Computationally Sound Abstraction and Verification of Secure Multi-party Computations (Extended Abstract)

While Dolev-Yao models traditionally comprise only noninteractive cryptographic operations (i.e., cryptographic operations that produce a single message and do not involve any form of communication, such as encryption and digital signatures), recent cryptographic protocols rely on more sophisticated interactive primitives (i.e., cryptographic operations that involve several message exchanges among parties), with unique features that go far beyond the traditional goals of cryptography to solely offer secrecy and authenticity. Secure multi-party computation (SMPC) constitutes arguably the most prominent and most amazing such primitive. Intuitively, in an SMPC, a number of parties P1, . . . , Pn wish to securely compute the value F (d1, . . . , dn), for some well-known public function F , where each party Pi holds a private input di. This multi-party computation is considered secure if it does not divulge any information on the private inputs to other parties; more precisely, no party can learn more from the participation in the SMPC than she could learn purely from the result of the computation already. SMPC provides solutions to various real-life problems such as e-voting, private bidding and auctions, secret sharing etc. The recent advent of efficient general-purpose implementations (e.g., FairplayMP [4]) paves the way for the deployment of SMPC into modern cryptographic protocols. Recently, the effectiveness of SMPC as a building block of large-scale and practical applications has been demonstrated by the sugar-beet double auction that took place in Denmark and that was conducted by a cryptographic protocol [5] based on SMPC and developed within the Secure Information Management and Processing (SIMAP) project. Given the complexity of SMPC and its role as a central building block for larger cryptographic protocols, it is important to develop abstraction techniques to reason about SMPC-based cryptographic protocols and to offer support for the automated verification of their security.