2006 | OriginalPaper | Chapter
On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation
Authors : Yuval Ishai, Eyal Kushilevitz, Yehuda Lindell, Erez Petrank
Published in: Advances in Cryptology - CRYPTO 2006
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
In the setting of multiparty computation, a set of parties wish to jointly compute a function of their inputs, while preserving security in the case that some subset of them are corrupted. The typical security properties considered are privacy, correctness, independence of inputs, guaranteed output delivery and fairness. Until now, all works in this area either considered the case that the corrupted subset of parties constitutes a strict minority, or the case that a half or more of the parties are corrupted. Secure protocols for the case of an honest majority achieve full security and thus output delivery and fairness are guaranteed. However, the security of these protocols is
completely compromised
if there is no honest majority. In contrast, protocols for the case of no honest majority do not guarantee output delivery, but do provide privacy, correctness and independence of inputs for
any number
of corrupted parties. Unfortunately, an adversary controlling only
a single party
can disrupt the computation of these protocols and prevent output delivery.
In this paper, we study the possibility of obtaining general protocols for multiparty computation that
simultaneously
guarantee security (allowing abort) in the case that an arbitrary number of parties are corrupted
and
full security (including guaranteed output delivery) in the case that only a minority of the parties are corrupted. That is, we wish to obtain the best of both worlds in a single protocol, depending on the corruption case. We obtain both positive and negative results on this question, depending on the type of the functionality to be computed (standard or reactive) and the type of dishonest majority (semi-honest or malicious).