General adversaries in unconditional multi-party computation

Abstract

We consider a generalized adversary model for unconditionally secure multi-party computation. The adversary can actively corrupt (i.e. take full control over) a subset D ⊆ P of the players, and, additionally, can passively corrupt (i.e. read the entire information of) another subset E ⊆ P of the players. The adversary is characterized by a generalized adversary structure, i.e. a set of pairs (D,E), where he may select one arbitrary pair from the structure and corrupt the players accordingly. This generalizes the classical threshold results of Ben-Or, Goldwasser and Wigderson, Chaum, Crepeau, and Damgard, and Rabin and Ben-Or, and the non-threshold results of Hirt and Maurer. The generalizationsan d improvements on the results of Hirt and Maurer are three-fold: First, we generalize their model by considering mixed (active and passive) non-threshold adversaries and characterize completely the adversary structures for which unconditionally secure multi-party computation is possible, for four different models: Perfect security with and without broadcast, and unconditional security (with negligible error probability) with and without broadcast. All bounds are tight. Second, some of their protocols have complexity super-polynomial in the size of the adversary structure; we reduce the complexity to polynomial. Third, we prove the existence of adversary structures for which no polynomial(in the number of players) protocols exist. The following two implications illustrate the usefulness of these results: The most powerful adversary that is unconditionally tolerated by previous protocolsam ong three players ist he one that passively corrupts one arbitrary player; using our protocols one can unconditionally tolerate an adversary that either passively corrupts the first player, or actively corruptsthe second or the third player. Moreover, in a setting with arbitrarily many cheating players who want to compute an agreed function with the help of a trusted party, we canrelax the trust requirement into this helping party: Without support from the cheating playersthe helping party obtainsno information about the honest players' inputs and outputs.