Secure Computation Without Authentication
In the setting of secure multiparty computation, a set of parties wish to jointly compute some function of their inputs. Such a computation must preserve certain security properties, like privacy and correctness, even if some of the participating parties or an external adversary collude to attack the honest parties. Until this paper, all protocols for general secure computation assumed that the parties can communicate reliably via authenticated channels. In this paper, we consider the feasibility of secure computation without any setup assumption.
We consider a completely unauthenticated setting, where all messages sent by the parties may be tampered with and modified by the adversary (without the honest parties being able to detect this fact). In this model, it is not possible to achieve the same level of security as in the authenticated-channel setting. Nevertheless, we show that meaningful security guarantees can be provided. In particular, we define a relaxed notion of what it means to “securely compute” a function in the unauthenticated setting. Then, we construct protocols for securely realizing any functionality in the stand-alone model, with no setup assumptions whatsoever. In addition, we construct universally composable protocols for securely realizing any functionality in the common reference string model (while still in an unauthenticated network). We also show that our protocols can be used to provide conceptually simple and unified solutions to a number of problems that were studied separately in the past, including password-based authenticated key exchange and non-malleable commitments.
- 1.Barak, B.: How to Go Beyond the Black-box Simulation Barrier. In: 42nd FOCS, pp. 106–115 (2001)Google Scholar
- 2.Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness Theorems for Noncryptographic Fault-Tolerant Distributed Computations. In: 20th STOC, pp. 1–10 (1988)Google Scholar
- 4.Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: 42nd FOCS, pp. 136–145 (2001), Full version available at http://eprint.iacr.org/2000/067
- 8.Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-Party Secure Computation. In: 34th STOC, pp. 494–503 (2002)Google Scholar
- 10.Chaum, D., Crepeau, C., Damgard, I.: Multiparty Unconditionally Secure Protocols. In: 20th STOC, pp. 11–19 (1988)Google Scholar
- 12.Dwork, C., Naor, M.: Pricing via Processing or Combating Junk Mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
- 13.Fitzi, M., Gottesman, D., Hirt, M., Holenstein, T., Smith, A.: Detectable Byzantine Agreement Secure Against Faulty Majorities. In: 21st PODC, pp. 118–126 (2002)Google Scholar
- 17.Goldreich, O., Micali, S., Wigderson, A.: How to Play Any Mental Game. In: 19th STOC, pp. 218–229 (1987)Google Scholar
- 20.Lindell, Y.: Bounded-Concurrent Secure Two-Party Computation Without Setup Assumptions. In: 35th STOC, pp. 683–692 (2003)Google Scholar
- 23.Pass, R.: Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority. In: 36th STOC, pp. 232–241 (2004)Google Scholar
- 24.Pass, R., Rosen, A.: Bounded-Concurrent Secure Two-Party Computation in a Constant Number of Rounds. In: 44th FOCS, pp. 404–413 (2003)Google Scholar
- 25.Yao, A.C.: How to Generate and Exchange Secrets. In: 27th FOCS, pp. 162–167 (1986)Google Scholar