Asynchronous secure computation

Abstract

We initiate a study of security in asynchronous networks. We consider a completely asynchronous network where every two parties are connected via a private channel, and some of the parties may be faulty. We start by defining secure computation in this model. Our definition adapts the underlying principles of defining security (i.e., comparing the computation to a computation in the presence of a trusted party) to the asynchronous model. In particular, our definition takes into account the fact that the computation must be completed even if we never hear from the faulty parties. Next, we show that whatever can be securely computed in an asynchronous network in the presence of a trusted party, can be securely computed in a network in which no such trusted party exists. We distinguish two types of faults. In case of Fail-Stop faults, our construction is valid as long as the faulty parties constitute less than a third of the parties in the network. In case of general (i.e., Byzantine) faults, our construction requires that the faulty parties are less than a fourth fraction. In both cases, the resilience of our construction is optimal. Our construction generalizes known synchronous constructions by Ben-Or, Goldwasser and Wigderson. In addition, we introduce and implement several new asynchronous primitives. Among these, we note an errorless asynchronous verifiable secret sharing scheme, an asynchronous agreement on a large set that is contained in the dynamical y growing inputs of all non-faulty parties, and an on-line error-correcting procedure.