Secure Computation Without Authentication

In the setting of secure multiparty computation, a set of parties wish to jointly compute some function of their inputs. Such a computation must preserve certain security properties, like privacy and correctness, even if some of the participating parties or an external adversary collude to attack the honest parties. Until this paper, all protocols for general secure computation assumed that the parties can communicate reliably via authenticated channels. In this paper, we consider the feasibility of secure computation without any setup assumption. We consider a completely unauthenticated setting, where all messages sent by the parties may be tampered with and modified by the adversary (without the honest parties being able to detect this fact). In this model, it is not possible to achieve the same level of security as in the authenticated-channel setting. Nevertheless, we show that meaningful security guarantees can be provided. In particular, we define a relaxed notion of what it means to “securely compute” a function in the unauthenticated setting. Then, we construct protocols for securely realizing any functionality in the stand-alone model, with no setup assumptions whatsoever. In addition, we construct universally composable protocols for securely realizing any functionality in the common reference string model (while still in an unauthenticated network). We also show that our protocols can be used to provide conceptually simple and unified solutions to a number of problems that were studied separately in the past, including password-based authenticated key exchange and non-malleable commitments.

[1]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[2]  Ran Canetti,et al.  Universally Composable Commitments (Extended Abstract) , 2001, CRYPTO 2001.

[3]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[4]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[5]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[6]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[7]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[8]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[9]  Salil P. Vadhan,et al.  Simpler Session-Key Generation from Short Random Passwords , 2004, TCC.

[10]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[11]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[12]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[13]  Ran Canetti,et al.  Maintaining Authenticated Communication in the Presence of Break-Ins , 2000, Journal of Cryptology.

[14]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[15]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[16]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[17]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[18]  Rafael Pass,et al.  Bounded-concurrent secure two-party computation in a constant number of rounds , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[19]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[20]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[21]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[22]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[23]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[24]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1999 .

[25]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[26]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[27]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[28]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[29]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[30]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, CRYPTO.

[31]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[32]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[33]  Matthias Fitzi,et al.  Detectable byzantine agreement secure against faulty majorities , 2002, PODC '02.

[34]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.