Abstract
In this work we consider information-theoretically secure MPC against an mixed adversary who can corrupt \(t_p\) parties passively, \(t_a\) parties actively, and can make \(t_f\) parties fail-stop. With perfect security, it is known that every function can be computed securely if and only if \(3t_a + 2t_p + t_f < n\), and for statistical security the bound is \(2t_a + 2t_p + t_f < n\).
These results say that for each given set of parameters \((t_a, t_p, t_f)\) respecting the inequality, there exists a protocol secure against this particular choice of corruption thresholds. In this work we consider a dynamic adversary. Here, the goal is a single protocol that is secure, no matter which set of corruption thresholds \((t_a, t_p, t_f)\) from a certain class is chosen by the adversary. A dynamic adversary can choose a corruption strategy after seeing the protocol and so is much stronger than a standard adversary.
Dynamically secure protocols have been considered before for computational security. Also the information theoretic case has been studied, but only considering non-threshold general adversaries, leading to inefficient protocols.
We consider threshold dynamic adversaries and information theoretic security. For statistical security we show that efficient dynamic secure function evaluation (SFE) is possible if and only if \(2t_a + 2t_p + t_f < n\), but any dynamically secure protocol must use \(\varOmega (n)\) rounds, even if only fairness is required. Further, general reactive MPC is possible if we assume in addition that \(2t_a+2t_f \le n\), but fair reactive MPC only requires \(2t_a + 2t_p + t_f < n\).
For perfect security we show that both dynamic SFE and verifiable secret sharing (VSS) are impossible if we only assume \(3t_a + 2t_p + t_f < n\) and remain impossible even if we also assume \(t_f=0\). On the other hand, perfect dynamic SFE with guaranteed output delivery (G.O.D.) is possible when either \(t_p = 0\) or \(t_a = 0\) i.e. if instead we assume \(3t_a+t_f < n\) or \(2t_p +t_f < n\). Further, perfect dynamic VSS with G.O.D. is possible under the additional conditions \(3t_a + 3/2t_f \le n\) or \(2t_p + 2t_f \le n\). These conditions are also sufficient for dynamic perfect reactive MPC.
Work done while Daniel Escudero was at Aarhus University.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In a bit more detail, our construction needs as subprotocol a general non-dynamic SFE protocol \(\pi \), and the complexity we obtain is n times that of \(\pi \). Efficient non-constant round protocol \(\pi \) exists for all functions, so our construction is always efficient if we do not insist on asymptotically tight (but still polynomial) round complexity. However, if \(\pi \) is constant round we obtain O(n) rounds. Such a protocol \(\pi \) exists for all functions but is not always computationally efficient. Of course, it would be nice if our O(n) result could be shown with computational efficiency for all functions, but this would be extremely surprising: if the number of players is constant, it would imply constant-round, information theoretically secure and computationally efficient protocol for all functions. Doing this, even for a constant number of players, has been open for decades and is probably a very hard problem. On the other hand, if the function in question has an efficient non-dynamic constant-round protocol, as many functions do, then we can use that one as subprotocol and get an efficient dynamic O(n)-round protocol.
- 2.
In the case of statistical security, this includes the message that those parties were about to send on the broadcast channel, even if no one is actively or passively corrupted.
- 3.
Observe that there may be false-positives, that is, parties who did not fail to send a message in the actual round, but failed to send the signal bit in the heartbeat round. However, this is acceptable in the protocols we consider in this work.
- 4.
Here, it is implicitly assumed that the function output depends on honest parties’ inputs i.e. it could not have been computed locally by \(\mathcal {A}^\mathsf {stat}\) using corrupt parties’ inputs. Thereby, the argument for fairness can be invoked.
- 5.
This restriction is easily removed by modifying the sharing mechanism to include multiple key-tag pairs.
- 6.
This is a loose bound chosen for simplicity as it suffices for our purpose.
