MPC vs. SFE: Perfect Security in a Unified Corruption Model

Beerliová-Trubíniová, Zuzana; Fitzi, Matthias; Hirt, Martin; Maurer, Ueli; Zikas, Vassilis

doi:10.1007/978-3-540-78524-8_14

Cited by 15 publications

(7 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is the most natural way of defining PCBA in the mixed active/passive model and it is consistent with the past literature on secure distributed computation tolerating a mixed adversary, e.g. [14,22,24,5,23], as well as the literature tolerating passive corruption only (semihonest model), e.g., [30,19,7].…”

Section: Definition and Reductionssupporting

confidence: 54%

“…The high-level idea is the following: first, in a distribution phase, the sender p sends his input and his signature on it to every player; in a second phase, all the players run a protocol to establish a consistent view on the sender's value. Although this sounds similar to the standard approach for constructing a Broadcast protocol [8,1] (i.e., first have p multi-send his input and then invoke Consensus), our second phase cannot be realized by a Consensus protocol as the condition C (5) PCBA (P, Z, {p}) is weaker than C c/s PCBA (P, Z, P) which is necessary for Consensus. Nevertheless, to realize the second phase we use an approach which is inspired by the methodology of [8] for achieving Consensus.…”

Section: Pcba({p}) (Broadcast With Sender P)mentioning

confidence: 91%

“…This trick makes sure that, when no player receives a signature from p then every p i sets α i := 1 and hence any value is acceptable as p's signature on any bit. As syntactic sugar we say that some value σ is a (p, p i )-acceptable signature on x if p i ∈ P accepts σ as p's signature on x (i.e, σ is valid or α i = 1); for a player set C we say that σ is a (p, C)-acceptable signature on x if for every p i ∈ C the value σ is a (p, p i )-acceptable signature on x 5 .…”

Section: Pcba({p}) (Broadcast With Sender P)mentioning

confidence: 99%

“…However, these works consider the model without a setup and their impossibility results are only for Consensus. We point out that, in that model, adding passive corruption makes no difference for Consensus [5]. Feasibility of BA with active and passive corruption (and a trusted PKI) was previously studied in [21] for Consensus, and in [20] for Consensus and Broadcast.…”

Section: Introductionmentioning

confidence: 95%

See 3 more Smart Citations

Player-Centric Byzantine Agreement

Hirt

Zikas

2011

Automata, Languages and Programming

Self Cite

View full text Add to dashboard Cite

Abstract. Most of the existing feasibility results on Byzantine Agreement (BA) are of an all-or-nothing fashion: in Broadcast they address the question whether or not there exists a protocol which allows any player to broadcast his input. Similarly, in Consensus the question is whether or not consensus can be reached which respects pre-agreement on the inputs of all correct players. In this work, we introduce the natural notion of player-centric BA which is a class of BA primitives, denoted as PCBA = {PCBA(C)} C⊆P , parametrized by subsets C of the player set. For each primitive PCBA(C) ∈ PCBA the validity is defined on the input(s) of the players in C. Broadcast (with sender p) and Consensus are special (extreme) cases of PCBA primitives for C = {p} and C = P, respectively.We study feasibility of PCBA in the presence of a general (aka non-threshold) mixed (active/passive) adversary, and give a complete characterization for perfect, statistical, and computational security. Our results expose an asymmetry of Broadcast which has, so far, been neglected in the literature: there exist non-trivial adversaries which can be tolerated for Broadcast with sender some pi ∈ P but not for some other pj ∈ P being the sender. Finally, we extend the definition of PCBA by adding fail corruption to the adversary's capabilities, and give exact feasibility bounds for computationally secure PCBA(P) (aka Consensus) in this setting. This answers an open problem from ASIACRYPT 2008 concerning feasibility of computationally secure multi-party computation in this model.

show abstract

Section: Definition and Reductionssupporting

confidence: 54%

Section: Pcba({p}) (Broadcast With Sender P)mentioning

confidence: 91%

Section: Pcba({p}) (Broadcast With Sender P)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 95%

See 2 more Smart Citations

Player-Centric Byzantine Agreement

Hirt

Zikas

2011

Automata, Languages and Programming

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this paper, we will only consider threshold adversaries. More general adversarial models have also been studied, both in terms of a more general specification of the parties the adversary can corrupt by Hirt and Maurer [10] and considering a mix active and passive adversarial corruptions by Beerliová-Trubíniová et al [2].…”

Section: Introductionmentioning

confidence: 99%

A Zero-One Law for Secure Multi-party Computation with Ternary Outputs

Kreitz

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. There are protocols to privately evaluate any function in the passive (honest-but-curious) setting assuming that the honest nodes are in majority. For some specific functions, protocols are known which remain secure even without an honest majority. The seminal work by Chor and Kushilevitz [7] gave a complete characterization of Boolean functions, showing that each Boolean function either requires an honest majority, or is such that it can be privately evaluated regardless of the number of colluding nodes. The problem of discovering the threshold for secure evaluation of more general functions remains an open problem. Towards a resolution, we provide a complete characterization of the security threshold for functions with three different outputs. Surprisingly, the zero-one law for Boolean functions extends to Z3, meaning that each function with range Z3 either requires honest majority or tolerates up to n colluding nodes.

show abstract

Beyond Honest Majority: The Round Complexity of Fair and Robust Multi-party Computation

Patra

Ravi

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

MPC vs. SFE: Perfect Security in a Unified Corruption Model

Cited by 15 publications

References 24 publications

Player-Centric Byzantine Agreement

Player-Centric Byzantine Agreement

A Zero-One Law for Secure Multi-party Computation with Ternary Outputs

Beyond Honest Majority: The Round Complexity of Fair and Robust Multi-party Computation

Contact Info

Product

Resources

About