Robust MPC: Asynchronous Responsiveness yet Synchronous Security

Two paradigms for secure MPC are synchronous and asynchronous protocols, which differ substantially in terms of the guarantees they provide. While synchronous protocols tolerate more corruptions and allow every party to give its input, they are very slow because the speed depends on the conservatively assumed worst-case delay∆ of the network. In contrast, asynchronous protocols are as fast as the actual network allows, i.e., run in time proportional to the actual maximal network delay δ, but unavoidably parties with slow network connections cannot give input. This paper proposes a new, composable model (of UC functionalities) capturing the best of both worlds. Each party obtains the output as fast as the network allows (a property called responsiveness), and it is guaranteed that all parties obtain the same output. We consider different corruption thresholds: correctness, privacy, and responsiveness are guaranteed for less than TC , TP , and TR corruptions, respectively, while termination is always guaranteed. We achieve a trade-off between correctness, privacy and responsiveness: For any TR ≤ 3n, one can achieve TC = TP = min{ 2n, n−2TR}. In particular, setting TR = 1 4n allows us to obtain TC = TP = 1 2n, hence achieving substantial responsiveness, yet correctness and privacy much better than in an asynchronous protocol and as good as for a purely synchronous (slow) protocol. This result is achieved by a black-box compiler for combining an asynchronous and a synchronous protocol, involving new protocol techniques that may have applications in other contexts, and by devising an asynchronous protocol with TC = TP = n−2TR, improving the correctness and privacy of known protocols achieving TC = TP = 3n.

[1]  Ran Cohen,et al.  Asynchronous Secure Multiparty Computation in Constant Time , 2016, Public Key Cryptography.

[2]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[3]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[4]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[5]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[6]  Martin Hirt,et al.  Cryptographic Asynchronous Multi-party Computation with Optimal Resilience (Extended Abstract) , 2005, EUROCRYPT.

[7]  Martin Hirt,et al.  Almost-Asynchronous MPC with Faulty Minority , 2008, IACR Cryptol. ePrint Arch..

[8]  Sandro Coretti,et al.  Probabilistic Termination and Composability of Cryptographic Protocols , 2016, CRYPTO.

[9]  Elaine Shi,et al.  Synchronous, with a Chance of Partition Tolerance , 2019, IACR Cryptol. ePrint Arch..

[10]  Martin Hirt,et al.  Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions , 2016, ASIACRYPT.

[11]  Ledger Edinburgh Research Explorer Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016 .

[12]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[13]  Tal Moran,et al.  Combining Asynchronous and Synchronous Byzantine Agreement: The Best of Both Worlds , 2018, IACR Cryptol. ePrint Arch..

[14]  Oded Goldreich,et al.  The Best of Both Worlds: Guaranteeing Termination in Fast Randomized Byzantine Agreement Protocols , 1990, Inf. Process. Lett..

[15]  Sandro Coretti,et al.  Round-Preserving Parallel Composition of Probabilistic-Termination Cryptographic Protocols , 2021, Journal of Cryptology.

[16]  Martin Hirt,et al.  Asynchronous Multi-Party Computation with Quadratic Communication , 2008, ICALP.

[17]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[18]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[19]  Martin Hirt,et al.  On the theoretical gap between synchronous and asynchronous MPC protocols , 2010, PODC '10.

[20]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[21]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation (Extended Abstract) , 1998, CRYPTO.

[22]  R. Cramer,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000 .

[23]  Ueli Maurer,et al.  Robustness for Free in Unconditional Multi-party Computation , 2001, CRYPTO.

[24]  T. J. Watson Optimistic Asynchronous Byzantine Agreement , 1999 .

[25]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[26]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[27]  Ashish Choudhury,et al.  Round and Communication Efficient Unconditionally-Secure MPC with t t n / 3 in Partially Synchronous Network , 2017, ICITS.

[28]  Ran El-Yaniv,et al.  Resilient-optimal interactive consistency in constant time , 2003, Distributed Computing.

[29]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[30]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[31]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[32]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[33]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[34]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[35]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[36]  Yehuda Lindell,et al.  Information-theoretically secure protocols and security under composition , 2006, STOC '06.

[37]  Arpita Patra,et al.  On the Power of Hybrid Networks in Multi-Party Computation , 2018, IEEE Transactions on Information Theory.

[38]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.