### On Communication Models and Best-Achievable Security in Two-Round MPC

Aarushi Goel, Abhishek Jain, Manoj Prabhakaran, and Rajeev Raghunath

##### Abstract

Recently, a sequence of works have made strong advances in two-round (i.e., round-optimal) secure multi-party computation (MPC). In the honest-majority setting -- the focus of this work -- Ananth et al. [CRYPTO'18, EC'19], Applebaum et al. [TCC'18, EC'19] and Garg et al. [TCC'18] have established the feasibility of general two-round MPC in standard communication models involving broadcast (BC) and private point-to-point (P2P) channels. In this work, we set out to understand what features of the communication model are necessary for these results, and more broadly the design of two-round MPC. Focusing our study on the plain model -- the most natural model for honest-majority MPC -- we obtain the following results: 1. Dishonest majority from Honest majority: In the two round setting, honest-majority MPC and dishonest-majority MPC are surprisingly close, and often equivalent. This follows from our results that the former implies 2-message oblivious transfer, in many settings. (i) We show that without private point-to-point (P2P) channels, i.e., when we use only broadcast (BC) channels, honest-majority MPC implies 2-message oblivious transfer. (ii) Furthermore, this implication holds even when we use both P2P and BC, provided that the MPC protocol is robust against fail-stop'' adversaries. 2. Best-Achievable Security: While security with guaranteed output delivery (and even fairness) against malicious adversaries is impossible in two rounds, nothing is known with regards to the next best'' security notion, namely, security with identifiable abort (IA). We show that IA is also impossible to achieve with honest-majority even if we use both P2P and BC channels. However, if we replace P2P channels with a bare'' (i.e., untrusted) public-key infrastructure (PKI), then even security with guaranteed output delivery (and hence IA) is possible to achieve. These results explain'' that the reliance on P2P channels (together with BC) in the recent two-round protocols in the plain model was in fact necessary, and that these protocols couldn't have achieved a stronger security guarantee, namely, IA. Overall, our results (put together with prior works) fully determine the best-achievable security for honest-majority MPC in different communication models in two rounds. As a consequence, they yield the following hierarchy of communication models: BC < P2P < BC+P2P < BC+PKI This shows that BC channel is the weakest communication model, and that BC+PKI model is strictly stronger than BC+PTP model.

Available format(s)
Category
Foundations
Publication info
A minor revision of an IACR publication in TCC 2021
Keywords
Secure multiparty computationTwo roundsCommunication channelsoblivious transfer
Contact author(s)
aarushig @ cs jhu edu
abhishek @ cs jhu edu
mp @ cse iitb ac in
mrrajeev @ cse iitb ac in
History
2021-11-03: revised
See all versions
Short URL
https://ia.cr/2021/690

CC BY

BibTeX

@misc{cryptoeprint:2021/690,
author = {Aarushi Goel and Abhishek Jain and Manoj Prabhakaran and Rajeev Raghunath},
title = {On Communication Models and Best-Achievable Security in Two-Round MPC},
howpublished = {Cryptology ePrint Archive, Paper 2021/690},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/690}},
url = {https://eprint.iacr.org/2021/690}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.