Secure Computation without Agreement

نویسندگان

  • Shafi Goldwasser
  • Yehuda Lindell
چکیده

It has recently been shown that executions of authenticated Byzantine Agreement protocols in which more than a third of the parties are corrupted, cannot be composed concurrently, in parallel, or even sequentially (where the latter is true for deterministic protocols). This result puts into question any usage of authenticated Byzantine agreement in a setting where many executions take place. In particular, this is true for the whole body of work of secure multi-party protocols in the case that 1/3 or more of the parties are corrupted. Such protocols strongly rely on the extensive use of a broadcast channel, which is in turn realized using authenticated Byzantine Agreement. Essentially, this use of Byzantine Agreement cannot be eliminated since the standard definition of secure computation (for the case that less than 1/2 of the parties are corrupted) actually implies Byzantine Agreement. Moreover, it was accepted folklore that the use of a broadcast channel is essential for achieving secure multiparty computation, when 1/3 or more of the parties are corrupted. In this paper we show that this folklore is false. We mildly relax the definition of secure computation allowing abort, and show how this definition can be reached. The difference between our definition and previous ones is as follows. Previously, if one honest party aborted then it was required that all other honest parties also abort. Thus, the parties agree on whether or not the protocol execution terminated successfully or not. In our new definition, it is possible that some parties abort while others receive output. Thus, there is no agreement regarding the success of the protocol execution. We stress that in all other aspects, our definition remains the same. In particular, if an output is received it is guaranteed to have been computed correctly. The novelty of the new definition is in decoupling the issue of agreement from the central security issues of privacy and correctness in secure computation. As a result the lower bounds of Byzantine Agreement no longer apply to secure computation. Indeed, we prove that secure multi-party computation can be achieved for any number of corrupted parties and without a broadcast channel (or trusted preprocessing phase as required for running authenticated Byzantine Agreement). An important corollary of our result is the ability to obtain multi-party protocols that compose. A full version of this paper can be found on the IACR Cryptology ePrint Archive, Report 2002/040, http://eprint.iacr.org D. Malkhi (Ed.): DISC 2002, LNCS 2508, pp. 17–32, 2002. c © Springer-Verlag Berlin Heidelberg 2002 18 S. Goldwasser and Y. Lindell

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On the Security of an Efficient Group Key Agreement Scheme for MANETs

Yang et al. have proposed an efficient group key agreement scheme for Mobile Adhoc Networks. The scheme is efficient as only one bilinear computation is required for group members to obtain the session key. The scheme is analyzed for security without random oracle model. However, we prove that their scheme is not secure. In particular, we show that any passive adversary (or non-group member) ca...

متن کامل

Secure Smart Card Based Password Authentication Scheme with User Anonymity

Recently, a smart card based authentication and key agreement scheme preserving the user anonymity was proposed by Wang, Juang and Lei, that is designed to provide users with secure activities in ubiquitous computing environments. The authors proved that their scheme delivers important security properties and functionalities, such as without maintaining password/verification tables, freedom on ...

متن کامل

A Secure Password-Based Remote User Authentication Scheme without Smart Cards

There are many remote user authentication schemes proposed in literature for preventing unauthorized parties from accessing resources in an insecure environment. Due to inherent tamper-resistance, most of them are based on smart card authentication schemes. Unfortunately, the cost of cards and readers makes these schemes costly. In the real world, common storage devices, such as universal seria...

متن کامل

A new two-round certificateless authenticated key agreement protocol without bilinear pairings

Certificateless public key cryptography (CLPKC), which can simplify the complex certificate management in the traditional public key cryptography and resolve the key escrow problem in identity-based cryptography, has been widely studied. As an important part of CLPKC, certificateless two-party authenticated key agreement (CTAKA) protocols have also received considerable attention. Recently, man...

متن کامل

A Bound for Multiparty Secret Key Agreement and Implications for a Problem of Secure Computing

We consider secret key agreement by multiple parties observing correlated data and communicating interactively over an insecure communication channel. Our main contribution is a single-shot upper bound on the length of the secret keys that can be generated, without making any assumptions on the distribution of the underlying data. Heuristically, we bound the secret key length in terms of “how f...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2002  شماره 

صفحات  -

تاریخ انتشار 2002