Secure Computation with Honest-Looking Parties: What If Nobody Is Truly Honest? (Extended Abstract)

In a secure multi-party computation a set of mutually distrustful parties interact in order to evaluate a pre-de ned function of their inputs, without revealing the inputs to each other. In this scenario, the trust in other parties should be minimal. In the classic formulation of this problem, most of the parties are trusted to exactly follow the prescribed protocol, except for a limited number of parties that are corrupted by a centralized adversary and are allowed to deviate from the protocol in an arbitrary way. However, an assumption of a totally honest behavior of most parties can not be veri ed. In particular, if an \honest-looking" party diverges from its protocol in a way that is indistinguishable from a totally honest player, it can do so with \impunity". In this paper, we consider the situation where all parties (even uncorrupted ones) may deviate from their protocol in arbitrary ways, under the sole restriction that most of the parties do not risk being detected by other parties as deviating from the protocol execution. The question whether secure protocols exist in this scenario was raised in the past, and solutions for very limited deviations from the protocol (i. e., refraining from erasing data) were given. Yet, solving the general problem was believed hard, if at all possible. Contrary to this belief, we show that if secure communication channels are provided (and one-way functions exist) then any polynomial function can be securely computed in this scenario. IBM T.J. Watson Research Center. e-mail:canetti@watson.ibm.com Bell Communications Research, MCC-1C365B, 445 South Street, Morristown, New Jersey 07960-6438, e-mail: rafail@bellcore.com

[1]  Yoram Moses,et al.  Fully polynomial Byzantine agreement in t + 1 rounds , 1993, STOC.

[2]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[3]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[4]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[5]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[6]  Rafail Ostrovsky,et al.  Characterizing linear size circuits in terms of privacy , 1996, STOC '96.

[7]  Rafail Ostrovsky,et al.  Amortizing randomness in private multiparty computations , 1998, PODC '98.

[8]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[9]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[10]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[11]  Rafail Ostrovsky,et al.  Reducibility and completeness in multi-party private computations , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[12]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[13]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[14]  Noga Alon,et al.  The Probabilistic Method , 2015, Fundamentals of Ramsey Theory.

[15]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[16]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[17]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[18]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[19]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[20]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.