Trading Correctness for Privacy in Unconditional Multi-Party Computation Corrected Version
نویسندگان
چکیده
This paper improves on the classical results in unconditionally secure multi-party computation among a set of n players, by considering a model with three simultaneously occurring types of player corruption: the adversary can actively corrupt (i.e. take full control over) up to ta players and, additionally, can passively corrupt (i.e. read the entire information of) up to tp players and fail-corrupt (i.e. stop the computation of) up to tf other players. The classical results in multi-party computation are for the special cases of only passive (ta = tf = 0) or only active (tp = tf = 0) corruption. In the passive case, every function can be computed securely if and only if tp < n/2. In the active case, every function can be computed securely if and only if ta < n/3; when a broadcast channel is available, then this bound is ta < n/2. These bounds are tight. Strictly improving these results, one of our results states that, in addition to tolerating ta < n/3 actively corrupted players, privacy can be guaranteed against every minority, thus tolerating additional tp ≤ n/6 passively corrupted players. These protocols require no broadcast and have an exponentially small failure probability. We further show that the bound t < n/2 for passive corruption holds even if the adversary is additionally allowed to make the passively corrupted players fail. Moreover, we characterize completely the achievable thresholds ta, tp and tf for four scenarios. Zero failure probability is achievable if and only if 3ta + 2tp + tf < n; this holds whether or not a broadcast channel is available. Exponentially small failure probability with a broadcast channel is achievable if and only if 2ta +2tp + tf < n; without broadcast, the additional condition 3ta + tf < n is necessary and sufficient. In this corrected version, an error pointed out by Damg̊ard [Dam99] is
منابع مشابه
Trading Correctness for Privacy in Unconditional Multi-Party Computation
This paper improves on the classical results in unconditionally secure multi-party computation among a set of n players, by considering a model with three simultaneously occurring types of player corruption: the adversary can actively corrupt (i.e. take full control over) up to ta players and, additionally, can passively corrupt (i.e. read the entire information of) up to tp players and fail-co...
متن کامل(Unconditional) Secure Multiparty Computation with Man-in-the-middle Attacks
In secure multi-party computation n parties jointly evaluate an n-variate function f in the presence of an adversary which can corrupt up till t parties. All honest parties are required to receive their correct output values, irrespective of how the corrupted parties under the control of the adversary behave. The adversary should not be able to learn anything more about the input values of the ...
متن کاملTrading Correctness for Privacy in Unconditional Multi-Party Computation (Extended Abstract)
This paper improves on the classical results in unconditionally secure multi-party computation among a set of n players, by considering a model with three simultaneously occurring types of player corruption: the adversary can actively corrupt (i.e. take full control over) up to ta players and, additionally, can passively corrupt (i.e. read the entire information of) up to tp players and fail-co...
متن کاملOn Correctness and Privacy in Distributed Mechanisms
Mechanisms that aggregate the possibly conflicting preferences of individual agents are studied extensively in economics, operations research, and lately computer science. Perhaps surprisingly, the classic literature assumes participating agents to act selfishly, possibly untruthfully, if it is to their advantage, whereas the mechanism center is usually assumed to be honest and trustworthy. We ...
متن کاملEnigma: Decentralized Computation Platform with Guaranteed Privacy
A peer-to-peer network, enabling different parties to jointly store and run computations on data while keeping the data completely private. Enigma’s computational model is based on a highly optimized version of secure multi-party computation, guaranteed by a verifiable secret-sharing scheme. For storage, we use a modified distributed hashtable for holding secret-shared data. An external blockch...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998