Book contents
- Frontmatter
- Contents
- Preface
- Part I Secure Multiparty Computation
- 1 Introduction
- 2 Preliminaries
- 3 MPC Protocols with Passive Security
- 4 Models
- 5 Information-Theoretic Robust MPC Protocols
- 6 MPC from General Linear Secret-Sharing Schemes
- 7 Cryptographic MPC Protocols
- 8 Some Techniques for Efficiency Improvements
- 9 Applications of MPC
- Part II Secret Sharing
- List of Algorithms
- List of Exercises
- References
- Index
6 - MPC from General Linear Secret-Sharing Schemes
from Part I - Secure Multiparty Computation
Published online by Cambridge University Press: 05 August 2015
- Frontmatter
- Contents
- Preface
- Part I Secure Multiparty Computation
- 1 Introduction
- 2 Preliminaries
- 3 MPC Protocols with Passive Security
- 4 Models
- 5 Information-Theoretic Robust MPC Protocols
- 6 MPC from General Linear Secret-Sharing Schemes
- 7 Cryptographic MPC Protocols
- 8 Some Techniques for Efficiency Improvements
- 9 Applications of MPC
- Part II Secret Sharing
- List of Algorithms
- List of Exercises
- References
- Index
Summary
Introduction
In this chapter we will show how the protocols we have seen so far can be generalized to be based on general linear secret-sharing schemes. Doing this generalization has several advantages: first, it allows us to design protocols that protect against general adversary structures, a concept we explain later, and second, it allows us to consider protocols in which the field that is used in defining the secret-sharing scheme can be of size independent of the number of players. This turns out to be an advantage for the applications of multiparty computation (MPC) that we consider later but cannot be done for the protocols that we have seen so far: to use Shamir's scheme for n players based on polynomials as we have seen, the field must be of size at least n+1.
For now, we will only consider the theory for linear secret sharing that we need to construct the protocols in this chapter. However, we note already that to get full mileage from the more general applications of secret sharing and MPC, we need additional theory, in particular, about the asymptotic behavior of secret-sharing schemes. This material can be found in Chapter 11.
General Adversary Structures
The corruption tolerance of the protocols that we have seen so far has been characterized by only a single number t, the maximal number of corruptions that can be tolerated. This is also known as the threshold-t model. One way to motivate this might be to think of corruption of a player as something that requires the adversary to invest some amount of resource, such as time or money. If the adversary has only bounded resources, there should be a limit on the corruptions he or she can do. However, characterizing this limit by only an upper bound implicitly assumes that all players are equally hard to corrupt. In reality, this may be completely false: some players may have much better security than others, so a more realistic model might be that the adversary can corrupt a small number of well-protected players or a large number of poorly protected players. However, the threshold model does not allow us to express this.
- Type
- Chapter
- Information
- Secure Multiparty Computation and Secret Sharing , pp. 139 - 158Publisher: Cambridge University PressPrint publication year: 2015