On Necessary Conditions for Secure Distributed Computation

What assumptions are required to achieve an unconditionally secure distributed circuit evaluation in a fully connected network? This question was addressed with respect to the allowed number of malicious players [BGW, CCD, RB], given that every channel is unconditionally secure. In this paper we investigate whether the security of all channels is also a necessary condition. [BGW, CCD] showed how secure computation can be achieved, provided that a constant fraction of the total number of players is honest. An insecure channel can be modeled as faults on both ends of the channel. Thus, as long as the number of such \faulty" players is smaller then the fraction established in [BGW, CCD], the channels can be made insecure. However, an insecure channel seems to be a much weaker fault than a corruption of both players. Thus, can a bigger fraction of insecure channels be tolerated? In this paper we show that this is not the case. That is, we show that in some cases the perfect security of multi-party protocols in a fully connected network requires all the channels to be physically secure. In particular, we show a simple protocol (for three parties) for which if privacy of even one channel is compromised, the protocol can not be computed securely. Thus, we establish that the security of all channels is not only su cient (by the work of [BGW, CCD]), but also necessary . The lower bound holds even if players follow the protocol. That is, we establish our impossibility result even if all the players are honest but curious | if they follow the protocol exactly, but try to extract additional information \on the side". Thus, our result gives a pure security perspective of the impossibility. An additional feature of our result is its extreme simplicity, which is usually hard to come by for the lower bound proofs. AMS(MOS) Subject Classi cation: 68M10, 68P25, 68Q05. MIT Lab. for Computer Science Cambridge, MA 02139. E-mail to: \[email protected]". Part of this work was done while the author was at the IBM Research, T.J. Watson Research Center, Yorktown Heights, NY 10598. IBM Research, T.J. Watson Research Center, Yorktown Heights, NY 10598. E-mail to: \[email protected]".