## Cryptology ePrint Archive: Report 2020/497

Collusion-Preserving Computation without a Mediator

Michele Ciampi and Yun Lu and Vassilis Zikas

Abstract: Collusion-free (CF) and collusion-preserving (CP) protocols enrich the standard security offered by multi-party computation (MPC), to tackle settings where subliminal communication is undesirable. However, all existing solutions make arguably unrealistic assumptions on setups, such as physical presence of the parties, access to physical envelopes, or extreme isolation, where the only means of communication is a star-topology network. The above state of affairs remained a limitation of such protocols, which was even reinforced by impossibility results. Thus, for years, it has been unclear if and how the above setup assumptions could be relaxed towards more realistic scenarios. Motivated also by the increasing interest in using hardware tokens for cryptographic applications, in this work we provide the first solution to collusion preserving computation which uses weaker and more common assumptions than the state of the art, i.e., an authenticated broadcast functionality and access to honestly generated trusted hardware tokens. We prove that our protocol is collusion-preserving (in short, {\em CP}) secure as long as no parties abort. In the case of an aborting adversary, our protocol still achieves standard (G)UC security with identifiable (and unanimous) abort.

Leveraging the above identifiability property, we augment our protocol with a penalization scheme which ensures that it is not profitable to abort, thereby obtaining CP security against incentive-driven attackers. To define (and prove) this latter result, we combine the Rational Protocol Design (RPD) methodology by Garay {\em et al.} [FOCS 2013] with the CP framework of Alwen {\em et al.} [CRYPTO 2012] to derive a definition of security in the presence of incentive-driven local adversaries which can be of independent interest. Similar to existing CP/CF solutions, our protocol preserves, as a fallback, security against monolithic adversaries, even when the setup (i.e., the hardware tokens) is compromised or corrupted. In addition, our fallback solution achieves identifiable and unanimous abort, which we prove are impossible in previous CP solutions.

Category / Keywords: cryptographic protocols / collusion-free protocols, collusion-preserving protocols, multiparty computation, hardware tokens

Date: received 28 Apr 2020, last revised 15 May 2021

Contact author: mciampi at ed ac uk, Y Lu-59 at sms ed ac uk, vassilis zikas at ed ac uk

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/497

[ Cryptology ePrint archive ]