A fundamental result in secure multiparty computation (MPC) is that in order to achieve full security, it is necessary that a majority of the parties behave honestly. There are settings, however, where the condition of an honest majority might be overly restrictive, and there is a need to define and investigate other plausible adversarial models in order to circumvent the above impossibility.
To this end, we introduce the
for MPC, where some small subset of servers is guaranteed to be honest at the beginning of the computation (the
), while the corruption state of the other servers (the
) is unknown. The two-tier model naturally arises in various settings, such as for example when a service provider wishes to utilize a large pre-existing set of servers, while being able to trust only a small fraction of them.
The first tier is responsible for performing the secure computation while the second tier serves as a disguise: using novel anonymization techniques, servers in the first tier remain undetected to an adaptive adversary, preventing a targeted attack on these critical servers. Specifically, given
servers and assuming
of them are corrupt at the onset (where
∈ (0,1)), we present an MPC protocol that can withstand an optimal amount of less than (1 −
adaptive corruptions, provided the first tier is of size
). This allows us to perform MPC in a fully secure manner even when the total number of corruptions exceeds
/2 across both tiers, thus evading the honest majority requirement.