TY - JOUR
T1 - Secure computation without authentication
AU - Barak, Boaz
AU - Canetti, Ran
AU - Lindell, Yehuda
AU - Pass, Rafael
AU - Rabin, Tal
N1 - Funding Information:
Work partially carried out while at IBM T.J. Watson, and partially supported by an Akamai Presidential Fellowship.
PY - 2011/10
Y1 - 2011/10
N2 - Research on secure multiparty computation has mainly concentrated on the case where the parties can authenticate each other and the communication between them. This work addresses the question of what security can be guaranteed when authentication is not available. We consider a completely unauthenticated setting, where all messages sent by the parties may be tampered with and modified by the adversary without the uncorrupted parties being able to detect this fact. In this model, it is not possible to achieve the same level of security as in the authenticated-channel setting. Nevertheless, we show that meaningful security guarantees can be provided: Essentially, all the adversary can do is to partition the network into disjoint sets, where in each set the computation is secure in of itself, and also independent of the computation in the other sets. In this setting we provide, for the first time, nontrivial security guarantees in a model with no setup assumptions whatsoever. We also obtain similar results while guaranteeing universal composability, in some variants of the common reference string model. Finally, our protocols can be used to provide conceptually simple and unified solutions to a number of problems that were studied separately in the past, including password-based authenticated key exchange and nonmalleable commitments. As an application of our results, we study the question of constructing secure protocols in partially authenticated networks, where some of the links are authenticated, and some are not (as is the case in most networks today).
AB - Research on secure multiparty computation has mainly concentrated on the case where the parties can authenticate each other and the communication between them. This work addresses the question of what security can be guaranteed when authentication is not available. We consider a completely unauthenticated setting, where all messages sent by the parties may be tampered with and modified by the adversary without the uncorrupted parties being able to detect this fact. In this model, it is not possible to achieve the same level of security as in the authenticated-channel setting. Nevertheless, we show that meaningful security guarantees can be provided: Essentially, all the adversary can do is to partition the network into disjoint sets, where in each set the computation is secure in of itself, and also independent of the computation in the other sets. In this setting we provide, for the first time, nontrivial security guarantees in a model with no setup assumptions whatsoever. We also obtain similar results while guaranteeing universal composability, in some variants of the common reference string model. Finally, our protocols can be used to provide conceptually simple and unified solutions to a number of problems that were studied separately in the past, including password-based authenticated key exchange and nonmalleable commitments. As an application of our results, we study the question of constructing secure protocols in partially authenticated networks, where some of the links are authenticated, and some are not (as is the case in most networks today).
KW - Man-in-the-middle attacks
KW - Multiparty computations
KW - Partially-authenticated networks
KW - Password authentication
KW - Unauthenticated channels
KW - Universal composability (UC)
UR - http://www.scopus.com/inward/record.url?scp=80053053264&partnerID=8YFLogxK
U2 - 10.1007/s00145-010-9075-9
DO - 10.1007/s00145-010-9075-9
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:80053053264
SN - 0933-2790
VL - 24
SP - 720
EP - 760
JO - Journal of Cryptology
JF - Journal of Cryptology
IS - 4
ER -