• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal of Cryptology >1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds
【24h】

1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds

机译:1 / P-Secure Multiparty Complation没有诚实的多数和世界两全其美

获取原文
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

A protocol for computing a functionality is secure if an adversary in this protocol cannot cause more harm than in an ideal computation, where parties give their inputs to a trusted party that returns the output of the functionality to all parties. In particular, in the ideal model, such computation is fair-if the corrupted parties get the output, then the honest parties get the output. Cleve (STOC 1986) proved that, in general, fairness is not possible without an honest majority. To overcome this impossibility, Gordon and Katz (Eurocrypt 2010) suggested a relaxed definition-1/p-secure computation-which guarantees partial fairness. For two parties, they constructed 1/p-secure protocols for functionalities for which the size of either their domain or their range is polynomial (in the security parameter). Gordon and Katz ask whether their results can be extended to multiparty protocols. We study 1/p-secure protocols in the multiparty setting for general functionalities. Our main result is constructions of 1/p-secure protocols that are resilient against any number of corrupted parties provided that the number of parties is constant and the size of the range of the functionality is at most polynomial (in the security parameter n). If fewer than 2/3 of the parties are corrupted, the size of the domain of each party is constant, and the functionality is deterministic, then our protocols are efficient even when the number of parties is log log n. On the negative side, we show that when the number of parties is super-constant, 1/p-secure protocols are not possible when the size of the domain of each party is polynomial. Thus, our feasibility results for 1/p-secure computation are essentially tight. We further motivate our results by constructing protocols with stronger guarantees: If in the execution of the protocol there is a majority of honest parties, then our protocols provide full security. However, if only a minority of the parties are honest, then our protocols are 1/p-secure. Thus, our protocols provide the best of both worlds, where the 1/p-security is only a fall-back option if there is no honest majority.
机译:如果本协议中的对手不会造成比在理想的计算中的对手将其输入返回到所有方面的可信方,那么计算功能的协议是安全的。特别是,在理想的模型中,这种计算是公平的 - 如果损坏的各方获得输出,那么诚实的派对得到了输出。 Cleve(STOC 1986)证明,一般而言,没有诚实的多数,不可能公平。为了克服这种不可能性,戈登和凯茨(Eurocrypt 2010)建议了一个放宽的定义-1 / p-secure计算 - 这保证了部分公平性。对于双方来说,它们为其域或其范围的尺寸为多项式(在安全参数中)构建了1 / p安全协议。 Gordon和Katz询问他们的结果是否可以扩展到多方协议。我们研究了一个/ p安全协议,用于一般功能的多重设置。我们的主要结果是1 / p安全协议的建设,这些协议是针对任意数量的损坏方的弹性,条件是缔约方的数量是恒定的,并且功能范围的大小在大多数多项式(在安全参数n中)。如果少于2/3的各方已损坏,则每个方的域的大小是常量的,并且功能是确定性的,然后即使当事人的数量是日志log n时,我们的协议也是有效的。在消极方面,我们表明,当各方的域数是超常常数时,当每个方的域的大小是多项式时,不可能不可能进行1 / p安全协议。因此,我们的1 / p安全计算的可行性结果基本紧张。我们进一步激励我们的结果,通过构建具有更强保证的协议:如果在执行“协议”中有大多数诚实的缔约方,我们的协议提供全部安全。但是,如果只有少数缔约方是诚实的,那么我们的协议是1 / p-secure。因此,我们的协议提供了两个世界的最佳,如果没有诚实的多数,1 / P-Security只是一个倒退的选择。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号