Efficient Multi-party Computation with Dispute Control

Secure multi-party computation (MPC) allows a set of n players to securely compute an agreed function of their inputs, even when up to t players are under the control of an (active or passive) adversary. In the information-theoretic model MPC is possible if and only if t n/3 requires a trusted key setup). Known passive MPC protocols require a communication of O(n 2 ) field elements per multiplication. Recently, the same communication complexity was achieved for active security with t < n/3. It remained an open question whether O(n 2 ) complexity is achievable for n/3 ≤ t < n/2. We answer this question in the affirmative by presenting an active MPC protocol that provides optimal (t < n/2) security and communicates only O(n 2 ) field elements per multiplication. Additionally the protocol broadcasts O(n 3 ) field elements overall, for the whole computation. The communication complexity of the new protocol is to be compared with the most efficient previously known protocol for the same model, which requires broadcasting Ω(n 5 ) field elements per multiplication. This substantial reduction in communication is mainly achieved by applying a new technique called dispute control: During the course of the protocol, the players keep track of disputes that arise among them, and the ongoing computation is adjusted such that known disputes cannot arise again. Dispute control is inspired by the player-elimination framework. However, player elimination is not suited for models with t ≥ n/3.

[1]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[2]  Ueli Maurer,et al.  Robustness for Free in Unconditional Multi-party Computation , 2001, CRYPTO.

[3]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[4]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[5]  Birgit Pfitzmann,et al.  Unconditional Byzantine Agreement for any Number of Faulty Processors , 1992, STACS.

[6]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[7]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[8]  Piotr Berman,et al.  Bit optimal distributed consensus , 1992 .

[9]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[10]  Donald Beaver,et al.  Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority , 2004, Journal of Cryptology.

[11]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[12]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[13]  Danny Dolev,et al.  Polynomial algorithms for multiple processor agreement , 1982, STOC '82.

[14]  Ueli Maurer,et al.  Efficient Secure Multi-party Computation , 2000, ASIACRYPT.

[15]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[16]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[17]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[18]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[19]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[20]  Brian A. Coan,et al.  Modular Construction of a Byzantine Agreement Protocol with Optimal Message Bit Complexity , 1992, Inf. Comput..

[21]  Larry Carter,et al.  Universal classes of hash functions (Extended Abstract) , 1977, STOC '77.