TY - JOUR

T1 - Characterization of Secure Multiparty Computation Without Broadcast

AU - Cohen, Ran

AU - Haitner, Iftach

AU - Omri, Eran

AU - Rotem, Lior

N1 - Publisher Copyright:
© 2017, International Association for Cryptologic Research.

PY - 2018/4/1

Y1 - 2018/4/1

N2 - A major challenge in the study of cryptography is characterizing the necessary and sufficient assumptions required to carry out a given cryptographic task. The focus of this work is the necessity of a broadcast channel for securely computing symmetric functionalities (where all the parties receive the same output) when one third of the parties, or more, might be corrupted. Assuming all parties are connected via a point-to-point network, but no broadcast channel (nor a secure setup phase) is available, we prove the following characterization:A symmetric n-party functionality can be securely computed facing n/ 3 ≤ tOpenSPiltSPi n/ 2 corruptions (i.e., honest majority), if and only if it is (n- 2 t) -dominated; a functionality is k-dominated, if anyk-size subset of its input variables can be set to determine its output to some predetermined value.Assuming the existence of one-way functions, a symmetric n-party functionality can be securely computed facing t≥ n/ 2 corruptions (i.e., no honest majority), if and only if it is 1-dominated and can be securely computed with broadcast. It follows that, in case a third of the parties might be corrupted, broadcast is necessary for securely computing non-dominated functionalities (in which “small” subsets of the inputs cannot determine the output), including, as interesting special cases, the Boolean XOR and coin-flipping functionalities.

AB - A major challenge in the study of cryptography is characterizing the necessary and sufficient assumptions required to carry out a given cryptographic task. The focus of this work is the necessity of a broadcast channel for securely computing symmetric functionalities (where all the parties receive the same output) when one third of the parties, or more, might be corrupted. Assuming all parties are connected via a point-to-point network, but no broadcast channel (nor a secure setup phase) is available, we prove the following characterization:A symmetric n-party functionality can be securely computed facing n/ 3 ≤ tOpenSPiltSPi n/ 2 corruptions (i.e., honest majority), if and only if it is (n- 2 t) -dominated; a functionality is k-dominated, if anyk-size subset of its input variables can be set to determine its output to some predetermined value.Assuming the existence of one-way functions, a symmetric n-party functionality can be securely computed facing t≥ n/ 2 corruptions (i.e., no honest majority), if and only if it is 1-dominated and can be securely computed with broadcast. It follows that, in case a third of the parties might be corrupted, broadcast is necessary for securely computing non-dominated functionalities (in which “small” subsets of the inputs cannot determine the output), including, as interesting special cases, the Boolean XOR and coin-flipping functionalities.

KW - Broadcast

KW - Coin flipping

KW - Fairness

KW - Impossibility result

KW - Multiparty computation

KW - Point-to-point communication

UR - http://www.scopus.com/inward/record.url?scp=85029770639&partnerID=8YFLogxK

U2 - 10.1007/s00145-017-9264-x

DO - 10.1007/s00145-017-9264-x

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85029770639

SN - 0933-2790

VL - 31

SP - 587

EP - 609

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 2

ER -