References
Altmann, B., Fitzi, M., Maurer, U.: Byzantine agreement secure against general adversaries in the dual failure model. In: Jayanti, P. (ed.) DISC 1999. LNCS, vol. 1693, pp. 123–139. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48169-9_9
Beerliová-Trubíniová, Z., Fitzi, M., Hirt, M., Maurer, U., Zikas, V.: MPC vs. SFE: perfect security in a unified corruption model. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 231–250. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_14
Ben-Sasson, E., Fehr, S., Ostrovsky, R.: Near-linear unconditionally-secure multiparty computation with a dishonest minority. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 663–680. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_39
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: 20th ACM STOC, Chicago, IL, USA, 2–4 May 1988, pp. 1–10. ACM Press (1998)
Berlekamp, E.R., Welch, L.: Error correction of algebraic block codes. US Patent Number 4,633,470. Accessed Dec 1986
Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: 26th FOCS, Portland, Oregon, 21–23 October 1985, pp. 383–395. IEEE Computer Society Press (1985)
Dolev, D., Dwork, C., Waarts, O., Yung, M.: Perfectly secure message transmission. J. ACM 40(1), 17–47 (1993)
Damgård, I., Escudero, D., Ravi, D.: Information-theoretically secure mpc against mixed dynamic adversaries. Cryptology ePrint Archive, Report 2021/1163 (2021). https://ia.cr/2021/1163
Dwork, C.: Strong verifiable secret sharing (extended abstract). In: 4th International Workshop on Distributed Algorithms, WDAG ’90, Bari, Italy, 24–26 September 1990, Proceedings, pp. 213–227 (1990)
Fitzi, M., Hirt, M., Maurer, U.: Trading correctness for privacy in unconditional multi-party computation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 121–136. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055724
Goyal, V., Song, Y., Zhu, C.: Guaranteed output delivery comes free in honest majority MPC. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 618–646. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_22
Hirt, M., Maurer, U., Lucas, C.: A dynamic tradeoff between active and passive corruptions in secure multi-party computation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 203–219. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_12
Hirt, M., Lucas, C., Maurer, U., Raub, D.: Graceful degradation in multi-party computation (extended abstract). In: Fehr, S. (ed.) ICITS 2011. LNCS, vol. 6673, pp. 163–180. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20728-0_15
Hirt, M., Mularczyk, M.: Efficient MPC with a mixed adversary. IACR Cryptol. ePrint Arch. 2020, 356 (2020)
Hirt, M., Maurer, U., Zikas, V.: MPC vs. SFE : unconditional and computational security. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 1–18. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_1
Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Eidenbenz, S., Triguero, F., Morales, R., Conejo, R., Hennessy, M. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45465-9_22
Patra, A., Ravi, D.: Beyond honest majority: the round complexity of fair and robust multi-party computation. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 456–487. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_17
Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: 21st ACM STOC, Seattle, WA, USA, 15–17 May 1989, pp. 73–85. ACM Press (1989)
Acknowledgments
Divya Ravi was funded by the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC). During his time in Aarhus University, Daniel Escudero was supported by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme under grant agreement No 669255 (MPCPRO).
This paper was prepared for information purposes by the Artificial Intelligence Research group of JPMorgan Chase & Co and its affiliates (“JP Morgan”), and is not a product of the Research Department of JP Morgan. JP Morgan makes no representation and warranty whatsoever and disclaims all liability, for the completeness, accuracy or reliability of the information contained herein. This document is not intended as investment research or investment advice, or a recommendation, offer or solicitation for the purchase or sale of any security, financial instrument, financial product or service, or to be used in any way for evaluating the merits of participating in any transaction, and shall not constitute a solicitation under any jurisdiction or to any person, if such solicitation under such jurisdiction or to such person would be unlawful. 2021 JPMorgan Chase & Co. All rights reserved.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Damgård, I., Escudero, D., Ravi, D. (2021). Information-Theoretically Secure MPC Against Mixed Dynamic Adversaries. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13042. Springer, Cham. https://doi.org/10.1007/978-3-030-90459-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-90459-3_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90458-6
Online ISBN: 978-3-030-90459-3
eBook Packages: Computer ScienceComputer Science (R0)
