Abstract
Two settings are traditionally considered for secure multiparty computation, depending on whether or not a majority of the parties are assumed to be honest. Existing protocols that assume an honest majority provide "full security" (and, in particular, guarantee output delivery and fairness) when this assumption holds, but are completely insecure if this assumption is violated. On the other hand, known protocols tolerating an arbitrary number of corruptions do not guarantee fairness or output delivery even if only a single party is dishonest. It is natural to wonder whether it is possible to achieve the "best of both worlds": Namely, a single protocol that simultaneously achieves the best possible security in both the above settings. Here, we rule out this possibility (at least for general functionalities) and show some positive results regarding what can be achieved.
Original language | English |
---|---|
Pages (from-to) | 122-141 |
Number of pages | 20 |
Journal | SIAM Journal on Computing |
Volume | 40 |
Issue number | 1 |
DOIs | |
State | Published - 2011 |
Keywords
- Secure computation
- Theory of cryptography