We study the question of how much interaction is needed for unconditionally secure multiparty computation. We first consider the number of messages that need to be sent to compute a Boolean function with semi-honest security, where all n parties learn the result. We consider two classes of functions called t-difficult and t-very difficult functions, where t refers to the number of corrupted players. For instance, the AND of an input bit from each player is t-very difficult while the XOR is t-difficult but not t-very difficult. We show lower bounds on the message complexity of both types of functions, considering two notions of message complexity called conservative and liberal, where conservative is the more standard one. In all cases the bounds are $$\varOmega nt$$ Ωnt. We also show almost matching upper bounds for $$t=1$$ t=1 and functions in a rich class $$PSM_\mathsf{eff}$$ PSMeff including non-deterministic log-space, as well as a stronger upper bound for the XOR function. In particular, we find that the conservative message complexity of 1-very difficult functions in $$PSM_\mathsf{eff}$$ PSMeff is 2n, while the conservative message complexity for XOR and $$t=1$$ t=1 is $$2n-1$$ 2n-1. Next, we consider round complexity. It is a long-standing open problem to determine whether all efficiently computable functions can also be efficiently computed in constant-round with unconditional security. Motivated by this, we consider the question of whether we can compute any function securely, while minimizing the interaction of some of the players? And if so, how many players can this apply to? Note that we still want the standard security guarantees correctness, privacy, termination and we consider the standard communication model with secure point-to-point channels. We answer the questions as follows: for passive security, with $$n=2t+1$$ n=2t+1 players and t corruptions, upi¾?to t players can have minimal interaction, i.e., they send 1 message in the first round to each of the $$t+1$$ t+1 remaining players and receive one message from each of them in the last round. Using our result on message complexity, we show that this is unconditionally optimal. For malicious security with $$n=3t+1$$ n=3t+1 players and t corruptions, upi¾?to t players can have minimal interaction, and we show that this is also optimal.
[1]
Ran Canetti,et al.
Security and Composition of Multiparty Cryptographic Protocols
,
2000,
Journal of Cryptology.
[2]
Birgit Pfitzmann,et al.
Unconditional Byzantine Agreement for any Number of Faulty Processors
,
1992,
STACS.
[3]
Noam Nisan,et al.
CREW PRAMS and decision trees
,
1989,
STOC '89.
[4]
Vinod M. Prabhakaran,et al.
On the Communication Complexity of Secure Computation
,
2013,
IACR Cryptol. ePrint Arch..
[5]
Shafi Goldwasser,et al.
Communication Locality in Secure Multi-party Computation - How to Run Sublinear Algorithms in a Distributed Setting
,
2013,
TCC.
[6]
Tal Rabin,et al.
Verifiable secret sharing and multiparty protocols with honest majority
,
1989,
STOC '89.
[7]
Rafail Ostrovsky,et al.
The Hidden Graph Model: Communication Locality and Optimal Resiliency with Adaptive Faults
,
2015,
ITCS.
[8]
Yuval Ishai,et al.
Randomizing polynomials: A new representation with applications to round-efficient secure computation
,
2000,
Proceedings 41st Annual Symposium on Foundations of Computer Science.
[9]
Eyal Kushilevitz,et al.
A Communication-Privacy Tradeoff for Modular Addition
,
1993,
Inf. Process. Lett..
[10]
David Chaum,et al.
Multiparty Unconditionally Secure Protocols (Abstract)
,
1987,
CRYPTO.
[11]
Moni Naor,et al.
A minimal model for secure computation (extended abstract)
,
1994,
STOC '94.
[12]
Yuval Ishai,et al.
Private simultaneous messages protocols with applications
,
1997,
Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.
[13]
Avi Wigderson,et al.
Completeness theorems for non-cryptographic fault-tolerant distributed computation
,
1988,
STOC '88.
[14]
Xiaotie Deng,et al.
Optimal Amortized Distributed Consensus (Extended Abstract)
,
1991,
WDAG.
[15]
Rafail Ostrovsky,et al.
Reducibility and Completeness in Private Computations
,
2000,
SIAM J. Comput..
[16]
Ivan Damgård,et al.
Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing
,
2013,
TCC.