MPC vs. SFE : Unconditional and Computational Security

In secure computation among a set $\mathcal{P}$ of players one considers an adversary who can corrupt certain players. The three usually considered types of corruption are active, passive, and fail corruption. The adversary's corruption power is characterized by a so-called adversary structure which enumerates the adversary's corruption options, each option being a triple (A ,E ,F ) of subsets of $\mathcal{P}$, where the adversary can actively corrupt the players in A , passively corrupt the players in E , and fail-corrupt the players in F . This paper is concerned with characterizing for which adversary structures general secure function evaluation (SFE) and secure (reactive) multi-party computation (MPC) is possible, in various models. This has been achieved so far only for the very special model of perfect security, where, interestingly, the conditions for SFE and MPC are distinct. Such a separation was first observed by Ishai et al. in the context of computational security. We give the exact conditions for general SFE and MPC to be possible for information-theoretic security (with negligible error probability) and for computational security, assuming a broadcast channel, with and without setup. In all these settings we confirm the strict separation between SFE and MPC. As a simple consequence of our results we solve an open problem for computationally secure MPC in a threshold model with all three corruption types.

[1]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[2]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[3]  Ueli Maurer,et al.  Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract) , 1997, PODC '97.

[4]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[5]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation (Extended Abstract) , 1998, CRYPTO.

[6]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[7]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[8]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[9]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[10]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[11]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[12]  Ueli Maurer,et al.  Secure multi-party computation made simple , 2002, Discret. Appl. Math..

[13]  Donald Beaver,et al.  Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority , 2004, Journal of Cryptology.

[14]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[15]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[16]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[17]  Yehuda Lindell,et al.  On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation , 2006, CRYPTO.

[18]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[19]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[20]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[21]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[22]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[23]  Martin Hirt,et al.  Efficient Byzantine Agreement with Faulty Minority , 2007, ASIACRYPT.

[24]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[25]  Matthias Fitzi,et al.  MPC vs. SFE: Perfect Security in a Unified Corruption Model , 2008, TCC.

[26]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[27]  Matthias Fitzi,et al.  General Adversaries in Unconditional Multi-party Computation , 1999, ASIACRYPT.

[28]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation ? Corrected Version ?? , 1998 .