Book contents
- Frontmatter
- Contents
- Preface
- Part I Secure Multiparty Computation
- 1 Introduction
- 2 Preliminaries
- 3 MPC Protocols with Passive Security
- 4 Models
- 5 Information-Theoretic Robust MPC Protocols
- 6 MPC from General Linear Secret-Sharing Schemes
- 7 Cryptographic MPC Protocols
- 8 Some Techniques for Efficiency Improvements
- 9 Applications of MPC
- Part II Secret Sharing
- List of Algorithms
- List of Exercises
- References
- Index
3 - MPC Protocols with Passive Security
from Part I - Secure Multiparty Computation
Published online by Cambridge University Press: 05 August 2015
- Frontmatter
- Contents
- Preface
- Part I Secure Multiparty Computation
- 1 Introduction
- 2 Preliminaries
- 3 MPC Protocols with Passive Security
- 4 Models
- 5 Information-Theoretic Robust MPC Protocols
- 6 MPC from General Linear Secret-Sharing Schemes
- 7 Cryptographic MPC Protocols
- 8 Some Techniques for Efficiency Improvements
- 9 Applications of MPC
- Part II Secret Sharing
- List of Algorithms
- List of Exercises
- References
- Index
Summary
Introduction
In Chapter 1 we gave an introduction to the multiparty computation problem and explained what it intuitively means for a protocol to compute a given function securely, namely, we want a protocol that is correct and private. However, we only considered three players, we only argued that a single player does not learn more than he or she is supposed to, and finally, we assumed that all players would follow the protocol.
In this chapter we will consider a more general solution to multiparty computation, where we remove the first two restrictions: we will consider any number n ≥ 3 of players, and we will be able to show that as long as at most t < n/2 of the players go together after the protocol is executed and pool all their information, they will learn nothing more than their own inputs and the outputs they were supposed to receive, even if their computing power is unbounded. We will still assume, however, that all players follow the protocol. This is known as semihonest or passive security.
To argue security in this chapter, we will use a somewhat weak but very simple definition that only makes sense for semihonest security. We then extend this in Chapter 4 to a fully general model of what protocols are and what security means.
Throughout this chapter we will assume that each pair of players can communicate using a perfectly secure channel, so if two players exchange data, a third player has no information at all about what is sent. Such channels might be available because of physical circumstances, or we can implement them relative to a computational assumption using cryptography. For more details on this, see Chapter 7.
We end the chapter by showing that the bound t < n/2 is optimal: if t ≥ n/2, then some functions cannot be computed securely in the model mentioned, that is, obtaining perfect security by using only secure point-to-point communication as the communication resource.
Secret Sharing
Our main tool to build the protocol will be secret-sharing schemes. The theory of secret-sharing schemes is a large and interesting field in its own right with many applications to multiparty computation (MPC), and we look at this in more detail in Chapter 11, where a formal definition of the notion as well as a general treatment of the theory of secret sharing can be found.
- Type
- Chapter
- Information
- Secure Multiparty Computation and Secret Sharing , pp. 32 - 50Publisher: Cambridge University PressPrint publication year: 2015