On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation

  • Yuval Ishai
  • Eyal Kushilevitz
  • Yehuda Lindell
  • Erez Petrank
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4117)


In the setting of multiparty computation, a set of parties wish to jointly compute a function of their inputs, while preserving security in the case that some subset of them are corrupted. The typical security properties considered are privacy, correctness, independence of inputs, guaranteed output delivery and fairness. Until now, all works in this area either considered the case that the corrupted subset of parties constitutes a strict minority, or the case that a half or more of the parties are corrupted. Secure protocols for the case of an honest majority achieve full security and thus output delivery and fairness are guaranteed. However, the security of these protocols is completely compromised if there is no honest majority. In contrast, protocols for the case of no honest majority do not guarantee output delivery, but do provide privacy, correctness and independence of inputs for any number of corrupted parties. Unfortunately, an adversary controlling only a single party can disrupt the computation of these protocols and prevent output delivery.

In this paper, we study the possibility of obtaining general protocols for multiparty computation that simultaneously guarantee security (allowing abort) in the case that an arbitrary number of parties are corrupted and full security (including guaranteed output delivery) in the case that only a minority of the parties are corrupted. That is, we wish to obtain the best of both worlds in a single protocol, depending on the corruption case. We obtain both positive and negative results on this question, depending on the type of the functionality to be computed (standard or reactive) and the type of dishonest majority (semi-honest or malicious).


