**Distributed Computing Made Secure: A New Cycle Cover Theorem**

*Merav Parter and Eylon Yogev*

**Abstract: **In the area of distributed graph algorithms a number of network's entities with
local views solve some computational task by exchanging messages with their
neighbors. Quite unfortunately, an inherent property of most existing
distributed algorithms is that throughout the course of their execution, the
nodes get to learn not only their own output but rather learn quite a lot on
the inputs or outputs of many other entities. This leakage of information might
be a major
obstacle in settings where the output (or input) of network's individual is a
private information (e.g., distributed networks of selfish agents,
decentralized digital currency such as Bitcoin, voting systems).

While being quite an unfamiliar notion in the classical distributed setting, the notion of secure multi-party computation (MPC) is one of the main themes in the Cryptography community. Yet despite all extensive work in the area, no existing algorithm fits the framework of classical distributed models in which there are no assumptions on the graph topologies and only messages of bounded size are sent on the edges in each round.

In this paper, we introduce a new framework for \emph{secure distributed graph algorithms} and provide the first \emph{general compiler} that takes any "natural" non-secure distributed algorithm that runs in $r$ rounds, and turns it into a secure algorithm that runs in $\widetilde{O}(r \cdot D \cdot poly(\Delta))$ rounds where $\Delta$ is the maximum degree in the graph and $D$ is its diameter. We also show that this is nearly (existentially) optimal for any round-by-round compiler for bounded degree graphs.

The main technical part of our compiler is based on a new cycle cover theorem: We show that the edges of every bridgeless graph $G$ of diameter $D$ can be covered by a collection of cycles such that each cycle is of length $\widetilde{O}(D)$ and each edge of the graph $G$ appears in $\widetilde{O}(1)$ many cycles. In fact, our construction can be made instance optimal with respect to each single edge. Letting $C_e$ be the shortest cycle containing $e$ in $G$, our cycle collection contains a cycle of length $\widetilde{O}(|C_e|)$ that covers $e$ for every $e \in G$, and in addition, each edge appears on $\widetilde{O}(1)$ many cycles. As a result, our compiler becomes instance optimal for bounded degree graphs.

**Category / Keywords: **foundations / MPC,distributed algorithm

**Date: **received 4 Dec 2017

**Contact author: **eylony at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20171208:180330 (All versions of this report)

**Short URL: **ia.cr/2017/1182

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]