Abstract. Secure multi-party computation (MPC) allows a set of n players to securely compute an agreed function, even when up to t players are under the control of an adversary. Known perfectly secure MPC protocols require communication of at least Ω(n 3 ) field elements per multiplication, whereas cryptographic or unconditional security is possible with communication linear in the number of players. We present a perfectly secure MPC protocol communicating O(n) field elements per multiplication. Our protocol provides perfect security against an active, adaptive adversary corrupting t < n/3 players, which is optimal. Thus our protocol improves the security of the most efficient information-theoretically secure protocol at no extra costs, respectively improves the efficiency of perfectly secure MPC protocols by a factor of Ω(n 2 ). To achieve this, we introduce a novel technique -constructing detectable protocols with the help of so-called hyper-invertible matrices, which we believe to be of independent interest. Hyper-invertible matrices allow (among other things) to perform efficient correctness checks of many instances in parallel, which was until now possible only if error-probability was allowed.
Secure multi-party computation (MPC) allows a set of n players to securely compute an agreed function of their inputs, even when up to t players are under the control of an (active or passive) adversary. In the information-theoretic model MPC is possible if and only if t < n/2 (where active security with t ≥ n/3 requires a trusted key setup). Known passive MPC protocols require a communication of O(n 2) field elements per multiplication. Recently, the same communication complexity was achieved for active security with t < n/3. It remained an open question whether O(n 2) complexity is achievable for n/3 ≤ t < n/2. We answer this question in the affirmative by presenting an active MPC protocol that provides optimal (t < n/2) security and communicates only O(n 2) field elements per multiplication. Additionally the protocol broadcasts O(n 3) field elements overall, for the whole computation. The communication complexity of the new protocol is to be compared with the most efficient previously known protocol for the same model, which requires broadcasting Ω(n 5) field elements per multiplication. This substantial reduction in communication is mainly achieved by applying a new technique called dispute control : During the course of the protocol, the players keep track of disputes that arise among them, and the ongoing computation is adjusted such that known disputes cannot arise again. Dispute control is inspired by the player-elimination framework. However, player elimination is not suited for models with t ≥ n/3.
Abstract. Secure multi-party computation (MPC) allows a set of n players to securely compute an agreed function of their inputs, even when up to t players are under the control of an adversary. Known asynchronous MPC protocols require communication of at least Ω(n 3 ) (with cryptographic security), respectively Ω(n 4 ) (with information-theoretic security, but with error probability and non-optimal resilience) field elements per multiplication.We present an asynchronous MPC protocol communicating O(n 3 ) field elements per multiplication. Our protocol provides perfect security against an active, adaptive adversary corrupting t < n/4 players, which is optimal. This communication complexity is to be compared with the most efficient previously known protocol for the same model, which requires Ω(n 5 ) field elements of communication (i.e., Ω(n 3 ) broadcasts). Our protocol is as efficient as the most efficient perfectly secure protocol for the synchronous model and the most efficient asynchronous protocol with cryptographic security.Furthermore, we enhance our MPC protocol for a hybrid model. In the fully asynchronous model, up to t honest players might not be able to provide their input in the computation. In the hybrid model, all players are able to provide their input, given that the very first round of communication is synchronous. We provide an MPC protocol with communicating O(n 3 ) field elements per multiplication, where all players can provide their input if the first communication round turns out to be synchronous, and all but at most t players can provide their input if the communication is fully asynchronous. The protocol does not need to know whether or not the first communication round is synchronous, thus combining the advantages of the synchronous world and the asynchronous world. The proposed MPC protocol is the first protocol with this property.
Multiparty computation (MPC) protocols among n parties secure against t active faults are known to exist if and only if• t < n/2, when the channels are synchronous, and • t < n/3, when the channels are asynchronous, respectively. In this work we analyze the gap between these bounds, and show that in the cryptographic setting (with setup), the sole reason for it is the distribution of inputs: given an oracle for input distribution, cryptographically-secure asynchronous MPC is possible with the very same condition as synchronous MPC, namely t < n/2. We do not know whether the gaps in other security models (perfect, statistical) have the same cause. We stress that all previous asynchronous MPC protocols inherently require t < n/3, even once inputs are distributed. In particular, all published asynchronous multiplication sub-protocols inherently require t < n/3 and cannot be used in our setting.Furthermore, we show that such an input-distribution oracle can be reduced to an oracle that allows each party to synchronously broadcast one single message. This means that when one single round of synchronous broadcast is available, then asynchronous MPC is possible at the same condition as synchronous MPC, namely t < n/2. If such a round cannot be used, then MPC (and even Byzantine agreement) requires t < n/3.
Abstract. Byzantine Agreement (BA) among n players allows the players to agree on a value, even when up to t of the players are faulty.In the broadcast variant of BA, one dedicated player holds a message, and all players shall learn this message. In the consensus variant of BA, every player holds (presumably the same) message, and the players shall agree on this message.BA is the probably most important primitive in distributed protocols, hence its efficiency is of particular importance.BA from scratch, i.e., without a trusted setup, is possible only for t < n/3. In this setting, the known BA protocols are highly efficient (O(n 2 ) bits of communication) and provide information-theoretic security.When a trusted setup is available, then BA is possible for t < n/2 (consensus), respectively for t < n (broadcast). In this setting, only computationally secure BA protocols are reasonably efficient (O(n 3 κ) bits). When information-theoretic security is required, the most efficient known BA protocols require O(n 17 κ) bits of communication per BA, where κ denotes a security parameter. The main reason for this huge communication is that in the information-theoretic world, parts of the setup are consumed with every invocation to BA, and hence the setup must be refreshed. This refresh operation is highly complex and communicationintensive.In this paper we present BA protocols (both broadcast and consensus) with information-theoretic security for t < n/2, communicating O(n 5 κ) bits per BA.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.