Complexity of Multiparty Computation Problems: The Case of 2-Party Symmetric Secure Function Evaluation

In symmetric secure function evaluation (SSFE), Alice has an input x , Bob has an input y , and both parties wish to securely compute f (x ,y ). We show several new results classifying the feasibility of securely implementing these functions in several security settings. Namely, we give new alternate characterizations of the functions that have (statistically) secure protocols against passive and active (standalone), computationally unbounded adversaries. We also show a strict, infinite hierarchy of complexity for SSFE functions with respect to universally composable security against unbounded adversaries. That is, there exists a sequence of functions f 1 , f 2 , ... such that there exists a UC-secure protocol for f i in the f j -hybrid world if and only if i ≤ j . The main new technical tool that unifies our unrealizability results is a powerful protocol simulation theorem, which may be of independent interest. Essentially, in any adversarial setting (UC, standalone, or passive), f is securely realizable if and only if a very simple (deterministic) "canonical" protocol for f achieves the desired security. Thus, to show that f is unrealizable, one need simply demonstrate a single attack on a single simple protocol.

[1]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[2]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[3]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[4]  Manoj Prabhakaran,et al.  Cryptographic Complexity of Multi-Party Computation Problems: Classifications and Separations , 2008, CRYPTO.

[5]  Donald Beaver Perfect Privacy For Two-Party Protocols , 1989, Distributed Computing And Cryptography.

[6]  Jörn Müller-Quade,et al.  Secure Computability of Functions in the IT Setting with Dishonest Majority and Applications to Long-Term Security , 2009, TCC.

[7]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[8]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[9]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[10]  Michael Backes,et al.  On the Necessity of Rewinding in Secure Multiparty Computation , 2007, TCC.

[11]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[12]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[13]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[14]  Rafail Ostrovsky,et al.  Reducibility and Completeness in Private Computations , 2000, SIAM J. Comput..

[15]  Joe Kilian,et al.  Uses of randomness in algorithms and protocols , 1990 .

[16]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[17]  Eyal Kushilevitz,et al.  A Zero-One Law for Boolean Privacy (extended abstract) , 1989, STOC 1989.

[18]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[19]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[20]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[21]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[22]  Silvio Micali,et al.  The All-or-Nothing Nature of Two-Party Secure Computation , 1999, CRYPTO.