**Universally Composable Multi-Party Computation with an Unreliable Common Reference String**

*Vipul Goyal and Jonathan Katz*

**Abstract: **Universally composable multi-party computation has been studied in two settings:

\begin{itemize} \item When a majority of participants are honest, universally composable multi-party computation is known to be possible without any assumptions.

\item When honest participants are \emph{not} in the majority, universally composable multi-party computation is known to be impossible (under any cryptographic assumption) in the bare model. On the other hand, feasibility results have been obtained (under standard cryptographic assumptions) in various augmented models, the most popular of which posits the existence of a \emph{common references string} (CRS) available to all parties who are executing the protocol. \end{itemize}

In either of the above settings, some \emph{assumption} regarding the protocol execution is made (i.e., that many parties are honest in the first case, or that a legitimately-chosen string is available in the second), and if this assumption is incorrect then all security is lost.

A natural question is whether it is possible to design protocols giving \emph{some} assurance of security in case \emph{either one} of these assumptions holds, i.e., a single protocol (that uses a CRS) which is secure if \emph{either} at most $s$ players are dishonest \emph{or} if up to $t$ players are dishonest (with $t > s$) but the CRS is chosen in the proscribed manner. We show that such protocols exist if and only if $s+t < n$.

**Category / Keywords: **foundations /

**Publication Info: **TCC 2008

**Date: **received 13 Sep 2007, last revised 28 Dec 2007

**Contact author: **vipul at cs ucla edu

**Available format(s): **PDF | BibTeX Citation

**Version: **20071228:215439 (All versions of this report)

**Short URL: **ia.cr/2007/369

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]