TY - GEN
T1 - MPC vs. SFE
T2 - 14th International Conference on the Theory and Application of Cryptology and Information Security
AU - Hirt, Martin
AU - Maurer, Ueli
AU - Zikas, Vassilis
PY - 2008/12/1
Y1 - 2008/12/1
N2 - In secure computation among a set of players one considers an adversary who can corrupt certain players. The three usually considered types of corruption are active, passive, and fail corruption. The adversary's corruption power is characterized by a so-called adversary structure which enumerates the adversary's corruption options, each option being a triple (A,E,F) of subsets of , where the adversary can actively corrupt the players in A, passively corrupt the players in E, and fail-corrupt the players in F. This paper is concerned with characterizing for which adversary structures general secure function evaluation (SFE) and secure (reactive) multi-party computation (MPC) is possible, in various models. This has been achieved so far only for the very special model of perfect security, where, interestingly, the conditions for SFE and MPC are distinct. Such a separation was first observed by Ishai et al. in the context of computational security. We give the exact conditions for general SFE and MPC to be possible for information-theoretic security (with negligible error probability) and for computational security, assuming a broadcast channel, with and without setup. In all these settings we confirm the strict separation between SFE and MPC. As a simple consequence of our results we solve an open problem for computationally secure MPC in a threshold model with all three corruption types.
AB - In secure computation among a set of players one considers an adversary who can corrupt certain players. The three usually considered types of corruption are active, passive, and fail corruption. The adversary's corruption power is characterized by a so-called adversary structure which enumerates the adversary's corruption options, each option being a triple (A,E,F) of subsets of , where the adversary can actively corrupt the players in A, passively corrupt the players in E, and fail-corrupt the players in F. This paper is concerned with characterizing for which adversary structures general secure function evaluation (SFE) and secure (reactive) multi-party computation (MPC) is possible, in various models. This has been achieved so far only for the very special model of perfect security, where, interestingly, the conditions for SFE and MPC are distinct. Such a separation was first observed by Ishai et al. in the context of computational security. We give the exact conditions for general SFE and MPC to be possible for information-theoretic security (with negligible error probability) and for computational security, assuming a broadcast channel, with and without setup. In all these settings we confirm the strict separation between SFE and MPC. As a simple consequence of our results we solve an open problem for computationally secure MPC in a threshold model with all three corruption types.
UR - http://www.scopus.com/inward/record.url?scp=58349114557&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-89255-7_1
DO - 10.1007/978-3-540-89255-7_1
M3 - Conference contribution
AN - SCOPUS:58349114557
SN - 978-3-540-89254-0
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 18
BT - Advances in Cryptology - ASIACRYPT 2008
PB - Springer
CY - Berlin, Heidelberg
Y2 - 7 December 2008 through 11 December 2008
ER -