Advertisement

Trading correctness for privacy in unconditional multi-party computation

Extended abstract
  • Matthias Fitzi
  • Martin Hirt
  • Ueli Maurer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1462)

Abstract

This paper improves on the classical results in unconditionally secure multi-party computation among a set of n players, by considering a model with three simultaneously occurring types of player corruption: the adversary can actively corrupt (i.e. take full control over) up to t a players and, additionally, can passively corrupt (i.e. read the entire information of) up to t p players and fail-corrupt (i.e. stop the computation of) up to t f other players. The classical results in multi-party computation are for the special cases of only passive (t a=t f = 0) or only active (t p=t f = 0) corruption. In the passive case, every function can be computed securely if and only if t p < n/2. In the active case, every function can be computed securely if and only if t a < n/3; when a broadcast channel is available, then this bound is t a < n/2. These bounds are tight.

Strictly improving these results, one of our results states that, in addition to tolerating t a < n/3 actively corrupted players, privacy can be guaranteed against every minority, thus tolerating additional t pn/6 passively corrupted players. These protocols require no broadcast and have an exponentially small failure probability. When zero failure probability is required, privacy can be maintained against any minority, but one can even tolerate t an/4 of these players to be corrupted actively. We further show that the bound t < n/2 for passive corruption holds even if the adversary is additionally allowed to make the passively corrupted players fail.

Moreover, we characterize completely the achievable thresholds t a, t p and t f for four scenarios. Zero failure probability is achievable if and only if 2t a + 2t p + t f < n and 3t a + t p + t f < n; this holds whether or not a broadcast channel is available. Exponentially small failure probability with a broadcast channel is achievable if and only if 2t a + 2t p + t f<n; without broadcast, the additional condition 3t a + t f < n is necessary and sufficient.

Key words

Secure multi-party computation unconditional security verifiable secret sharing threshold cryptography 

