–June 3, 2011, Qingdao, China (2011), pp. 126–141 Google Scholar
  15. [15]
    J.A. Garay, R. Ostrovsky, Almost-everywhere secure computation, in EUROCRYPT, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, April 13–17, 2008, Istanbul, Turkey (2008), pp. 307–323 Google Scholar
  16. [16]
    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or a completeness theorem for protocols with honest majority, in STOC, Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, 25–27 May 1987, New York City, NY, USA (1987), pp. 218–229 Google Scholar
  17. [17]
    S.D. Gordon, J. Katz, R. Kumaresan, A. Yerukhimovich, Authenticated broadcast with a partially compromised public-key infrastructure, in Stabilization, Safety, and Security of Distributed Systems—The 12th International Symposium, Proceedings SSS 2010, September 20–22, 2010, New York, NY, USA (2010), pp. 144–158 Google Scholar
  18. [18]
    V. King, J. Saia, V. Sanwalani, E. Vee, Towards secure and scalable computation in peer-to-peer networks, in FOCS, 47th Annual IEEE Symposium on Foundations of Computer Science, 21–24 October 2006, Berkeley, California, USA (2006), pp. 87–98 Google Scholar
  19. [19]
    L. Lamport, R. Shostak, M. Pease, The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982) CrossRefMATHGoogle Scholar
  20. [20]
    M. Pease, R. Shostak, L. Lamport, Reaching agreement in the presence of faults. J. ACM 27, 228–234 (1980) MathSciNetCrossRefMATHGoogle Scholar
  21. [21]
    A. Pelc, Reliable communication in networks with Byzantine link failures. Networks 22, 441–459 (1992) CrossRefMATHGoogle Scholar
  22. [22]
    V. Shanbhogue, M. Yung, Distributed computing in asynchronous networks with Byzantine edges, in Proceedings COCOON’96, Computing and Combinatorics, Second Annual International Conference, June 17–19, 1996, Hong Kong (1996), pp. 352–360 Google Scholar
  23. [23]
    E. Upfal, Tolerating linear number of faults in networks of bounded degree, in PODC, (1992), pp. 83–89 Google Scholar
  24. [24]
    S.-C. Wang, Y.-H. Chin, K.-Q. Yan, Byzantine agreement in a generalized connected network. IEEE Trans. Parallel Distrib. Syst. 6(4), 420–427 (1995) CrossRefGoogle Scholar
  25. [25]
    S.-C. Wang, K.-Q. Yan, Revisiting fault diagnosis agreement in a new territory. Oper. Syst. Rev. 38(2), 41–61 (2004) CrossRefGoogle Scholar
  26. [26]
    K.-Q. Yan, Y.-H. Chin, S.-C. Wang, Optimal agreement protocol in malicious faulty processors and faulty links. IEEE Trans. Knowl. Data Eng. 4(3), 266–280 (1992) CrossRefGoogle Scholar
  27. [27]
    A.C.-C. Yao, Protocols for secure computations (extended abstract), in FOCS, The 23rd Annual Symposium on Foundations of Computer Science, 3–5 November 1982, Chicago, Illinois, USA (1982), pp. 160–164 Google Scholar
  28. [28]
    V. Zikas, S. Hauser, U.M. Maurer, Realistic failures in secure multi-party computation, in Theory of Cryptography, the 6th Theory of Cryptography Conference, Proceedings TCC 2009, March 15–17, 2009, San Francisco, CA, USA (2009), pp. 274–293 Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Nishanth Chandran
    • 1
  • Juan A. Garay
    • 2
  • Rafail Ostrovsky
    • 3
  1. 1.Microsoft ResearchBangaloreIndia
  2. 2.Yahoo LabsSunnyvaleUSA
  3. 3.Department of Computer Science and Department of MathematicsUCLALos AngelesUSA

Personalised recommendations