Collusion-Preserving Computation without a Mediator

Michele Ciampi, Yun Lu, Vassilis Zikas

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Collusion-free (CF) and collusion-preserving (CP) protocols enrich the standard security offered by multi-party computation (MPC), to tackle settings where subliminal communication is undesirable. However, all existing solutions make arguably unrealistic assumptions on setups, such as physical presence of the parties, access to physical envelopes, or extreme isolation, where the only means of communication is a star-topology network. The above state of affairs remained a limitation of such protocols, which was even reinforced by impossibility results. Thus, for years, it has been unclear if and how the above setup assumptions could be relaxed towards more realistic scenarios. Motivated also by the increasing interest in using hardware tokens for cryptographic applications, in this work we provide the first solution to collusion preserving computation which uses weaker and more common assumptions than the state of the art, i.e., an authenticated broadcast functionality and access to honestly generated trusted hardware tokens. We prove that our protocol is collusion-preserving (in short, CP) secure as long as no parties abort. In the case of an aborting adversary, our protocol still achieves standard (G)UC security with identifiable (and unanimous) abort. Leveraging the above identifiability property, we augment our protocol with a penalization scheme which ensures that it is not profitable to abort, thereby obtaining CP security against incentive-driven attackers. To define (and prove) this latter result, we combine the Rational Protocol Design (RPD) methodology by Garay et al. [FOCS 2013] with the CP framework of Alwen et al. [CRYPTO 2012] to derive a definition of security in the presence of incentive-driven local adversaries which can be of independent interest. Similar to existing CP/CF solutions, our protocol preserves, as a fallback, security against monolithic adversaries, even when the setup (i.e., the hardware tokens) is compromised or corrupted. In addition, our fallback solution achieves identifiable and unanimous abort, which we prove are impossible in previous CP solutions.

Original languageEnglish
Title of host publication2022 IEEE 35th Computer Security Foundations Symposium, CSF 2022 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages211-226
Number of pages16
ISBN (Electronic)978-1-6654-8417-6
ISBN (Print)978-1-6654-8418-3
DOIs
Publication statusPublished - 31 Oct 2022
Event35th IEEE Computer Security Foundations Symposium, CSF 2022 - Haifa, Israel
Duration: 7 Aug 202210 Aug 2022

Publication series

NameProceedings - IEEE Computer Security Foundations Symposium
Volume2022-August
ISSN (Print)1940-1434

Conference

Conference35th IEEE Computer Security Foundations Symposium, CSF 2022
Country/TerritoryIsrael
CityHaifa
Period7/08/2210/08/22

Fingerprint

Dive into the research topics of 'Collusion-Preserving Computation without a Mediator'. Together they form a unique fingerprint.

Cite this