Almost-Everywhere Secure Computation with Edge Corruptions

We consider secure multi-party computation (MPC) in a setting where the adversary can separately corrupt not only the parties (nodes) but also the communication channels (edges), and can furthermore choose selectively and adaptively which edges or nodes to corrupt. Note that if an adversary corrupts an edge, even if the two nodes that share that edge are honest, the adversary can control the link and thus deliver wrong messages to both players. We consider this question in the information-theoretic setting, and require security against a computationally unbounded adversary.In a fully connected network the above question is simple (and we also provide an answer that is optimal up to a constant factor). What makes the problem more challenging is to consider the case of sparse networks. Partially connected networks are far more realistic than fully connected networks, which led Garay and Ostrovsky [Eurocrypt’08] to formulate the notion of (unconditional) almost everywhere (a.e.) secure computation in the node-corruption model, i.e., a model in which not all pairs of nodes are connected by secure channels and the adversary can corrupt some of the nodes (but not the edges). In such a setting, MPC among all honest nodes cannot be guaranteed due to the possible poor connectivity of some honest nodes with other honest nodes, and hence some of them must be “given up” and left out of the computation. The number of such nodes is a function of the underlying communication graph and the adversarial set of nodes.In this work we introduce the notion of almost-everywhere secure computation with edge corruptions, which is exactly the same problem as described above, except that we additionally allow the adversary to completely control some of the communication channels between two correct nodes—i.e., to “corrupt” edges in the network. While it is easy to see that an a.e. secure computation protocol for the original node-corruption model is also an a.e. secure computation protocol tolerating edge corruptions (albeit for a reduced fraction of edge corruptions with respect to the bound for node corruptions), no polynomial-time protocol is known in the case where a constant fraction of the edges can be corrupted (i.e., the maximum that can be tolerated) and the degree of the network is sublinear.We make progress on this front, by constructing graphs of degree O(nϵ) (for arbitrary constant 0<ϵ<1) on which we can run a.e. secure computation protocols tolerating a constant fraction of adversarial edges. The number of given-up nodes in our construction is μn (for some constant 0<μ<1 that depends on the fraction of corrupted edges), which is also asymptotically optimal.

[1]  Moti Yung,et al.  Perfectly secure message transmission , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[2]  Andrzej Pelc,et al.  Reliable communication in networks with Byzantine link failures , 1992, Networks.

[3]  Eli Upfal,et al.  Fault Tolerance in Networks of Bounded Degree (Preliminary Version) , 1986, STOC 1986.

[4]  Moti Yung,et al.  Distributed Computing in Asynchronous Networks with Byzantine Edges , 1996, COCOON.

[5]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[6]  Eli Upfal,et al.  Fault tolerance in networks of bounded degree , 1986, STOC '86.

[7]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[8]  Shu-Chin Wang,et al.  Optimal Agreement Protocol in Malicious Faulty Processors and Faulty Links , 1992, IEEE Trans. Knowl. Data Eng..

[9]  Rafail Ostrovsky,et al.  Improved Fault Tolerance and Secure Computation on Sparse Networks , 2010, ICALP.

[10]  Krzysztof Diks,et al.  Reliable Broadcasting in Logarithmic Time with Byzantine Link Failures , 1997, J. Algorithms.

[11]  Ueli Maurer,et al.  Realistic Failures in Secure Multi-party Computation , 2009, TCC.

[12]  Rafail Ostrovsky,et al.  Secure Message Transmission by Public Discussion: A Brief Survey , 2011, IWCC.

[13]  Eli Upfal Tolerating linear number of faults in networks of bounded degree , 1992, PODC '92.

[14]  Shu-Chin Wang,et al.  Byzantine Agreement in a Generalized Connected Network , 1995, IEEE Trans. Parallel Distributed Syst..

[15]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[16]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Abstract) , 1987, CRYPTO.

[17]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[18]  Rafail Ostrovsky,et al.  Almost-Everywhere Secure Computation , 2008, EUROCRYPT.

[19]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[20]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[21]  Serge Vaudenay,et al.  Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques , 2006 .

[22]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[23]  Danny Dolev,et al.  The Byzantine Generals Strike Again , 1981, J. Algorithms.

[24]  Bogdan S. Chlebus,et al.  Reliable Broadcasting in Hypercubes with Random Link and Node Failures , 1996, Comb. Probab. Comput..

[25]  Matthias Fitzi,et al.  Efficient player-optimal protocols for strong and differential consensus , 2003, PODC '03.

[26]  Piotr Berman,et al.  Fast Consensus in Networks of Bounded Degree (Extended Abstract) , 1990, WDAG.

[27]  Jonathan Katz,et al.  Authenticated broadcast with a partially compromised public-key infrastructure , 2010, Inf. Comput..

[28]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[29]  Shu-Chin Wang,et al.  Revisiting fault diagnosis agreement in a new territory , 2004, OPSR.

[30]  Erik Vee,et al.  Towards Secure and Scalable Computation in Peer-to-Peer Networks , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[31]  Matthew K. Franklin,et al.  Reliable Communication over Partially Authenticated Networks , 1997, WDAG.