Paper 2015/630

Unconditionally Secure Computation with Reduced Interaction

Ivan Damgård, Jesper Buus Nielsen, Rafail Ostovsky, and Adi Rosen

Abstract

We study the question of how much interaction is needed for unconditionally secure multiparty computation. We first consider the number of messages that need to be sent to compute a Boolean function with semi-honest security, where all $n$ parties learn the result. We consider two classes of functions called $t$-difficult and $t$-very difficult functions, here $t$ refers to the number of corrupted players. One class is contained in the other. For instance, the AND of an input bit from each player is $t$-very difficult while the XOR is $t$-difficult but not $t$-very difficult. We show lower bounds on the message complexity of both types of functions, considering two notions of message complexity called conservative and liberal, where the conservative one is the more standard one. In all cases the bounds are $\Omega(nt)$. We also show upper bounds for $t=1$ and functions in deterministic log-space, as well as a stronger upper bound for the XOR function. This matches the lower bound for conservative complexity, so we find that the conservative message complexity of $1$-very difficult functions in deterministic log space is $2n$, while the conservative message complexity for XOR (and $t=1$) is $2n-1$. Next, we consider round complexity. It is a long-standing open problem to determine whether all efficiently computable functions can also be efficiently computed in constant-round with {\em unconditional} security. Motivated by this, we consider the question of whether we can compute any function securely, while minimizing the interaction of {\em some of} the players? And if so, how many players can this apply to? Note that we still want the standard security guarantees (correctness, privacy, termination) and we consider the standard communication model with secure point-to-point channels. We answer the questions as follows: for passive security, with $n=2t+1$ players and $t$ corruptions, up to $t$ players can have minimal interaction, i.e., they send 1 message in the first round to each of the $t+1$ remaining players and receive one message from each of them in the last round. Using our result on message complexity, we show that this is (unconditionally) optimal. For malicious security with $n=3t+1$ players and $t$ corruptions, up to $t$ players can have minimal interaction, and we show that this is also optimal.

Note: This version expands the results of the previous version. It also corrects an error in the previous version, in which a lower bound for message complexity was shown. This bound was correct for conservative message complexity, and not (as was erroneously claimed) for liberal message complexity. The new version gives the correct bound for liberal.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
complexity
Contact author(s)
jbn @ cs au dk
ivan @ cs au dk
rafail @ cs ucla edu
adiro @ liafa univ-paris-diderot fr
History
2016-03-14: last of 2 revisions
2015-06-30: received
See all versions
Short URL
https://ia.cr/2015/630
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/630,
      author = {Ivan Damgård and Jesper Buus Nielsen and Rafail Ostovsky and Adi Rosen},
      title = {Unconditionally Secure Computation with Reduced Interaction},
      howpublished = {Cryptology ePrint Archive, Paper 2015/630},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/630}},
      url = {https://eprint.iacr.org/2015/630}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.