Paper 2006/315

On the Necessity of Rewinding in Secure Multiparty Computation

Michael Backes, Joern-Mueller Quade, and Dominique Unruh

Abstract

We investigate whether security of multiparty computation in the information-theoretic setting implies their security under concurrent composition. We show that security in the stand-alone model proven using black-box simulators in the information-theoretic setting does not imply security under concurrent composition, not even security under 2-bounded concurrent self-composition with an inefficient simulator and fixed inputs. This in particular refutes recently made claims on the equivalence of security in the stand-alone model and concurrent composition for perfect and statistical security (STOC'06). Our result strongly relies on the question whether every rewinding simulator can be transformed into an equivalent, potentially inefficient non-rewinding (straight-line) simulator. We answer this question in the negative by giving a protocol that can be proven secure using a rewinding simulator, yet that is not secure for any non-rewinding simulator.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Unknown where it was published
Keywords
Secure computationinformation-theoretic securityblack-box simulationprotocol composition
Contact author(s)
unruh @ cs uni-sb de
History
2006-09-13: received
Short URL
https://ia.cr/2006/315
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/315,
      author = {Michael Backes and Joern-Mueller Quade and Dominique Unruh},
      title = {On the Necessity of Rewinding in Secure Multiparty Computation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/315},
      year = {2006},
      url = {https://eprint.iacr.org/2006/315}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.