Secure Computation (Abstract)

We define what it means for a network of communicating players to securely compute a function of privately held inputs. Intuitively, we wish to correctly compute its value in a manner which protects the privacy of each player's contribution, even though a powerful adversary may endeavor to disrupt this enterprise.This highly general and desirable goal has been around a long time, inspiring a large body protocols, definitions, and ideas, starting with Yao [1982, 1986] and Goldreich, Micali and Wigderson [1987]. But all the while, it had resisted a full and satisfactory formulation.Our definition is built on several new ideas. Among them: ? Closely mimicking an ideal evaluation. A secure protocol must mimic this abstraction in a run-by-run manner, our definition depending as much on individual executions as on global properties of ensembles. ? Blending privacy and correctness in a novel way, using a special type of simulator designed for the purpose. ? Requiring adversarial awareness--capturing the idea that the adversary should know, in a very strong sense, certain information associated to the execution of a protocol.Among the noteworthy and desirable properties of our definition is the reducibility of secure protocols, which we believe to be a cornerstone in a mature theory of secure computation.

[1]  Donald Beaver Formal Definitions for Secure Distributed Protocols , 1989, Distributed Computing And Cryptography.

[2]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[3]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[4]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[5]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[6]  Crépeau Claude,et al.  Correct and private reductions among oblivious transfers , 1990 .

[7]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[8]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[9]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[10]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[11]  Adi Shamir,et al.  On Expected Polynomial Time Simulation of Zero Knowledge Protocols , 1989, Distributed Computing And Cryptography.

[12]  J. Edmonds Paths, Trees, and Flowers , 1965, Canadian Journal of Mathematics.

[13]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[14]  S. Goldwasser The Knowledge Complexity of Interactive Proof System , 1989 .

[15]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[16]  Silvio Micali,et al.  How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[17]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[18]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[19]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[20]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[21]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[22]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[23]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[24]  Donald Beaver,et al.  Multiparty computation with faulty majority , 1989, 30th Annual Symposium on Foundations of Computer Science.

[25]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[26]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[27]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[28]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[29]  Joe Kilian,et al.  Uses of randomness in algorithms and protocols , 1990 .

[30]  Eyal Kushilevitz,et al.  Private computations over the integers , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[31]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[32]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[33]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[34]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[35]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[36]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[37]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[38]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[39]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[40]  Stuart Alan Haber Multiparty cryptographic computation: techniques and applications , 1988 .

[41]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[42]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[43]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.