TY - GEN
T1 - On combining privacy with guaranteed output delivery in secure multiparty computation
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
AU - Lindell, Yehuda
AU - Petrank, Erez
PY - 2006
Y1 - 2006
N2 - In the setting of multiparty computation, a set of parties wish to jointly compute a function of their inputs, while preserving security in the case that some subset of them are corrupted. The typical security properties considered are privacy, correctness, independence of inputs, guaranteed output delivery and fairness. Until now, all works in this area either considered the case that the corrupted subset of parties constitutes a strict minority, or the case that a half or more of the parties are corrupted. Secure protocols for the case of an honest majority achieve full security and thus output delivery and fairness are guaranteed. However, the security of these protocols is completely compromised if there is no honest majority. In contrast, protocols for the case of no honest majority do not guarantee output delivery, but do provide privacy, correctness and independence of inputs for any number of corrupted parties. Unfortunately, an adversary controlling only a single party can disrupt the computation of these protocols and prevent output delivery. In this paper, we study the possibility of obtaining general protocols for multiparty computation that simultaneously guarantee security (allowing abort) in the case that an arbitrary number of parties are corrupted and full security (including guaranteed output delivery) in the case that only a minority of the parties are corrupted. That is, we wish to obtain the best of both worlds in a single protocol, depending on the corruption case. We obtain both positive and negative results on this question, depending on the type of the functionality to be computed (standard or reactive) and the type of dishonest majority (semi-honest or malicious).
AB - In the setting of multiparty computation, a set of parties wish to jointly compute a function of their inputs, while preserving security in the case that some subset of them are corrupted. The typical security properties considered are privacy, correctness, independence of inputs, guaranteed output delivery and fairness. Until now, all works in this area either considered the case that the corrupted subset of parties constitutes a strict minority, or the case that a half or more of the parties are corrupted. Secure protocols for the case of an honest majority achieve full security and thus output delivery and fairness are guaranteed. However, the security of these protocols is completely compromised if there is no honest majority. In contrast, protocols for the case of no honest majority do not guarantee output delivery, but do provide privacy, correctness and independence of inputs for any number of corrupted parties. Unfortunately, an adversary controlling only a single party can disrupt the computation of these protocols and prevent output delivery. In this paper, we study the possibility of obtaining general protocols for multiparty computation that simultaneously guarantee security (allowing abort) in the case that an arbitrary number of parties are corrupted and full security (including guaranteed output delivery) in the case that only a minority of the parties are corrupted. That is, we wish to obtain the best of both worlds in a single protocol, depending on the corruption case. We obtain both positive and negative results on this question, depending on the type of the functionality to be computed (standard or reactive) and the type of dishonest majority (semi-honest or malicious).
UR - http://www.scopus.com/inward/record.url?scp=33749547215&partnerID=8YFLogxK
U2 - 10.1007/11818175_29
DO - 10.1007/11818175_29
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:33749547215
SN - 3540374329
SN - 9783540374329
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 483
EP - 500
BT - Advances in Cryptology - CRYPTO 2006 - 26th Annual International Cryptology Conference, Proceedings
PB - Springer Verlag
T2 - 26th Annual International Cryptology Conference, CRYPTO 2006
Y2 - 20 August 2006 through 24 August 2006
ER -