ETH Zürich » Computer Science » Theory » Cryptography

Publications: Abstract

General Adversaries in Unconditional Multi-Party Computation

Matthias Fitzi and Martin Hirt and Ueli Maurer

We consider a generalized adversary model for unconditionally secure multi-party computation. The adversary can actively corrupt (i.e. take full control over) a subset $\ClassA\subseteq\PS$ of the players, and, additionally}, can passively corrupt (i.e. read the entire information of) another subset $\ClassP\subseteq\PS$ of the players. The adversary is characterized by a generalized adversary structure, i.e. a set of pairs $(\ClassA,\ClassP)$, where he may select one arbitrary pair from the structure and corrupt the players accordingly. This generalizes the classical threshold results of Ben-Or, Goldwasser and Wigderson, Chaum, Crépeau, and Damg{å}rd, and Rabin and Ben-Or, and the non-threshold results of Hirt and Maurer.

The generalizations and improvements on the results of Hirt and Maurer are three-fold: First, we generalize their model by considering mixed (active and passive) non-threshold adversaries and characterize completely the adversary structures for which unconditionally secure multi-party computation is possible, for four different models: Perfect security with and without broadcast, and unconditional security (with negligible error probability) with and without broadcast. All bounds are tight. Second, some of their protocols have complexity super-polynomial in the size of the adversary structure; we reduce the complexity to polynomial. Third, we prove the existence of adversary structures for which no polynomial (in the number of players) protocols exist.

The following two implications illustrate the usefulness of these results: The most powerful adversary that is unconditionally tolerated by previous protocols among three players is the one that passively corrupts one arbitrary player; using our protocols one can unconditionally tolerate an adversary that either passively corrupts the first player, or actively\/} corrupts the second or the third player.

Moreover, in a setting with arbitrarily many cheating players who want to compute an agreed function with the help of a trusted party, we can relax the trust requirement into this helping party: Without support from the cheating players the helping party obtains no information about the honest players' inputs and outputs.

Keywords: General adversaries, mixed model, multi-party computation, unconditional security.