MPC with Synchronous Security and Asynchronous Responsiveness

Chen-Da Liu Zhang, Julian Loss, Ueli Maurer, Tal Moran, and Daniel Tschudi

Advances in Cryptology—ASIACRYPT 2020, Dec 2020.

Two paradigms for secure MPC are synchronous and asynchronous protocols, which provide substantially different guarantees. While synchronous protocols tolerate more corruptions and allow every party to give its input, they are very slow because the speed depends on the conservatively assumed worst-case delay $Δ$ of the network. In contrast, asynchronous protocols allow parties to obtain output as fast as the actual network allows, a property called responsiveness, but unavoidably have lower resilience and parties with slow network connections cannot give input.

It is natural to wonder whether it is possible to achieve a single MPC protocol that has the advantages of both paradigms: full security with responsiveness up to $t$ corruptions, and extended security (full security or security with unanimous abort) with no responsiveness up to $T \geq t$ corruptions. We completely settle the question by providing matching feasibility and impossibility results:

-For the case of unanimous abort as extended security, there is an MPC protocol if and only if $T + 2 t < n$ .

-For the case of full security as extended security, there is an MPC protocol if and only if $T < \frac{n}{2}$ and $T + 2 t < n$ . In particular, setting $t = \frac{n}{4}$ allows to achieve a fully secure MPC for honest majority, which in addition benefits from having substantial responsiveness.

BibTeX Citation

@inproceedings{LLMMT20,
    author       = {Chen-Da Liu Zhang and Julian Loss and Ueli Maurer and Tal Moran and Daniel Tschudi},
    title        = {MPC with Synchronous Security and Asynchronous Responsiveness},
    booktitle    = {Advances in Cryptology---ASIACRYPT 2020},
    year         = {2020},
    month        = {12},
}