**Incoercible Multiparty Computation**

*Ran Canetti and Rosario Gennaro*

**Abstract: **Current secure multiparty protocols have the following deficiency.
The public transcript of the communication can be used as an involuntary
<B>commitment</B> of the parties to their inputs and outputs. Thus parties
can be later coerced by some authority to reveal their private data.
Previous work that has pointed this interesting problem out contained only
partial treatment.
In this work we present the first general and rigorous treatment of the
coercion problem in secure computation.
First we present a general definition of protocols that
provide resilience to coercion. Our definition
constitutes a natural extension of the general paradigm used
for defining secure multiparty protocols.
Next we show that if trapdoor permutations exist then
any function can be incoercibly computed
(i.e., computed by a protocol that provides resilience to coercion)
in the presence of computationally
bounded adversaries and only public communication channels.
This holds as long as less than half the parties are coerced (or corrupted).
In particular, ours are the first incoercible protocols without
physical assumptions. Also, our protocols constitute an alternative
solution to the recently solved adaptive security problem.

**Category / Keywords: **Cryptographic protocols, Coercion.

**Publication Info: **Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.

**Date: **received May 10th, 1996. Revised on May 17th, 1996. The revision contains a more precise statement and proofs of the impossiblity result (now section 3). Revised again on August 7th, 1996.

**Contact author: **canetti at theory lcs mit edu

**Available format(s): **Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

**Short URL: **ia.cr/1996/001

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]