Secure Computation with Partial Message Loss

Abstract: Abstract. Existing communication models for multiparty computation (MPC) either assume that all messages are delivered eventually or any message can be lost. Under the former assumption, MPC protocols guaranteeing output delivery are known. However, this assumption may not hold in some network settings like the Internet where messages can be lost due to denial of service attack or heavy network congestion. On the other hand, the latter assumption may be too conservative. Known MPC protocols developed under thi… Show more

“…In fact our impossibility result is inherent in any setting where we have a threshold adversary with active (or even just passive) and receive-omission corruption, simultaneously. In particular it also applies to the (nonadaptive) case of active and full-omission corruption [Koo06]. 8 The idea is the following: the adversary might, with non-zero probability, corrupt the player p i who is the first (or among the first) to get the output, e.g., by randomly choosing whom to corrupt.…”

“…A source of difficulties in designing protocols tolerating both active cheaters and omissions is that a player p j who receives ⊥ when expecting a message from a player p i cannot decide whether p i is send-omission or actively corrupted, or himself (i.e., p j ) is receive-omission corrupted. In [Koo06] the following straight-forward approach was taken in order to overcome this difficulty in the context of p i sharing a secret: Every player complains when he received no share from the dealer p i . If more players complain than the number of potentially corrupted players, p i is disqualified.…”

“…Our results can be trivially used to obtain sufficient bounds for MPC and SFE in the presence of an adversary who can full-omission corrupt up to t ω players and, simultaneously, actively corrupted t a players (as in [Koo06]). Indeed, by setting t σ = t ρ = t ω in our MPC protocols, we get a protocol which perfectly (t a , t ω )-securely realized any function when 3t a + 2t ω < n. Note that this bound is strictly better than the bound 3t a + 4t ω < n which was proved sufficient in [Koo06].…”

“…only incoming) messages of the corrupted player, but without seeing the messages (this is consistent with the existent omission-corruption literature). Note that a player who is omission corrupted according to the definitions of [PT86,Ray02,PR03,Koo06] can be thought of as a player who is both send-and receive-omission corrupted at the same time; for clarity we refer to this type of corruption as full-omission corruption.…”

“…In[Koo06], omission corrupted players are called constrained and actively corrupted are called corrupted.…”

Realistic Failures in Secure Multi-party Computation

“…In fact our impossibility result is inherent in any setting where we have a threshold adversary with active (or even just passive) and receive-omission corruption, simultaneously. In particular it also applies to the (nonadaptive) case of active and full-omission corruption [Koo06]. 8 The idea is the following: the adversary might, with non-zero probability, corrupt the player p i who is the first (or among the first) to get the output, e.g., by randomly choosing whom to corrupt.…”

“…A source of difficulties in designing protocols tolerating both active cheaters and omissions is that a player p j who receives ⊥ when expecting a message from a player p i cannot decide whether p i is send-omission or actively corrupted, or himself (i.e., p j ) is receive-omission corrupted. In [Koo06] the following straight-forward approach was taken in order to overcome this difficulty in the context of p i sharing a secret: Every player complains when he received no share from the dealer p i . If more players complain than the number of potentially corrupted players, p i is disqualified.…”

“…Our results can be trivially used to obtain sufficient bounds for MPC and SFE in the presence of an adversary who can full-omission corrupt up to t ω players and, simultaneously, actively corrupted t a players (as in [Koo06]). Indeed, by setting t σ = t ρ = t ω in our MPC protocols, we get a protocol which perfectly (t a , t ω )-securely realized any function when 3t a + 2t ω < n. Note that this bound is strictly better than the bound 3t a + 4t ω < n which was proved sufficient in [Koo06].…”

“…only incoming) messages of the corrupted player, but without seeing the messages (this is consistent with the existent omission-corruption literature). Note that a player who is omission corrupted according to the definitions of [PT86,Ray02,PR03,Koo06] can be thought of as a player who is both send-and receive-omission corrupted at the same time; for clarity we refer to this type of corruption as full-omission corruption.…”

“…In[Koo06], omission corrupted players are called constrained and actively corrupted are called corrupted.…”

Realistic Failures in Secure Multi-party Computation

MPC with Friends and Foes

Generalized Pseudorandom Secret Sharing and Efficient Straggler-Resilient Secure Computation