Information-Theoretically Secure MPC Against Mixed Dynamic Adversaries - Citegraph

Paper Info

Title
Information-Theoretically Secure MPC Against Mixed Dynamic Adversaries

Abstract
In this work we consider information-theoretically secure MPC against an mixed adversary who can corrupt t(p) parties passively, t(a) parties actively, and can make t(f) parties fail-stop. With perfect security, it is known that every function can be computed securely if and only if 3t(a)+2t(p)+t(f) < n, and for statistical security the bound is 2t(a)+2t(p)+ t(f) < n. These results say that for each given set of parameters (t(a), t(p), t(f)) respecting the inequality, there exists a protocol secure against this particular choice of corruption thresholds. In this work we consider a dynamic adversary. Here, the goal is a single protocol that is secure, no matter which set of corruption thresholds (t(a), t(p), t(f)) from a certain class is chosen by the adversary. A dynamic adversary can choose a corruption strategy after seeing the protocol and so is much stronger than a standard adversary. Dynamically secure protocols have been considered before for computational security. Also the information theoretic case has been studied, but only considering non-threshold general adversaries, leading to inefficient protocols. We consider threshold dynamic adversaries and information theoretic security. For statistical security we show that efficient dynamic secure function evaluation (SFE) is possible if and only if 2t(a) + 2t(p) + t(f) < n, but any dynamically secure protocol must use Omega(n) rounds, even if only fairness is required. Further, general reactive MPC is possible if we assume in addition that 2t(a) + 2t(f) <= n, but fair reactive MPC only requires 2t(a) + 2t(p) + t(f) < n. For perfect security we show that both dynamic SFE and verifiable secret sharing (VSS) are impossible if we only assume 3t(a) + 2t(p) + t(f) < n and remain impossible even if we also assume t(f) = 0. On the other hand, perfect dynamic SFE with guaranteed output delivery (G.O.D.) is possible when either t(p) = 0 or t(a) = 0 i.e. if instead we assume 3t(a) + t(f) < n or 2t(p) + t(f) < n. Further, perfect dynamic VSS with G.O.D. is possible under the additional conditions 3t(a) + 3/2t(f) <= n or 2t(p) + 2t(f) <= n. These conditions are also sufficient for dynamic perfect reactive MPC.

Year	DOI	Venue
2021	10.1007/978-3-030-90459-3_20	THEORY OF CRYPTOGRAPHY, TCC 2021, PT I
DocType	Volume	ISSN
Conference	13042	0302-9743
Citations	PageRank	References
0	0.34	0
Authors
3

Authors (3 rows)

Cited by (0 rows)

References (0 rows)

Name	Order	Citations	PageRank
Ivan Damgård	1	5851	431.52
Daniel Escudero	2	0	1.01
Divya Ravi	3	0	1.01

1