A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation

In the setting of secure multiparty computation, a set of n parties with private inputs wish to jointly compute some functionality of their inputs. One of the most fundamental results of secure computation was presented by Ben-Or, Goldwasser, and Wigderson (BGW) in 1988. They demonstrated that any n-party functionality can be computed with perfect security, in the private channels model. When the adversary is semi-honest, this holds as long as $$t<n/2$$t<n/2 parties are corrupted, and when the adversary is malicious, this holds as long as $$t<n/3$$t<n/3 parties are corrupted. Unfortunately, a full proof of these results was never published. In this paper, we remedy this situation and provide a full proof of security of the BGW protocol. This includes a full description of the protocol for the malicious setting, including the construction of a new subprotocol for the perfect multiplication protocol that seems necessary for the case of $$n/4\le t<n/3$$n/4≤t<n/3.

[1]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[2]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[3]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[4]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[5]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[6]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[7]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[8]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[9]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[10]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[11]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[12]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[13]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[14]  Yehuda Lindell,et al.  Perfectly-Secure Multiplication for Any t < n/3 , 2011, CRYPTO.

[15]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[16]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[17]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[18]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[19]  Yehuda Lindell,et al.  Sequential composition of protocols without simultaneous termination , 2002, PODC '02.

[20]  Yuval Ishai,et al.  Adaptive versus Non-Adaptive Security of Multi-Party Protocols , 2004, Journal of Cryptology.

[21]  Yehuda Lindell,et al.  General Composition and Universal Composability in Secure Multiparty Computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[22]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[23]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[24]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[25]  Silvio Micali,et al.  Secure Computation (Abstract) , 1991, CRYPTO.

[26]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[27]  Yehuda Lindell,et al.  Information-theoretically secure protocols and security under composition , 2006, STOC '06.

[28]  Ran El-Yaniv,et al.  Resilient-optimal interactive consistency in constant time , 2003, Distributed Computing.

[29]  Silvio Micali,et al.  Parallel Reducibility for Information-Theoretically Secure Computation , 2000, CRYPTO.

[30]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[31]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[32]  Joe Kilian Secure Computation , 2011, Encyclopedia of Cryptography and Security.

[33]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[34]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[35]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[36]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.