Incoercible multiparty computation

Ran Canetti*, Rosario Gennaro

*Corresponding author for this work

Research output: Contribution to journalConference articlepeer-review

61 Scopus citations

Abstract

Current secure multiparty protocols have the following deficiency. The public transcript of the communication can be used as an involuntary commitment of the parties to their inputs and outputs. Thus parties can be later coerced by some authority to reveal their private data. Previous work that has pointed this interesting problem out contained only partial treatment. In this work we present the first general treatment of the coercion problem in secure computation. First we present a general definition of protocols that provide resilience to coercion. Our definition constitutes a natural extension of the general paradigm used for defining secure multiparty protocols. Next we show that if trapdoor permutations exist then any function can be incoercibly computed (i.e., computed by a protocol that provides resilience to coercion) in the presence of computationally bounded adversaries and only public communication channels. This holds as long as less than half the parties are coerced (or corrupted). In particular, ours are the first incoercible protocols without physical security assumptions. Also, our protocols constitute an alternative solution to the recently solved adaptive security problem. Our techniques are quite surprising and include non-standard use of deniable encryptions.

Original languageEnglish
Pages (from-to)504-513
Number of pages10
JournalAnnual Symposium on Foundations of Computer Science - Proceedings
StatePublished - 1996
Externally publishedYes
EventProceedings of the 1996 37th Annual Symposium on Foundations of Computer Science - Burlington, VT, USA
Duration: 14 Oct 199616 Oct 1996

Fingerprint

Dive into the research topics of 'Incoercible multiparty computation'. Together they form a unique fingerprint.

Cite this