### Incoercible Multiparty Computation

Ran Canetti and Rosario Gennaro

##### Abstract

Current secure multiparty protocols have the following deficiency. The public transcript of the communication can be used as an involuntary <B>commitment</B> of the parties to their inputs and outputs. Thus parties can be later coerced by some authority to reveal their private data. Previous work that has pointed this interesting problem out contained only partial treatment. In this work we present the first general and rigorous treatment of the coercion problem in secure computation. First we present a general definition of protocols that provide resilience to coercion. Our definition constitutes a natural extension of the general paradigm used for defining secure multiparty protocols. Next we show that if trapdoor permutations exist then any function can be incoercibly computed (i.e., computed by a protocol that provides resilience to coercion) in the presence of computationally bounded adversaries and only public communication channels. This holds as long as less than half the parties are coerced (or corrupted). In particular, ours are the first incoercible protocols without physical assumptions. Also, our protocols constitute an alternative solution to the recently solved adaptive security problem.

Available format(s)
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Keywords
Cryptographic protocolsCoercion.
Contact author(s)
canetti @ theory lcs mit edu
History
1996-08-07: last of 2 revisions
Short URL
https://ia.cr/1996/001

CC BY

BibTeX

@misc{cryptoeprint:1996/001,
author = {Ran Canetti and Rosario Gennaro},
title = {Incoercible Multiparty Computation},
howpublished = {Cryptology ePrint Archive, Paper 1996/001},
year = {1996},
note = {\url{https://eprint.iacr.org/1996/001}},
url = {https://eprint.iacr.org/1996/001}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.