\begin{itemize} \item When a majority of participants are honest, universally composable multi-party computation is known to be possible without any assumptions.
\item When honest participants are \emph{not} in the majority, universally composable multi-party computation is known to be impossible (under any cryptographic assumption) in the bare model. On the other hand, feasibility results have been obtained (under standard cryptographic assumptions) in various augmented models, the most popular of which posits the existence of a \emph{common references string} (CRS) available to all parties who are executing the protocol. \end{itemize}
In either of the above settings, some \emph{assumption} regarding the protocol execution is made (i.e., that many parties are honest in the first case, or that a legitimately-chosen string is available in the second), and if this assumption is incorrect then all security is lost.
A natural question is whether it is possible to design protocols giving \emph{some} assurance of security in case \emph{either one} of these assumptions holds, i.e., a single protocol (that uses a CRS) which is secure if \emph{either} at most $s$ players are dishonest \emph{or} if up to $t$ players are dishonest (with $t > s$) but the CRS is chosen in the proscribed manner. We show that such protocols exist if and only if $s+t < n$.
Category / Keywords: foundations / Publication Info: TCC 2008 Date: received 13 Sep 2007, last revised 28 Dec 2007 Contact author: vipul at cs ucla edu Available format(s): PDF | BibTeX Citation Version: 20071228:215439 (All versions of this report) Short URL: ia.cr/2007/369 Discussion forum: Show discussion | Start new discussion