TY - GEN
T1 - Adaptively secure multi-party computation
AU - Canetti, Ran
AU - Feige, Uri
AU - Goldreich, Oded
AU - Naor, Moni
N1 - Publisher Copyright:
© 1996 ACM.
PY - 1996/7/1
Y1 - 1996/7/1
N2 - A fundamental problem in designing secure multi-party protocols is how to deal with adaptive adversaries (i.e., adversaries that may choose the corrupted parties during the course of the computation), in a setting where the channels are insecure and secure communication is achieved by cryptographic primitives based on the computational limitations of the adversary. It turns out that the power of an adaptive adversary is greatly affected by the amount of information gathered upon the corruption of a party. This amount of information models the extent to which uncorrupted parties are trusted to carry out instructions that cannot be externally verified, such as erasing records of past configurations. It has been shown that if the parties are trusted to erase such records, then adaptively secure computation can be carried out using known primitives. However, this total trust in parties may be unrealistic in many scenarios. An important question, open since 1986, is whether adaptively secure multi-party computation can be carried out in the "insecure channel" setting, even if no party is thoroughly trusted. Our main result is an affirmative resolution of this question for the case where even uncorrupted parties may deviate from the protocol by keeping record of all past configurations. We first propose a novel property of encryption protocols and show that if an encryption protocol enjoying this property is used, instead of a standard encryption scheme, then known constructions become adaptively secure. Next we construct, based on the standard RSA assumption, an encryption protocol that enjoys this property.
AB - A fundamental problem in designing secure multi-party protocols is how to deal with adaptive adversaries (i.e., adversaries that may choose the corrupted parties during the course of the computation), in a setting where the channels are insecure and secure communication is achieved by cryptographic primitives based on the computational limitations of the adversary. It turns out that the power of an adaptive adversary is greatly affected by the amount of information gathered upon the corruption of a party. This amount of information models the extent to which uncorrupted parties are trusted to carry out instructions that cannot be externally verified, such as erasing records of past configurations. It has been shown that if the parties are trusted to erase such records, then adaptively secure computation can be carried out using known primitives. However, this total trust in parties may be unrealistic in many scenarios. An important question, open since 1986, is whether adaptively secure multi-party computation can be carried out in the "insecure channel" setting, even if no party is thoroughly trusted. Our main result is an affirmative resolution of this question for the case where even uncorrupted parties may deviate from the protocol by keeping record of all past configurations. We first propose a novel property of encryption protocols and show that if an encryption protocol enjoying this property is used, instead of a standard encryption scheme, then known constructions become adaptively secure. Next we construct, based on the standard RSA assumption, an encryption protocol that enjoys this property.
UR - http://www.scopus.com/inward/record.url?scp=0029723583&partnerID=8YFLogxK
U2 - 10.1145/237814.238015
DO - 10.1145/237814.238015
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:0029723583
T3 - Proceedings of the Annual ACM Symposium on Theory of Computing
SP - 639
EP - 648
BT - Proceedings of the 28th Annual ACM Symposium on Theory of Computing, STOC 1996
PB - Association for Computing Machinery
T2 - 28th Annual ACM Symposium on Theory of Computing, STOC 1996
Y2 - 22 May 1996 through 24 May 1996
ER -