Advertisement

1/p-Secure Multiparty Computation without Honest Majority and the Best of Both Worlds

  • Amos Beimel
  • Yehuda Lindell
  • Eran Omri
  • Ilan Orlov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)

Abstract

A protocol for computing a functionality is secure if an adversary in this protocol cannot cause more harm than in an ideal computation, where parties give their inputs to a trusted party which returns the output of the functionality to all parties. In particular, in the ideal model such computation is fair – all parties get the output. Cleve (STOC 1986) proved that, in general, fairness is not possible without an honest majority. To overcome this impossibility, Gordon and Katz (Eurocrypt 2010) suggested a relaxed definition – 1/p-secure computation – which guarantees partial fairness. For two parties, they construct 1/p-secure protocols for functionalities for which the size of either their domain or their range is polynomial (in the security parameter). Gordon and Katz ask whether their results can be extended to multiparty protocols.

We study 1/p-secure protocols in the multiparty setting for general functionalities. Our main result is constructions of 1/p-secure protocols that are resilient against any number of corrupt parties provided that the number of parties is constant and the size of the range of the functionality is at most polynomial (in the security parameter n). If less than 2/3 of the parties are corrupt, the size of the domain is constant, and the functionality is deterministic, then our protocols are efficient even when the number of parties is log log n. On the negative side, we show that when the number of parties is super-constant, 1/p-secure protocols are not possible when the size of the domain is polynomial. Thus, our feasibility results for 1/p-secure computation are essentially tight.

We further motivate our results by constructing protocols with stronger guarantees: If in the execution of the protocol there is a majority of honest parties, then our protocols provide full security. However, if only a minority of the parties are honest, then our protocols are 1/p-secure. Thus, our protocols provide the best of both worlds, where the 1/p-security is only a fall-back option if there is no honest majority.

Keywords

Security Parameter Impossibility Result Active Party Honest Party Secure Multiparty Computation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Beaver, D., Goldwasser, S.: Multiparty computation with faulty majority. In: 30th FOCS, pp. 468–473 (1989)Google Scholar
  2. 2.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: 22nd STOC, pp. 503–513 (1990)Google Scholar
  3. 3.
    Beimel, A., Omri, E., Orlov, I.: Protocols for multiparty coin toss with dishonest majority. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 538–557. Springer, Heidelberg (2010)Google Scholar
  4. 4.
    Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.: A fair protocol for signing contracts. In: 12th ICALP, pp. 43–52 (1985)Google Scholar
  5. 5.
    Blum, M.: How to exchange (secret) keys. ACM Trans. Comput. Syst. 1(2), 175–193 (1983)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: 18th STOC, pp. 364–369 (1986)Google Scholar
  8. 8.
    Cleve, R.: Controlled gradual disclosure schemes for random bits and their applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 573–588. Springer, Heidelberg (1990)Google Scholar
  9. 9.
    Damgård, I.: Practical and provably secure release of a secret and exchange of signatures. J. of Cryptology 8(4), 201–222 (1995)zbMATHCrossRefGoogle Scholar
  10. 10.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. CACM 28(6), 637–647 (1985)MathSciNetGoogle Scholar
  11. 11.
    Galil, Z., Haber, S., Yung, M.: Cryptographic computation: Secure fault tolerant protocols and the public-key model. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 135–155. Springer, Heidelberg (1988)Google Scholar
  12. 12.
    Garay, J.A., MacKenzie, P.D., Prabhakaran, M., Yang, K.: Resource fairness and composability of cryptographic protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 404–428. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: 19th STOC, pp. 218–229 (1987)Google Scholar
  14. 14.
    Goldwasser, S., Levin, L.: Fair computation of general functions in presence of immoral majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  15. 15.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. In: 40th STOC, pp. 413–422 (2008)Google Scholar
  16. 16.
    Gordon, D. S., Ishai, Y., Moran, T., Ostrovsky, R., Sahai, A.: On complete primitives for fairness. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 91–108. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Gordon, S.D., Katz, J.: Complete fairness in multi-party computation without an honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 19–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 157–176. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Ishai, Y., Katz, J., Kushilevitz, E., Lindell, Y., Petrank, E.: On achieving the “best of both world” in secure multiparty computation. SIAM J. on Computing 40(1) (2011) (Journal version of [20, 21])Google Scholar
  20. 20.
    Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: On combining privacy with guaranteed output delivery in secure multiparty computation. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 483–500. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Katz, J.: On achieving the “best of both worlds” in secure multiparty computation. In: 39th STOC, pp. 11–20 (2007)Google Scholar
  22. 22.
    Luby, M., Micali, S., Rackoff, C.: How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin. In: 24th FOCS, pp. 11–21 (1983)Google Scholar
  23. 23.
    Moran, T., Naor, M., Segev, G.: An optimally fair coin toss. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 1–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Pass, R.: Bounded-concurrent secure multi-party computation with a dishonest majority. In: 36th STOC, pp. 232–241 (2004)Google Scholar
  25. 25.
    Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Yao, A.C.: How to generate and exchange secrets. In: 27th FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Amos Beimel
    • 1
  • Yehuda Lindell
    • 2
  • Eran Omri
    • 2
  • Ilan Orlov
    • 1
  1. 1.Dept. of Computer ScienceBen Gurion UniversityIsrael
  2. 2.Dept. of Computer ScienceBar Ilan UniversityIsrael

Personalised recommendations