Resource-based corruptions and the combinatorics of hidden diversity

In the setting of cryptographic protocols, the corruption of a party has traditionally been viewed as a simple, uniform and atomic operation, where the adversary decides to get control over a party and this party immediately gets corrupted. In this paper, motivated by the fact that different players may require different resources to get corrupted, we put forth the notion of resource-based corruptions, where the adversary must invest some resources in order to corrupt a player. If the adversary has full information about the system configuration then resource-based corruptions would provide no fundamental difference from the standard corruption model. However, in a resource "anonymous" setting, in the sense that such configuration is hidden from the adversary, much is to be gained in terms of efficiency and security. We showcase the power of such hidden diversity in the context of secure multiparty computation (MPC) with resource-based corruptions and prove that anonymity it can effectively be used to circumvent known impossibility results. Specifically, if OPT is the corruption budget that violates the completeness of MPC (the case when half or more of the players are corrupted), we show that if hidden diversity is available, the completeness of MPC can be made to hold against an adversary with as much as a B ⋅ OPT budget, for any constant B>1. This result requires a suitable choice of parameters (in terms of number of players and their hardness to corrupt), which we provide and further prove other tight variants of the result when the said choice is not available. Regarding efficiency gains, we show that hidden diversity can be used to force the corruption threshold to drop from 1/2 to 1/3, in turn allowing the use of much more efficient (information-theoretic) MPC protocols. We achieve the above through a series of technical contributions: The modeling of the corruption process in the setting of cryptographic protocols through corruption oracles as well as the introduction of a notion of reduction to relate such oracles; the abstraction of the corruption game as a combinatorial problem and its analysis; and, importantly, the formulation of the notion of inversion effort preserving (IEP) functions which is a type of direct-sum property, and the property of hardness indistinguishability. While hardness indistinguishability enables the dissociation of parties' identities and the resources needed to corrupt them, IEP enables the discretization of adversarial work into corruption tokens, all of which may be of independent interest.

[1]  Andrew Chi-Chih Yao,et al.  Informational complexity and the direct sum problem for simultaneous message complexity , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[2]  Don Coppersmith Modifications to the Number Field Sieve , 2004, Journal of Cryptology.

[3]  Avi Wigderson,et al.  Uniform direct product theorems: simplified, optimized, and derandomized , 2008, SIAM J. Comput..

[4]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[5]  Juan A. Garay,et al.  Timed Fair Exchange of Standard Signatures: [Extended Abstract] , 2003, Financial Cryptography.

[6]  Giovanni Di Crescenzo,et al.  Necessary and Sufficient Assumptions for Non-iterative Zero-Knowledge Proofs of Knowledge for All NP Relations , 2000, ICALP.

[7]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[8]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[9]  Eli Upfal,et al.  Probability and Computing: Randomized Algorithms and Probabilistic Analysis , 2005 .

[10]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[11]  Hugo Krawczyk,et al.  On the existence of pseudorandom generators , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[12]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[13]  Noam Nisan,et al.  Hardness vs. randomness , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[14]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[15]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[16]  Mihir Bellare,et al.  Multi-instance Security and Its Application to Password-Based Cryptography , 2012, CRYPTO.

[17]  Rafail Ostrovsky,et al.  Minimal Complete Primitives for Secure Multi-party Computation , 2001, CRYPTO.

[18]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[19]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[20]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[21]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[22]  Gary L. Miller,et al.  Proceedings of the twenty-eighth annual ACM symposium on Theory of computing , 1996, STOC 1996.

[23]  Rafail Ostrovsky,et al.  Cryptography from Anonymity , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[24]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[25]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[26]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[27]  A. D. Santis,et al.  Zero-Knowledge Proofs of Knowledge Without Interaction (Extended Abstract) , 1992, FOCS 1992.

[28]  Ephraim Feig,et al.  On the direct sum conjecture , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[29]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[30]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[31]  Omer Reingold,et al.  Efficient Pseudorandom Generators from Exponentially Hard One-Way Functions , 2006, ICALP.

[32]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[33]  Moni Naor,et al.  Amortized Communication Complexity , 1995, SIAM J. Comput..

[34]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[35]  Silvio Micali,et al.  Local zero knowledge , 2006, STOC '06.

[36]  Peter Stevenhagen,et al.  The number field sieve , 2008 .

[37]  Avi Wigderson,et al.  A direct sum theorem for corruption and the multiparty NOF communication complexity of set disjointness , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[38]  Ran Raz,et al.  Super-logarithmic depth lower bounds via the direct sum in communication complexity , 1995, computational complexity.

[39]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[40]  Yevgeniy Dodis On extractors, error-correction and hiding all partial information , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[41]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.