A Dynamic Tradeoff between Active and Passive Corruptions in Secure Multi-Party Computation

  • Martin Hirt
  • Ueli Maurer
  • Christoph Lucas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8043)


At STOC ’87, Goldreich et al. presented two protocols for secure multi-party computation (MPC) among n parties: The first protocol provides passive security against t < n corrupted parties. The second protocol provides even active security, but only against t < n/2 corrupted parties. Although these protocols provide security against the provably highest possible number of corruptions, each of them has its limitation: The first protocol is rendered completely insecure in presence of a single active corruption, and the second protocol is rendered completely insecure in presence of ⌈n/2 ⌉ passive corruptions.

At Crypto 2006, Ishai et al. combined these two protocols into a single protocol which provides passive security against t < n corruptions and active security against t < n/2 corruptions. This protocol unifies the security guarantees of the passive world and the active world (“best of both worlds”). However, the corruption threshold t < n can be tolerated only when all corruptions are passive. With a single active corruption, the threshold is reduced to t < n/2.

As our main result, we introduce a dynamic tradeoff between active and passive corruptions: We present a protocol which provides security against t < n passive corruptions, against t < n/2 active corruptions, and everything in between. In particular, our protocol provides full security against k active corruptions, as long as less than n − k parties are corrupted in total, for any unknown k.

The main technical contribution is a new secret sharing scheme that, in the reconstruction phase, releases secrecy gradually. This allows to construct non-robust MPC protocols which, in case of an abort, still provide some level of secrecy. Furthermore, using similar techniques, we also construct protocols for reactive MPC with hybrid security, i.e., different thresholds for secrecy, correctness, robustness, and fairness. Intuitively, the more corrupted parties, the less security is guaranteed.


Multi-party computation gradual secret sharing computational security mixed adversary 


  1. [Bea91]
    Beaver, D.: Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. Journal of Cryptology 4(2), 75–122 (1991)CrossRefMATHGoogle Scholar
  2. [BGW88]
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC 1988, pp. 1–10. ACM (1988)Google Scholar
  3. [Blu83]
    Blum, M.: How to exchange (secret) keys (extended abstract). In: STOC 1983, pp. 440–447. ACM (1983)Google Scholar
  4. [CCD88]
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: STOC 1988, pp. 11–19. ACM (1988)Google Scholar
  5. [Cha89]
    Chaum, D.: The spymasters double-agent problem: Multiparty computations secure unconditionally from minorities and cryptograhically from majorities. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 591–602. Springer, Heidelberg (1990)Google Scholar
  6. [DDWY93]
    Dolev, D., Dwork, C., Waarts, O., Yung, M.: Perfectly secure message transmission. Journal of the ACM 40(1), 17–47 (1993)MathSciNetCrossRefMATHGoogle Scholar
  7. [DS82]
    Dolev, D., Strong, H.R.: Polynomial algorithms for multiple processor agreement. In: STOC 1982, pp. 401–407. ACM (1982)Google Scholar
  8. [FHHW03]
    Fitzi, M., Hirt, M., Holenstein, T., Wullschleger, J.: Two-threshold broadcast and detectable multi-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 51–67. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. [FHM98]
    Fitzi, M., Hirt, M., Maurer, U.M.: Trading correctness for privacy in unconditional multi-party computation (extended abstract). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 121–136. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. [FHW04]
    Fitzi, M., Holenstein, T., Wullschleger, J.: Multi-party computation with hybrid security. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 419–438. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC 1987, pp. 218–229. ACM (1987)Google Scholar
  12. [Gol04]
    Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press (2004)Google Scholar
  13. [HLMR11]
    Hirt, M., Lucas, C., Maurer, U., Raub, D.: Graceful degradation in multi-party computation (extended abstract). In: Fehr, S. (ed.) ICITS 2011. LNCS, vol. 6673, pp. 163–180. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. [HLMR12]
    Hirt, M., Lucas, C., Maurer, U., Raub, D.: Passive corruption in statistical multi-party computation. In: Smith, A. (ed.) ICITS 2012. LNCS, vol. 7412, pp. 129–146. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. [HMZ08]
    Hirt, M., Maurer, U., Zikas, V.: MPC vs. SFE: Unconditional and computational security. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 1–18. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. [IKLP06]
    Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: On combining privacy with guaranteed output delivery in secure multiparty computation. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 483–500. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. [Kat07]
    Katz, J.: On achieving the “best of both worlds” in secure multiparty computation. In: STOC 2007, pp. 11–20. ACM (2007)Google Scholar
  18. [LRM10]
    Lucas, C., Raub, D., Maurer, U.: Hybrid-secure MPC: Trading information-theoretic robustness for computational privacy. In: PODC 2010, pp. 219–228. ACM (2010)Google Scholar
  19. [Ped91]
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  20. [RB89]
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: STOC 1989, pp. 73–85. ACM (1989)Google Scholar
  21. [Sha79]
    Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)MathSciNetCrossRefMATHGoogle Scholar
  22. [Yao82]
    Yao, A.C.: Protocols for secure computations (extended abstract). In: FOCS 1982, pp. 160–164. IEEE (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Martin Hirt
    • 1
  • Ueli Maurer
    • 1
  • Christoph Lucas
    • 2
  1. 1.ETH ZurichSwitzerland
  2. 2.ETH Zurich and Ergon Informatik AGSwitzerland

Personalised recommendations