Player Simulation and General Adversary Structures in Perfect Multiparty Computation

Abstract. The goal of secure multiparty computation is to transform a given protocol involving a trusted party into a protocol without need for the trusted party, by simulating the party among the players. Indeed, by the same means, one can simulate an arbitrary player in any given protocol. We formally define what it means to simulate a player by a multiparty protocol among a set of (new) players, and we derive the resilience of the new protocol as a function of the resiliences of the original protocol and the protocol used for the simulation. In contrast to all previous protocols that specify the tolerable adversaries by the number of corruptible players (a threshold), we consider general adversaries characterized by an adversary structure, a set of subsets of the player set, where the adversary may corrupt the players of one set in the structure. Recursively applying the simulation technique to standard threshold multiparty protocols results in protocols secure against general adversaries. The classical results in unconditional multiparty computation among a set of n players state that, in the passive model, any adversary that corrupts less than n/2 players can be tolerated, and in the active model, any adversary that corrupts less than n/3 players can be tolerated. Strictly generalizing these results we prove that, in the passive model, every function (more generally, every cooperation specified by involving a trusted party) can be computed securely with respect to a given adversary structure if and only if no two sets in the adversary structure cover the full set of players, and, in the active model, if and only if no three sets cover the full set of players. The complexities of the protocols are polynomial in the number of maximal adverse player sets in the adversary structure.

[1]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation ? Corrected Version ?? , 1998 .

[2]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[3]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[4]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[5]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[6]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[7]  Rafail Ostrovsky,et al.  Randomness vs. fault-tolerance , 1997, PODC '97.

[8]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[9]  Rosario Gennaro,et al.  Theory and practice of verifiable secret sharing , 1996 .

[10]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[11]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[12]  Ran Canetti,et al.  Incoercible multiparty computation , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[13]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[14]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[15]  Danny Dolev,et al.  Shifting Gears: Changing Algorithms on the Fly to Expedite Byzantine Agreement , 1992, Inf. Comput..

[16]  Donald Beaver,et al.  Quorum-Based Secure Multi-party Computation , 1998, EUROCRYPT.

[17]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 2000, Journal of Cryptology.

[18]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[19]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[20]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[21]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[22]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[23]  David J. Goodman,et al.  Personal Communications , 1994, Mobile Communications.

[24]  Matthias Fitzi,et al.  Efficient Byzantine Agreement Secure Against General Adversaries , 1998, DISC.

[25]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[26]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[27]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[28]  Matthias Fitzi,et al.  General Adversaries in Unconditional Multi-party Computation , 1999, ASIACRYPT.

[29]  Adam D. Smith,et al.  Multiparty computation unconditionally secure against Q^2 adversary structures , 1999, ArXiv.

[30]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[31]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[32]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[33]  Donald Beaver Perfect Privacy For Two-Party Protocols , 1989, Distributed Computing And Cryptography.

[34]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[35]  Matthew K. Franklin,et al.  The design and implementation of a secure auction service , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[36]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[37]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[38]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[39]  Tal Rabin,et al.  Robust sharing of secrets when the dealer is honest or cheating , 1994, JACM.

[40]  Ueli Maurer,et al.  Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract) , 1997, PODC '97.

[41]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation (Extended Abstract) , 1998, CRYPTO.

[42]  Danny Dolev,et al.  Shifting gears: changing algorithms on the fly to expedite Byzantine agreement , 1987, PODC '87.

[43]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[44]  Eyal Kushilevitz,et al.  A Zero-One Law for Boolean Privacy , 1991, SIAM J. Discret. Math..

[45]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[46]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[47]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .