Foundations of Secure Interactive Computing

The problem of secure multiparty computation is usually described as follows: each of n players in a network holds a private input xi. Together they would like to compute a function F(x1,...,xn) without revealing the inputs, even though no particular player can be trusted. Attempts to contrive formal definitions for the problem have treated properties of the solution separately (correctness, privacy, etc.), giving an ad hoc collection of desirable properties and varied definitions that do not support clear or comparable proofs.We propose a clear, concise, and unified definition for security and reliability in interactive computations. We develop a reduction called relative resilience that captures all desired properties at a single blow. Relative resilience allows one to classify and compare arbitrary protocols in terms of security and reliability, in the same way that Turing reductions allow one to classify and compare algorithms in terms of complexity. Security and reliability reduce to a simple statement: a protocol for F is resilient if it is as resilient as an ideal protocol in which a trusted host is available to compute F. Relative resilience captures the notions of security and reliability for a wide variety of interactive computations, including zero-knowledge proof systems, Byzantine Agreement, oblivious transfer, two-party oblivious circuit evaluation, among others.Relative resilience provides modular proof techniques that other approaches lack: one may compare a sequence of protocols ranging from the real-world protocol to the ideal protocol, proving the relative resilience of each successive protocol with greater clarity and less complexity. Folk theorems about the "transitivity" of security and the security of concatenated protocols are now provable; and the proofs reveal that such folk theorems fail under subtle conditions that have previously gone unnoticed. The conciseness and modularity of our definitions and proof techniques provide great clarity in designing and reasoning about protocols and have already lead to provably secure protocols that are significantly more efficient than those appearing in the literature.

[1]  Stuart Alan Haber Multiparty cryptographic computation: techniques and applications , 1988 .

[2]  J. Feigenbaum,et al.  Distributed computing and cryptography : proceedings of a DIMACS workshop held at the Nassau Inn in Princeton, New Jersey, October 4-6, 1989 , 1991 .

[3]  Donald Beaver,et al.  Multiparty computation with faulty majority , 1989, 30th Annual Symposium on Foundations of Computer Science.

[4]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[5]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[6]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[7]  Michael Rabin,et al.  Security, fault tolerance, and communication complexity in distributed systems , 1990 .

[8]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[9]  Moti Yung,et al.  Minimum-Knowledge Interactive Proofs for Decision Problems , 1989, SIAM J. Comput..

[10]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[11]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[12]  G. R. Blakley,et al.  Security Proofs for Information Protection Systems , 1981, 1981 IEEE Symposium on Security and Privacy.

[13]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[14]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[15]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[16]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[17]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[19]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[20]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[21]  Donald Beaver,et al.  Cryptographic Protocols Provably Secure Against Dynamic Adversaries , 1992, EUROCRYPT.

[22]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[23]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority (Extended Announcement) , 1989, FOCS 1989.

[24]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[25]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[26]  Donald Beaver Formal Definitions for Secure Distributed Protocols , 1989, Distributed Computing And Cryptography.

[27]  Martín Abadi,et al.  On Hiding Information from an Oracle , 1987, Proceeding Structure in Complexity Theory.

[28]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.