Oblivious Transfer Honest Party Secure Multiparty Computation Malicious Adversary Corrupted Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic Fair Exchange of Digital Signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 591–606. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Barak, B., Sahai, A.: How To Play Almost Any Mental Game Over The Net - Concurrent Composition via Super-Polynomial Simulation. In: Proc. of 46th FOCS, pp. 543–552 (2005)Google Scholar
  3. 3.
    Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in a constant number of rounds. In: Proc. 8th ACM PODC, pp. 201–209 (1989)Google Scholar
  4. 4.
    Beaver, D., Goldwasser, S.: Multiparty Computation with Faulty Majority. In: Proc. of FOCS 1989, pp. 468–473 (1989)Google Scholar
  5. 5.
    Beaver, D., Micali, S., Rogaway, P.: The Round Complexity of Secure Protocols. In: 22nd STOC, pp. 503–513 (1990)Google Scholar
  6. 6.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation. In: 20th STOC, pp. 1–10 (1988)Google Scholar
  7. 7.
    Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Cachin, C., Camenisch, J.L.: Optimistic Fair Secure Computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Canetti, R.: Security and Composition of Multiparty Cryptographic Protocols. Journal of Cryptology 13(1), 143–202 (2000)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: FOCS, pp. 136–145 (2001)Google Scholar
  11. 11.
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively Secure Multi-Party Computation. In: 28th STOC, pp. 639–648 (1996)Google Scholar
  12. 12.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-Party Computation. In: 34th STOC, pp. 494–503 (2002)Google Scholar
  13. 13.
    Chaum, D., Crépeau, C., Damgård, I.: Multi-party Unconditionally Secure Protocols. In: 20th STOC, pp. 11–19 (1988)Google Scholar
  14. 14.
    Cleve, R.: Limits on the Security of Coin Flips when Half the Processors Are Faulty. In: Proc. of STOC 1986, pp. 364–369 (1986)Google Scholar
  15. 15.
    Cramer, R., Damgård, I.B., Dziembowski, S., Hirt, M., Rabin, T.: Efficient Multiparty Computations Secure against an Adaptive Adversary. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 311–326. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Cramer, R., Damgård, I., Fehr, S.: On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 503–523. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Cramer, R., Damgård, I.B., Maurer, U.M.: General secure multi-party computation from any linear secret-sharing scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 316–334. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Cramer, R., Damgård, I.B., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Damgård, I., Nielsen, J.: Multiparty Computation from Threshold Homomorphic Encryption. In: CRYPTO 2003: 247-264Google Scholar
  20. 20.
    Damgård, I.B., Ishai, Y.: Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 378–394. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Even, S., Goldreich, O., Lempel, A.: A Randomized Protocol for Signing Contracts. Communications of the ACM 28(6), 637–647 (1985)CrossRefMathSciNetGoogle Scholar
  22. 22.
    Fitzi, M., Hirt, M., Holenstein, T., Wullschleger, J.: Two-Threshold Broadcast and Detectable Multi-party Computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 51–67. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Fitzi, M., Hirt, M., Maurer, U.M.: Trading Correctness for Privacy in Unconditional Multi-party Computation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 121–136. Springer, Heidelberg (1998)Google Scholar
  24. 24.
    Fitzi, M., Holenstein, T., Wullschleger, J.: Multi-party Computation with Hybrid Security. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 419–438. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Garay, J.A., MacKenzie, P.D., Yang, K.: Efficient and Universally Composable Committed Oblivious Transfer and Applications. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 297–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Garay, J.A., MacKenzie, P.D., Prabhakaran, M., Yang, K.: Resource Fairness and Composability of Cryptographic Protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 404–428. Springer, Heidelberg (2006); Also appears in Cryptology ePrint Archive, Report 2005/370. CrossRefGoogle Scholar
  27. 27.
    Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)MATHCrossRefGoogle Scholar
  28. 28.
    Goldreich, O., Micali, S., Wigderson, A.: How to Play any Mental Game – A Completeness Theorem for Protocols with Honest Majority. In: 19th STOC, pp. 218–229 (1987), For details see [27]Google Scholar
  29. 29.
    Goldwasser, S., Levin, L.: Fair Computation of General Functions in Presence of Immoral Majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  30. 30.
    Goldwasser, S., Lindell, Y.: Secure Multi-Party Computation without Agreement. J. Cryptology 18(3), 247–287 (2005) (Preliminary version in DISC 2002)MATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Hirt, M., Maurer, U.M.: Robustness for Free in Unconditional Multi-party Computation. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 101–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  32. 32.
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: Proc. 41st FOCS, pp. 294–304 (2000)Google Scholar
  33. 33.
    Katz, J., Ostrovsky, R.: Round-Optimal Secure Two-Party Computation. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 335–354. Springer, Heidelberg (2004)Google Scholar
  34. 34.
    Katz, J., Ostrovsky, R., Smith, A.: Round Efficiency of Multi-party Computation with a Dishonest Majority. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 578–595. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  35. 35.
    Lepinski, M., Micali, S., Peikert, C., Shelat, A.: Completely fair SFE and coalition-safe cheap talk. In: Proc. PODC 2004, pp. 1–10 (2004)Google Scholar
  36. 36.
    Lindell, Y.: Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation. J. Cryptology 16(3), 143–184 (2003) (Preliminary version in Crypto 2001)MATHCrossRefMathSciNetGoogle Scholar
  37. 37.
    Luby, M., Micali, S., Rackoff, C.: How to Simultaneously Exchange a Secret Bit by Flipping a Symmetrically-Biased Coin. In: 24th FOCS, pp. 11–21 (1983)Google Scholar
  38. 38.
    Pass, R.: Bounded-Concurrent Secure Multi-Party Computation With a Dishonest Majority. In: Proc. STOC 2004, pp. 232–241 (2004)Google Scholar
  39. 39.
    Pass, R., Rosen, A.: Bounded-Concurrent Secure Two-Party Computation in a Constant Number of Rounds. In: Proc. FOCS 2003, pp. 404–413 (2005)Google Scholar
  40. 40.
    Pfitzmann, B., Waidner, M.: Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3. IBM Research Report RZ 2882 (#90830), IBM Research Division, Zurich (1996)Google Scholar
  41. 41.
    Rabin, T., Ben-Or, M.: Verifiable Secret Sharing and Multiparty Protocols with Honest Majority. In: Proc. 21st STOC, pp. 73–85. ACM, New York (1989)Google Scholar
  42. 42.
    Shamir, A.: How to share a secret. Commun. ACM 22(6), 612–613 (1979)MATHCrossRefMathSciNetGoogle Scholar
  43. 43.
    Yao, A.: How to Generate and Exchange Secrets. In: 27th FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yuval Ishai
    • 1
  • Eyal Kushilevitz
    • 1
  • Yehuda Lindell
    • 2
  • Erez Petrank
    • 1
  1. 1.Technion 
  2. 2.Bar-Ilan University 

Personalised recommendations