Abstract
In the setting of secure multiparty computation (MPC), a set of mutually distrusting parties wish to jointly compute a function in a correct and private manner. An MPC protocol is called fully secure if no adversary can prevent the honest parties from obtaining their outputs. A protocol is called fair if an adversary can prematurely abort the computation, however, only before learning any new information.
We present highly efficient transformations from fair computations to fully secure computations, assuming the fraction of honest parties is constant (e.g., \(1\%\) of the parties are honest). Compared to previous transformations that require linear invocations (in the number of parties) of the fair computation, our transformations require super-logarithmic, and sometimes even super-constant, such invocations.
One application of these transformations is a new \(\delta \)-bias coin-flipping protocol, whose round complexity has a super-logarithmic dependency on the number of parties, improving over the protocol of Beimel, Omri, and Orlov (Crypto 2010) that has a linear dependency. A second application is a new fully secure protocol for computing the Boolean OR function, with a super-constant round complexity, improving over the protocol of Gordon and Katz (TCC 2009) whose round complexity is linear in the number of parties.
Finally, we show that our positive results are in a sense optimal, by proving that for some functionalities, a super-constant number of (sequential) invocations of the fair computation is necessary for computing the functionality in a fully secure manner.
R. Cohen—Supported in part by ERC starting grant 638121, Alfred P. Sloan Foundation Award 996698, NEU Cybersecurity and Privacy Institute, and NSF TWC-1664445.
I. Haitner—Member of the Israeli Center of Research Excellence in Algorithms (ICORE) and the Check Point Institute for Information Security. Research supported by ERC starting grant 638121.
E. Omri—Research supported by ISF grants 544/13 and 152/17.
L. Rotem—Supported by the European Union’s Horizon 2020 Framework Program (H2020) via an ERC Grant (Grant No. 714253) and by the Israel Science Foundation (Grant No. 483/13).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
This property is also known as guaranteed output delivery.
- 2.
A \((t+1)\)-out-of-n secret-sharing scheme is error correcting, if the reconstruction algorithm outputs the correct secret even when up to t shares are arbitrarily modified. ECSS schemes are also known as robust secret sharing.
- 3.
Same as security with abort, except that upon a premature abort, all honest parties identify a corrupted party.
- 4.
- 5.
Following [15], by a black-box access to a protocol we mean a black-box usage of a semi-honest MPC protocol computing its next-message function.
- 6.
Private messages should be encrypted before being sent over the broadcast channel.
- 7.
In the with-input setting Sect. 2.1, the adversary also obtains the input values of all honest parties.
- 8.
- 9.
Although non-interactive perfectly binding commitments can be constructed from one-way permutations, in our setting, one-way functions are sufficient. This follows since Naor’s commitments [21] can be made non-interactive in the common random string (CRS) model, and even given a weak CRS (a high min-entropy common string). A high min-entropy string can be constructed by n parties, without assuming an honest majority, using the protocol from [12] that requires \(log^*(n)+O(1)\) rounds.
- 10.
t-full-privacy means that the adversary does not learn any additional information other than what it can learn from \(t+1\) invocations of the ideal functionality, with fixed inputs for the honest parties.
- 11.
A computation has \(\alpha \)-partially identifiable abort [18], if in case the adversary aborts the computation, a subset of parties is identified, such that at least an \(\alpha \)-fraction of the subset is corrupted.
- 12.
By \(\varphi =1/\sqrt{1-2\beta '}+\varOmega (1)\) we mean that for sufficiently large \(\kappa \) it holds that \(\varphi (\kappa )>1/\sqrt{1-2\beta '}\).
References
Alon, B., Omri, E.: Almost-optimally fair multiparty coin-tossing with nearly three-quarters malicious. In: Hirt, M., Smith, A. (eds.) TCC 2016 Part I. LNCS, vol. 9985, pp. 307–335. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53641-4_13
Averbuch, B., Blum, M., Chor, B., Goldwasser, S., Micali, S.: How to implement Bracha’s \({O}(\log n)\) Byzantine agreement algorithm (1985). Unpublished manuscript
Beimel, A., Omri, E., Orlov, I.: Protocols for multiparty coin toss with a dishonest majority. JCRYPTOL 28(3), 551–600 (2015)
Buchbinder, N., Haitner, I., Levi, N., Tsfadia, E.: Fair coin flipping: tighter analysis and the many-party case. In: SODA, pp. 2580–2600 (2017)
Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC, pp. 364–369 (1986)
Cohen, R., Lindell, Y.: Fairness versus guaranteed output delivery in secure multiparty computation. JCRYPTOL 30(4), 1157–1186 (2017)
Cohen, R., Haitner, I., Omri, E., Rotem, L.: Characterization of secure multiparty computation without broadcast. JCRYPTOL 31(2), 587–609 (2018)
Cohen, R., Haitner, I., Omri, E., Rotem, L.: From fairness to full security in multiparty computation. Manuscript (2018)
Feige, U.: Noncryptographic selection protocols. In: FOCS, pp. 142–153 (1999)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229 (1987)
Gordon, S.D., Katz, J.: Complete fairness in multi-party computation without an honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 19–35. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_2
Gradwohl, R., Vadhan, S.P., Zuckerman, D.: Random selection with an adversarial majority. In: CRYPTO 2006, pp. 409–426 (2006)
Haitner, I., Tsfadia, E.: An almost-optimally fair three-party coin-flipping protocol. In: STOC, pp. 817–836 (2014)
Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols - Techniques and Constructions. Information Security and Cryptography. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14303-8
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: STOC, pp. 21–30 (2007)
Ishai, Y., Katz, J., Kushilevitz, E., Lindell, Y., Petrank, E.: On achieving the “best of both worlds” in secure multiparty computation. SICOMP 40(1), 122–141 (2011)
Ishai, Y., Ostrovsky, R., Zikas, V.: Secure multi-party computation with identifiable abort. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014 Part II. LNCS, vol. 8617, pp. 369–386. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_21
Ishai, Y., Kushilevitz, E., Prabhakaran, M., Sahai, A., Yu, C.-H.: Secure protocol transformations. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016 Part II. LNCS, vol. 9815, pp. 430–458. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_15
Makriyannis, N.: On the classification of finite Boolean functions up to fairness. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 135–154. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10879-7_9
Moran, T., Naor, M., Segev, G.: An optimally fair coin toss. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 1–18. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_1
Naor, M.: Bit commitment using pseudorandomness. JCRYPTOL 4(2), 151–158 (1991). Preliminary version in CRYPTO ’89
Pass, R.: Bounded-concurrent secure multi-party computation with a dishonest majority. In: STOC, pp. 232–241 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Cohen, R., Haitner, I., Omri, E., Rotem, L. (2018). From Fairness to Full Security in Multiparty Computation. In: Catalano, D., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2018. Lecture Notes in Computer Science(), vol 11035. Springer, Cham. https://doi.org/10.1007/978-3-319-98113-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-98113-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98112-3
Online ISBN: 978-3-319-98113-0
eBook Packages: Computer ScienceComputer Science (R0)