Paper 2020/497

Collusion-Preserving Computation without a Mediator

Michele Ciampi, Yun Lu, and Vassilis Zikas


Collusion-free (CF) and collusion-preserving (CP) protocols enrich the standard security offered by multi-party computation (MPC), to tackle settings where subliminal communication is undesirable. However, all existing solutions make arguably unrealistic assumptions on setups, such as physical presence of the parties, access to physical envelopes, or extreme isolation, where the only means of communication is a star-topology network. The above state of affairs remained a limitation of such protocols, which was even reinforced by impossibility results. Thus, for years, it has been unclear if and how the above setup assumptions could be relaxed towards more realistic scenarios. Motivated also by the increasing interest in using hardware tokens for cryptographic applications, in this work we provide the first solution to collusion preserving computation which uses weaker and more common assumptions than the state of the art, i.e., an authenticated broadcast functionality and access to honestly generated trusted hardware tokens. We prove that our protocol is collusion-preserving (in short, {\em CP}) secure as long as no parties abort. In the case of an aborting adversary, our protocol still achieves standard (G)UC security with identifiable (and unanimous) abort. Leveraging the above identifiability property, we augment our protocol with a penalization scheme which ensures that it is not profitable to abort, thereby obtaining CP security against incentive-driven attackers. To define (and prove) this latter result, we combine the Rational Protocol Design (RPD) methodology by Garay {\em et al.} [FOCS 2013] with the CP framework of Alwen {\em et al.} [CRYPTO 2012] to derive a definition of security in the presence of incentive-driven local adversaries which can be of independent interest. Similar to existing CP/CF solutions, our protocol preserves, as a fallback, security against monolithic adversaries, even when the setup (i.e., the hardware tokens) is compromised or corrupted. In addition, our fallback solution achieves identifiable and unanimous abort, which we prove are impossible in previous CP solutions.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
collusion-free protocolscollusion-preserving protocolsmultiparty computationhardware tokens
Contact author(s)
mciampi @ ed ac uk
Y Lu-59 @ sms ed ac uk
vassilis zikas @ ed ac uk
2021-05-15: revised
2020-04-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Michele Ciampi and Yun Lu and Vassilis Zikas},
      title = {Collusion-Preserving Computation without a Mediator},
      howpublished = {Cryptology ePrint Archive, Paper 2020/497},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.