References

  1. [BGW88]
    M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proc. 20th ACM Symposium on the Theory of Computing (STOC), pages 1–10, 1988.Google Scholar
  2. [Can95]
    R. Canetti. Studies in Secure Multiparty Computation and Applications. PhD thesis, Weizmann Institute of Science, Rehovot 76100, Israel, June 1995.Google Scholar
  3. [Can97]
    R. Canetti. Modular composition of multi-party cryptographic protocols, Nov. 1997. Manuscript.Google Scholar
  4. [Can98]
    R. Canetti. Security and composition of multi-party cryptographic protocols, June 1998. Manuscript.Google Scholar
  5. [CCD88]
    D. Chaum, C. Crépeau, and I. Damgård. Multiparty unconditionally secure protocols (extended abstract). In Proc. 20th ACM Symposium on the Theory of Computing (STOC), pages 11–19, 1988.Google Scholar
  6. [CDG87]
    D. Chaum, I. Damgård, and J. van de Graaf. Multiparty computations ensuring privacy of each party's input and correctness of the result. In Advances in Cryptology — CRYPTO '87, volume 293 of Lecture Notes in Computer Science, pages 87–119. Springer-Verlag, 1987.Google Scholar
  7. [CDM98]
    R. Cramer, I. Damgård, and U. Maurer. Span programs and general multi-party computation. Manuscript, 1998.Google Scholar
  8. [CFGN96]
    R. Canetti, U. Feige, O. Goldreich, and M. Naor. Adaptively secure multi-party computation. In Proc. 28th ACM Symposium on the Theory of Computing (STOC), pages 639–648, Nov. 1996.Google Scholar
  9. [CFSY96]
    R. Cramer, M. K. Franklin, B. Schoenmakers, and M. Yung. Multi-authority secret-ballot elections with linear work. In Advances in Cryptology — EUROCRYPT '96, volume 1070 of lecture Notes in Computer Science, pages 72–83. IACR, Springer-Verlag, May 1996.Google Scholar
  10. [CG96]
    R. Canetti and R. Gennaro. Incoercible multiparty computation. In Proc. 37th IEEE Symposium on the Foundations of Computer Science (FOCS), 1996.Google Scholar
  11. [CGKS95]
    B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. In Proc. 36th IEEE Symposium on the Foundations of Computer Science (FOCS), pages 41–51, Oct. 1995.Google Scholar
  12. [CGT95]
    C. Crépeau, J. van de Graaf, and A. Tapp. Committed oblivious transfer and private multi-party computation. In Advances in Cryptology — CRYPTO '95, volume 963 of Lecture Notes in Computer Science, pages 110–123. Springer-Verlag, 1995.Google Scholar
  13. [Cha89]
    D. Chaum. The spymasters double-agent problem. In Advances in Cryptology — CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 591–602. Springer-Verlag, 1989.Google Scholar
  14. [DDWY93]
    D. Dolev, C. Dwork, O. Waarts, and M. Yung. Perfectly secure message transmission. Journal of the ACM, 40(1): 17–47, Jan. 1993.MATHMathSciNetCrossRefGoogle Scholar
  15. [Dwo90]
    C. Dwork. Strong verifiable secret sharing. In Proc. 4th International Workshop on Distributed Algorithms '90, volume 486 of Lecture Notes in Computer Science, pages 213–227. Springer-Verlag, 1990.Google Scholar
  16. [FKN94]
    U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In Proc. 26th ACM Symposium on the Theory of Computing (STOC), pages 554–563, 1994.Google Scholar
  17. [FM88]
    P. Feldman and S. Micali. Optimal algorithms for Byzantine agreement. In Proc. 20th ACM Symposium on the Theory of Computing (STOC), pages 148–161, 1988.Google Scholar
  18. [FR96]
    M. K. Franklin and M. K. Reiter. The design and implementation of a secure auction service. IEEE Transactions on Software Engineering, 22(5):302–312, May 1996.CrossRefGoogle Scholar
  19. [Fra93]
    M. K. Franklin. Complexity and Security of Distributed Protocols. PhD thesis, Columbia University, 1993.Google Scholar
  20. [FY92]
    M. K. Franklin and M. Yung. Communication complexity of secure computation. In Proc. 24th ACM Symposium on the Theory of Computing (STOC), pages 699–710, 1992.Google Scholar
  21. [GHY87]
    Z. Galil, S. Haber, and M. Yung. Cryptographic computation: Secure fault-tolerant protocols and the public-key model. In Advances in Cryptology — CRYPTO '87, volume 293 of Lecture Notes in Computer Science, pages 135–155. Springer-Verlag, 1987.Google Scholar
  22. [GJKR96a]
    R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and efficient sharing of RSA functions. In Advances in Cryptology — CRYPTO '96, volume 1109 of Lecture Notes in Computer Science, pages 157–172. Springer-Verlag, Aug. 1996.Google Scholar
  23. [GJKR96b]
    R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold DSS signatures. In Advances in Cryptology — EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 354–371. Springer-Verlag, May 1996.Google Scholar
  24. [GM93]
    J. A. Garay and Y. Moses. Fully polynomial Byzantine agreement in t + 1 rounds (extended abstract). In Proceedings of the Twenty-Fifth Annual ACM Symposium on Theory of Computing, pages 31–41, San Diego, California, May 1993.Google Scholar
  25. [GMW87]
    O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game — a completeness theorem for protocols with honest majority. In Proc. 19th ACM Symposium on the Theory of Computing (STOC), pages 218–229, 1987.Google Scholar
  26. [GRR98]
    R. Gennaro, M. O. Rabin, and T. Rabin. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In Proc. 17th ACM Symposium on Principles of Distributed Computing (PODC), 1998.Google Scholar
  27. [HM97]
    M. Hirt and U. Maurer. Complete characterization of adversaries tolerable in secure multi-party computation. In Proc. 16th ACM Symposium on Principles of Distributed Computing (PODC), pages 25–34, Aug. 1997.Google Scholar
  28. [KO97]
    E. Kushilevitz and R. Ostrovsky. Replication is not needed: Single data base computationally-private information retrieval. In Proc. 38th IEEE Symposium on the Foundations of Computer Science (FOCS), pages 364–373, 1997.Google Scholar
  29. [Kus89]
    E. Kushilevitz. Privacy and communication complexity (extended abstract). In Proc. 30th IEEE Symposium on the Foundations of Computer Science (FOCS), pages 416–421, 1989.Google Scholar
  30. [KY]
    A. Karlin and A. C. Yao. Unpublished manuscript.Google Scholar
  31. [LSP82]
    L. Lamport, R. Shostak, and M. Pease. The Byzantine generals problem. ACM Transactions on Programming Languages and Systems, 4(3):382–401, July 1982.MATHCrossRefGoogle Scholar
  32. [MP91]
    F. J. Meyer and D. K. Pradhan. Consensus with dual failure modes. In IEEE Transactions on Parallel and Distributed Systems '91, volume 2, pages 214–221, 1991.CrossRefGoogle Scholar
  33. [MS81]
    R. J. McEliece and D. V. Sarwate. On sharing secrets and Reed-Solomon codes. Communications of the ACM, 24:583–584, 1981.MathSciNetCrossRefGoogle Scholar
  34. [RB89]
    T. Rabin and M. Ben-Or. Verifiable secret sharing and multiparty protocols with honest majority. In Proc. 21st ACM Symposium on the Theory of Computing (STOC), pages 73–85, 1989.Google Scholar
  35. [SDFY94]
    A. de Santis, Y. Desmedt, Y. Frankel, and M. Yung. How to share a function securely. In Proc. 26th ACM Symposium on the Theory of Computing (STOC), pages 522–533, 1994.Google Scholar
  36. [Sha79]
    A. Shamir. How to share a secret. Communications of the ACM, 22:612–613, 1979.MATHMathSciNetCrossRefGoogle Scholar
  37. [Yao82]
    A. C. Yao. Protocols for secure computations. In Proc. 23rd IEEE Symposium on the Foundations of Computer Science (FOCS), pages 160–164. IEEE, 1982.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Matthias Fitzi
    • 1
  • Martin Hirt
    • 1
  • Ueli Maurer
    • 1
  1. 1.Department of Computer ScienceSwiss Federal Institute of Technology (ETH), ZurichZurichSwitzerland

Personalised recommendations