Identifying Cheaters without an Honest Majority

Motivated by problems in secure multiparty computation (MPC), we study a natural extension of identifiable secret sharing to the case where an arbitrary number of players may be corrupted. An identifiable secret sharing scheme is a secret sharing scheme in which the reconstruction algorithm, after receiving shares from all players, either outputs the correct secret or publicly identifies the set of all cheaters (players who modified their original shares) with overwhelming success probability. This property is impossible to achieve without an honest majority. Instead, we settle for having the reconstruction algorithm inform each honest player of the correct set of cheaters. We show that this new notion of secret sharing can be unconditionally realized in the presence of arbitrarily many corrupted players. We demonstrate the usefulness of this primitive by presenting several applications to MPC without an honest majority. Complete primitives for MPC. We present the first unconditional construction of a complete primitive for fully secure function evaluation whose complexity does not grow with the complexity of the function being evaluated. This can be used for realizing fully secure MPC using small and stateless tamper-proof hardware. A previous completeness result of Gordon et al. (TCC 2010) required the use of cryptographic signatures. Applications to partial fairness. We eliminate the use of cryptography from the online phase of recent protocols for multiparty coin-flipping and MPC with partial fairness (Beimel et al., Crypto 2010 and Crypto 2011). This is a corollary of a more general technique for unconditionally upgrading security against fail-stop adversaries with preprocessing to security against malicious adversaries. Finally, we complement our positive results by a negative result on identifying cheaters in unconditionally secure MPC. It is known that MPC without an honest majority can be realized unconditionally in the OT-hybrid model, provided that one settles for "security with abort" (Kilian, 1988). That is, the adversary can decide whether to abort the protocol after learning the outputs of corrupted players. We show that such protocols cannot be strengthened so that all honest players agree on the identity of a corrupted player in the event that the protocol aborts, even if a broadcast primitive can be used. This is contrasted with the computational setting, in which this stronger notion of security can be realized under standard cryptographic assumptions (Goldreich et al., 1987).

[1]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[2]  C. Pandu Rangan,et al.  Round Efficient Unconditionally Secure Multiparty Computation Protocol , 2008, INDOCRYPT.

[3]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[4]  Ueli Maurer,et al.  Linear VSS and Distributed Commitments Based on Secret Sharing and Pairwise Checks , 2002, CRYPTO.

[5]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[6]  Rafail Ostrovsky,et al.  Minimal Complete Primitives for Secure Multi-Party Computation , 2001, Journal of Cryptology.

[7]  Eyal Kushilevitz,et al.  A Zero-One Law for Boolean Privacy (extended abstract) , 1989, STOC 1989.

[8]  Satoshi Obana,et al.  Almost Optimum Secret Sharing Schemes Secure Against Cheating for Arbitrary Secret Distribution , 2006, ASIACRYPT.

[9]  Eran Omri,et al.  Protocols for Multiparty Coin Toss with Dishonest Majority , 2010, CRYPTO.

[10]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[11]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[12]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[13]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[14]  MARCO CARPENTIERI A perfect threshold secret sharing scheme to identify cheaters , 1995, Des. Codes Cryptogr..

[15]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[16]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, Journal of Cryptology.

[17]  Ashish Choudhury Simple and Asymptotically Optimal t-Cheater Identifiable Secret Sharing Scheme , 2011, IACR Cryptol. ePrint Arch..

[18]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[19]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[20]  Ernest F. Brickell,et al.  The Detection of Cheaters in Threshold Schemes , 1990, SIAM J. Discret. Math..

[21]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[22]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[23]  Birgit Pfitzmann,et al.  Unconditional Byzantine Agreement for any Number of Faulty Processors , 1992, STACS.

[24]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[25]  Eran Omri,et al.  Protocols for Multiparty Coin Toss with a Dishonest Majority , 2015, Journal of Cryptology.

[26]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[27]  Eran Omri,et al.  1/p-Secure Multiparty Computation without Honest Majority and the Best of Both Worlds , 2011, CRYPTO.

[28]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[29]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[30]  Rafail Ostrovsky,et al.  Reducibility and Completeness in Private Computations , 2000, SIAM J. Comput..

[31]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[32]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[33]  Mihir Bellare,et al.  Robust computational secret sharing and a unified account of classical secret-sharing goals , 2007, CCS '07.

[34]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[35]  Rafail Ostrovsky,et al.  On Complete Primitives for Fairness , 2010, TCC.

[36]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[37]  Vincent Rijmen,et al.  Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings , 2008, INDOCRYPT.

[38]  Rafail Ostrovsky,et al.  Reducibility and completeness in multi-party private computations , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[39]  Satoshi Obana,et al.  t-Cheater Identifiable (k, n) Threshold Secret Sharing Schemes , 1995, CRYPTO.

[40]  Birgit Pfitzmann,et al.  Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3 , 2007 .