On achieving the "best of both worlds" in secure multiparty computation

Yuval Ishai; Jonathan Katz; Eyal Kushilevitz; Yehuda Lindell; Erez Petrank

doi:10.1137/100783224

On achieving the "best of both worlds" in secure multiparty computation

Yuval Ishai, Jonathan Katz, Eyal Kushilevitz, Yehuda Lindell, Erez Petrank

Computer Science

Research output: Contribution to journal › Article › peer-review

24 Scopus citations

Abstract

Two settings are traditionally considered for secure multiparty computation, depending on whether or not a majority of the parties are assumed to be honest. Existing protocols that assume an honest majority provide "full security" (and, in particular, guarantee output delivery and fairness) when this assumption holds, but are completely insecure if this assumption is violated. On the other hand, known protocols tolerating an arbitrary number of corruptions do not guarantee fairness or output delivery even if only a single party is dishonest. It is natural to wonder whether it is possible to achieve the "best of both worlds": Namely, a single protocol that simultaneously achieves the best possible security in both the above settings. Here, we rule out this possibility (at least for general functionalities) and show some positive results regarding what can be achieved.

Original language	English
Pages (from-to)	122-141
Number of pages	20
Journal	SIAM Journal on Computing
Volume	40
Issue number	1
DOIs	https://doi.org/10.1137/100783224
State	Published - 2011

Keywords

Secure computation
Theory of cryptography

ASJC Scopus subject areas

General Computer Science
General Mathematics

Access to Document

10.1137/100783224

Cite this

@article{408df3b6fbb94cf698ff1e398991709c,

title = "On achieving the {"}best of both worlds{"} in secure multiparty computation",

abstract = "Two settings are traditionally considered for secure multiparty computation, depending on whether or not a majority of the parties are assumed to be honest. Existing protocols that assume an honest majority provide {"}full security{"} (and, in particular, guarantee output delivery and fairness) when this assumption holds, but are completely insecure if this assumption is violated. On the other hand, known protocols tolerating an arbitrary number of corruptions do not guarantee fairness or output delivery even if only a single party is dishonest. It is natural to wonder whether it is possible to achieve the {"}best of both worlds{"}: Namely, a single protocol that simultaneously achieves the best possible security in both the above settings. Here, we rule out this possibility (at least for general functionalities) and show some positive results regarding what can be achieved.",

keywords = "Secure computation, Theory of cryptography",

author = "Yuval Ishai and Jonathan Katz and Eyal Kushilevitz and Yehuda Lindell and Erez Petrank",

year = "2011",

doi = "10.1137/100783224",

language = "אנגלית",

volume = "40",

pages = "122--141",

number = "1",

}

TY - JOUR

T1 - On achieving the "best of both worlds" in secure multiparty computation

AU - Ishai, Yuval

AU - Katz, Jonathan

AU - Kushilevitz, Eyal

AU - Lindell, Yehuda

AU - Petrank, Erez

PY - 2011

Y1 - 2011

N2 - Two settings are traditionally considered for secure multiparty computation, depending on whether or not a majority of the parties are assumed to be honest. Existing protocols that assume an honest majority provide "full security" (and, in particular, guarantee output delivery and fairness) when this assumption holds, but are completely insecure if this assumption is violated. On the other hand, known protocols tolerating an arbitrary number of corruptions do not guarantee fairness or output delivery even if only a single party is dishonest. It is natural to wonder whether it is possible to achieve the "best of both worlds": Namely, a single protocol that simultaneously achieves the best possible security in both the above settings. Here, we rule out this possibility (at least for general functionalities) and show some positive results regarding what can be achieved.

AB - Two settings are traditionally considered for secure multiparty computation, depending on whether or not a majority of the parties are assumed to be honest. Existing protocols that assume an honest majority provide "full security" (and, in particular, guarantee output delivery and fairness) when this assumption holds, but are completely insecure if this assumption is violated. On the other hand, known protocols tolerating an arbitrary number of corruptions do not guarantee fairness or output delivery even if only a single party is dishonest. It is natural to wonder whether it is possible to achieve the "best of both worlds": Namely, a single protocol that simultaneously achieves the best possible security in both the above settings. Here, we rule out this possibility (at least for general functionalities) and show some positive results regarding what can be achieved.

KW - Secure computation

KW - Theory of cryptography

UR - http://www.scopus.com/inward/record.url?scp=79952946379&partnerID=8YFLogxK

U2 - 10.1137/100783224

DO - 10.1137/100783224

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:79952946379

SN - 0097-5397

VL - 40

SP - 122

EP - 141

JO - SIAM Journal on Computing

JF - SIAM Journal on Computing

IS - 1

ER -

On achieving the "best of both worlds" in secure multiparty computation

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this