Universally composable two-party and multi-party secure computation

We show how to securely realize any multi-party functionality in a universally composable way, regardless of the number of corrupted participants. That is, we consider a multi-party network with open communication and an adversary that can adaptively corrupt as many parties as it wishes. In this setting, our protocols allow any subset of the parties (with pairs of parties being a special case) to securely realize any desired functionality of their local inputs, and be guaranteed that security is preserved regardless of the activity in the rest of the network. This implies that security is preserved under concurrent composition of an unbounded number of protocol executions, it implies non-malleability with respect to arbitrary protocols, and more. Our constructions are in the common reference string model and make general intractability assumptions.

[1]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[2]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[3]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[4]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[5]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[6]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[7]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[8]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[9]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[10]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[11]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[12]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[13]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[14]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[15]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[16]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[17]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[18]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[19]  Joe Kilian,et al.  Uses of randomness in algorithms and protocols , 1990 .

[20]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[21]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[22]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[23]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[24]  Rafail Ostrovsky,et al.  Reducibility and completeness in multi-party private computations , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[25]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[26]  Donald Beaver,et al.  Plug and Play Encryption , 1997, CRYPTO.

[27]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[28]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[29]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[30]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[31]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[32]  Juan A. Garay,et al.  Concurrent oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[33]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[34]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[35]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, Annual International Cryptology Conference.

[36]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[37]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[38]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[39]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.

[40]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[41]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[42]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[43]  Yehuda Lindell,et al.  On the composition of authenticated byzantine agreement , 2002, STOC '02.

[44]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[45]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[46]  Donald Beaver,et al.  Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority , 2004, Journal of Cryptology.