Journal of Cryptology

, Volume 4, Issue 2, pp 75–122 | Cite as

Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority

  • Donald Beaver


A multiparty protocol to compute a function f(x1, ..., x n ) operates as follows: each of n processors holds an input x i , and jointly they must compute and reveal f(x1, ..., x n ) without revealing any additional information about the inputs. The processors are connected by secure communication lines but some number of processors may be corrupted by a resource-unbounded adversary that may attempt to interfere with the protocol or to gain extra information. Ben-Or, Goldwasser, Wigderson, Chaum, Crépeau, and Damgård have given protocols tolerating faults in t<n/3 processors. We improve the bound to t<n/2; as long as a majority remains uncorrupted, general and secure computations are achievable. To address and prove the security of our results, we introduce concise definitions for security and fault-tolerance. In particular, our notion of relative resilience—a means to compare the security and fault-tolerance of one protocol with that of another in a formal manner—provides a key tool for understanding and proving protocol security.

Key words

Distributed computing Fault tolerance Secret sharing Zero knowledge Proof systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    L. Babai, S. Moran. Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes. J. Comput. System Sci. 36 (1988), 254–276.Google Scholar
  2. [2]
    J. Bar-Ilan, D. Beaver, Non-Cryptographic Fault-Tolerant Computing in a Constant Expected Number of Rounds of Interaction. Proc. PODC, ACM, New York, 1989, pp. 201–209.Google Scholar
  3. [3]
    D. Beaver. Secure Multiparty Protocols Tolerating Half Faulty Processors. Proceedings of Crypto 1989, ACM, New York, 1989. Also appeared as Technical Report TR-19–88, Harvard University, September, 1988.Google Scholar
  4. [4]
    D. Beaver. Perfect Privacy for Two-Party Protocols. Proc. DIMACS Workshop on Distributed Computing and Cryptography, Princeton, NJ, October, 1989, J. Feigenbaum, M. Merritt (eds.). Preliminary version in Technical Report TR-11-89, Harvard University.Google Scholar
  5. [5]
    D. Beaver. Formal Definitions for Secure Distributed Protocols Proc. DIMACS Workshop on Distributed Computing and Cryptography, Princeton, NJ, October, 1989, J. Feigenbaum, M. Merritt (eds.).Google Scholar
  6. [6]
    D. Beaver. Security, Fault Tolerance, and Communication Complexity in Distributed Systems. Ph.D. Thesis, Harvard University, 1990.Google Scholar
  7. [7]
    D. Beaver, J. Feigenbaum. Hiding Instances in Multioracle Queries. Proc. 7th STACS, Lecture Notes in Computer Science, vol. 415, Springer-Verlag, Berlin, 1990, pp. 37–48. Also appeared as Hiding Information from Several Oracles, Technical Report TR-10–89, Harvard University, May 1, 1989.Google Scholar
  8. [8]
    D. Beaver, J. Feigenbaum, J. Kilian, P. Rogaway. Cryptographic Applications of Locally Random Reductions. Proc. Crypto 1990. Also appeared as AT&T Bell Laboratories Technical Memorandum, November 15, 1989.Google Scholar
  9. [9]
    D. Beaver, J. Feigenbaum, V. Shoup. Hiding Instances in Zero-Knowledge Proof Systems. Proc. Crypto 1990.Google Scholar
  10. [10]
    D. Beaver, S. Goldwasser. Multiparty Computation with Faulty Marjority. Proc. 30th FOCS, IEEE, New York, 1989, pp. 468–473.Google Scholar
  11. [11]
    D. Beaver, S. Haber, M. Yung. Protocols Secure Against Dynamic Adversaries. In preparation, 1990.Google Scholar
  12. [12]
    D. Beaver, S. Micali, P. Rogaway. The Round Complexity of Secure Protocols. Proc. 22nd STOC, ACM, New York, 1990, pp. 503–513.Google Scholar
  13. [13]
    J. Benaloh. Verifiable Secret Ballot Elections. Ph.D. Thesis, Yale University, 1987.Google Scholar
  14. [14]
    M. Ben-Or, S. Goldwasser, A. Wigderson. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation. Proc. 20th STOC, ACM, New York, 1988, pp. 1–10.Google Scholar
  15. [15]
    D. Chaum, C. Crépeau, I. Damgård. Multiparty Unconditionally Secure Protocols. Proc. 20th STOC, ACM, New York, 1988, pp. 11–19.Google Scholar
  16. [16]
    B. Chor, S. Goldwasser, S. Micali, B. Awerbuch. Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults. Proc. 17th STOC, ACM, New York, 1985, pp. 383–395.Google Scholar
  17. [17]
    B. Chor, E. Kushilevitz. A Zero-One Law for Boolean Privacy. Proc. 21st STOC, ACM, New York, 1989, pp. 62–72.Google Scholar
  18. [18]
    Z. Galil, S. Haber, M. Yung. Cryptographic Computation: Secure Fault-Tolerant Protocols and the Public-Key Model. Proc. Crypto 1987, Springer-Verlag, Berlin, 1988, pp. 135–155.Google Scholar
  19. [19]
    Z. Galil, S. Haber, M. Yung. Minimum-Knowledge Interactive Proofs for Decision Problems. SIAM J. Comput. 18: 4 (1989), 711–739.Google Scholar
  20. [20]
    O. Goldreich, S. Micali, A. Wigderson. Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design. Proc. 27th FOCS, IEEE, New York, 1986, pp. 174–187.Google Scholar
  21. [21]
    O. Goldreich, S. Micali, A. Wigderson. How to Play Any Mental Game, or A Completeness Theorem for Protocols with Honest Majority. Proc. 19th STOC, ACM, New York, 1987, pp. 218–229.Google Scholar
  22. [22]
    S. Goldwasser, L. Levin. Fair Computation of General Functions in Presence of Immoral Majority. Proc. Crypto 1990.Google Scholar
  23. [23]
    S. Goldwasser, S. Micali, C. Rackoff. The Knowledge Complexity of Interactive Proof Systems. SIAM J. Comput. 18: 1 (1989), 186–208.Google Scholar
  24. [24]
    S. Goldwasser, M. Sipser. Private Coins vs. Public Coins in Interactive Proof Systems. Proc. 18th STOC, ACM, New York, 1986, pp. 59–68.Google Scholar
  25. [25]
    S. Haber, S. Micali. Personal communication, 1987.Google Scholar
  26. [26]
    J. Kilian, S. Micali, P. Rogaway. The Notion of Secure Computation. Unpublished manuscript, 1990.Google Scholar
  27. [27]
    E. Kushilevitz. Privacy and Communication Complexity. Proc. 30th FOCS, IEEE, New York, 1989, pp. 26–421.Google Scholar
  28. [28]
    T. Rabin. Robust Sharing of Secrets When the Dealer is Honest or Cheating. Masters Thesis, Hebrew University, 1988.Google Scholar
  29. [29]
    T. Rabin, M. Ben-Or. Verifiable Secret Sharing and Multiparty Protocols with Honest Majority. Proc. 21st STOC, ACM, New York, 1989, pp. 73–85.Google Scholar
  30. [30]
    P. Rogaway. The Round Complexity of Secure Protocols. Ph.D. Thesis, Massachusetts Institute of Technology, 1990.Google Scholar
  31. [31]
    A. Shamir. How To Share a Secret. Comm. ACM 22 (1979), 612–613.Google Scholar

Copyright information

© International Association for Cryptologic Research 1991

Authors and Affiliations

  • Donald Beaver
    • 1
  1. 1.AT&T Bell LaboratoriesMurray HillUSA

Personalised recommendations