On the Feasibility of Consistent Computations

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6056)


In many practical settings, participants are willing to deviate from the protocol only if they remain undetected. Aumann and Lindell introduced a concept of covert adversaries to formalize this type of corruption. In the current paper, we refine their model to get stronger security guarantees. Namely, we show how to construct protocols, where malicious participants cannot learn anything beyond their intended outputs and honest participants can detect malicious behavior that alters their outputs. As this construction does not protect honest parties from selective protocol failures, a valid corruption complaint can leak a single bit of information about the inputs of honest parties. Importantly, it is often up to the honest party to decide whether to complain or not. This potential leakage is often compensated by gains in efficiency—many standard zero-knowledge proof steps can be omitted. As a concrete practical contribution, we show how to implement consistent versions of several important cryptographic protocols such as oblivious transfer, conditional disclosure of secrets and private inference control.


Consistency equivocal and extractable commitment oblivious transfer private inference control 


  1. 1.
    Aiello, W., Ishai, Y., Reingold, O.: Priced Oblivious Transfer: How to Sell Digital Goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Aumann, Y., Lindell, Y.: Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 137–156. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Goldreich, O.: On Defining Proofs of Knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)Google Scholar
  4. 4.
    Boneh, D., Goh, E.J., Nissim, K.: Evaluating 2-DNF Formulas on Ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Buldas, A., Laur, S.: Knowledge-Binding Commitments with Applications in Time-Stamping. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 150–165. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Cachin, C., Camenisch, J.: Optimistic Fair Secure Computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Neven, G., Shelat, A.: Simulatable Adaptive Oblivious Transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Canetti, R.: Security and Composition of Multiparty Cryptographic Protocols. Journal of Cryptology 13(1), 143–202 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Canetti, R., Ostrovsky, R.: Secure Computation with Honest-Looking Parties: What If Nobody Is Truly Honest? In: Proc. of STOC 1999, pp. 255–264. ACM Press, New York (1999)Google Scholar
  10. 10.
    Cramer, R., Damgård, I.: Linear zero-knowledge – a note on efficient zero-knowledge proofs and arguments. In: Proc. of STOC 1997, pp. 436–445. ACM Press, New York (1997)Google Scholar
  11. 11.
    Crépeau, C., van de Graaf, J., Tapp, A.: Committed Oblivious Transfer and Private Multi-Party Computation. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 110–123. Springer, Heidelberg (1995)Google Scholar
  12. 12.
    Crescenzo, G.D., Ishai, Y., Ostrovsky, R.: Non-Interactive and Non-Malleable Commitment. In: Proc. of STOC 1998, pp. 141–150. ACM Press, New York (1998)Google Scholar
  13. 13.
    Di Crescenzo, G.: Equivocable And Extractable Commitment Schemes. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 74–87. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Di Crescenzo, G., Lipmaa, H.: Succinct NP Proofs from An Extractability Assumption. In: Beckmann, A., Dimitracopoulos, C., Löwe, B. (eds.) CiE 2008. LNCS, vol. 5028, pp. 175–185. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Franklin, M.K., Yung, M.: Communication complexity of secure computation. In: Proc. of STOC 1992, pp. 699–710. ACM Press, New York (1992)Google Scholar
  16. 16.
    Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: Proc. of STOC 2009, pp. 169–178. ACM Press, New York (2009)Google Scholar
  17. 17.
    Gentry, C., Ramzan, Z.: Single-Database Private Information Retrieval with Constant Communication Rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  19. 19.
    Goldreich, O.: On Expected Probabilistic Polynomial-Time Adversaries: A Suggestion for Restricted Definitions and Their Benefits. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 174–193. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Laur, S., Lipmaa, H.: On the Feasibility of Consistent Computations. Eprint 2006/088Google Scholar
  21. 21.
    Laur, S., Lipmaa, H.: A New Protocol for Conditional Disclosure of Secrets And Its Applications. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 207–225. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Lipmaa, H.: An Oblivious Transfer Protocol with Log-Squared Communication. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005)Google Scholar
  23. 23.
    Mohassel, P., Franklin, M.K.: Efficiency Tradeoffs for Malicious Two-Party Computation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 458–473. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Naor, M., Nissim, K.: Communication Preserving Protocols for Secure Function Evaluation. In: Proc. of STOC 2001, pp. 590–599. ACM Press, New York (2001)Google Scholar
  25. 25.
    Ogata, W., Kurosawa, K.: Oblivious Keyword Search. Journal of Complexity 20(2–3), 356–371 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  27. 27.
    Pedersen, T.P.: Non-Interactive And Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  28. 28.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A Framework for Efficient And Composable Oblivious Transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)Google Scholar
  29. 29.
    Santis, A.D., Crescenzo, G.D., Persiano, G.: Necessary and Sufficient Assumptions for Non-iterative Zero-Knowledge Proofs of Knowledge for All NP Relations. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 451–462. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  30. 30.
    Stern, J.P.: A New And Efficient All Or Nothing Disclosure of Secrets Protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 357–371. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  31. 31.
    Woodruff, D.P., Staddon, J.: Private Inference Control. In: Proc. of ACMCCS 2004, pp. 188–197. ACM Press, New York (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.University of TartuEstonia
  2. 2.Cybernetica ASEstonia
  3. 3.Tallinn UniversityEstonia

Personalised recommendations