An Asynchronous Multi-Party Computation Protocol

We consider secure multi-party computation in the asynchronous model and present an efficient protocol with optimal resilience. For n parties, up to t < n/3 of them being corrupted, and security parameter κ, a circuit with c gates can be securely computed with communication complexityO(cnκ) bits. In contrast to all previous asynchronous protocols with optimal resilience, our protocol requires access to an expensive broadcast primitive only O(n) times — independently of the size c of the circuit. This results in a practical protocol with a very low communication overhead. One major drawback of a purely asynchronous network is that the inputs of up to t honest parties cannot be considered for the evaluation of the circuit. Waiting for all inputs could take infinitely long when the missing inputs belong to corrupted parties. Our protocol can easily be extended to a hybrid model, in which we have one round of synchronicity at the end of the input stage, but are fully asynchronous afterwards. In this model, our protocol allows to evaluate the circuit on the inputs of every honest party. The construction of the protocol is along the lines of the approach of the protocol of Cramer, Damgard and Nielsen (Eurocrypt’01): Every intermediate value is encrypted with a threshold encryption scheme, and gates are evaluated by using the encryptions of the inputs. As we cannot guarantee that any particular party will terminate some specific task, we have the circuit evaluated by every party in parallel (with help of the other parties), and as soon as the first party completes, all other parties can terminate as well.

[1]  Matthew K. Franklin,et al.  Joint Encryption and Message-Efficient Secure Computation , 1993, CRYPTO.

[2]  K. Srinathan,et al.  Efficient Asynchronous Secure Multiparty Distributed Computation , 2000, INDOCRYPT.

[3]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[4]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[5]  Tal Rabin,et al.  Asynchronous secure computations with optimal resilience (extended abstract) , 1994, PODC '94.

[6]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[7]  R. Cramer,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000 .

[8]  K. Srinathan,et al.  Asynchronous Unconditionally Secure Computation: An Efficiency Improvement , 2002, INDOCRYPT.

[9]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[10]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[11]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[12]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[13]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[14]  Jesper Buus Nielsen,et al.  A Threshold Pseudorandom Function Construction and Its Applications , 2002, CRYPTO.

[15]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[16]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[17]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[18]  Ran Canetti,et al.  Asynchronous secure computation , 1993, STOC.