TY - GEN
T1 - Complexity of multi-party computation problems
T2 - 6th Theory of Cryptography Conference, TCC 2009
AU - Maji, Hemanta K.
AU - Prabhakaran, Manoj
AU - Rosulek, Mike
N1 - Funding Information:
Partially supported by NSF grants CNS 07-47027 and CNS 07-16626.
PY - 2009
Y1 - 2009
N2 - In symmetric secure function evaluation (SSFE), Alice has an input x, Bob has an input y, and both parties wish to securely compute f(x,y). We show several new results classifying the feasibility of securely implementing these functions in several security settings. Namely, we give new alternate characterizations of the functions that have (statistically) secure protocols against passive and active (standalone), computationally unbounded adversaries. We also show a strict, infinite hierarchy of complexity for SSFE functions with respect to universally composable security against unbounded adversaries. That is, there exists a sequence of functions f 1, f 2, ⋯ such that there exists a UC-secure protocol for f i in the f j -hybrid world if and only if ij. The main new technical tool that unifies our unrealizability results is a powerful protocol simulation theorem, which may be of independent interest. Essentially, in any adversarial setting (UC, standalone, or passive), f is securely realizable if and only if a very simple (deterministic) "canonical" protocol for f achieves the desired security. Thus, to show that f is unrealizable, one need simply demonstrate a single attack on a single simple protocol.
AB - In symmetric secure function evaluation (SSFE), Alice has an input x, Bob has an input y, and both parties wish to securely compute f(x,y). We show several new results classifying the feasibility of securely implementing these functions in several security settings. Namely, we give new alternate characterizations of the functions that have (statistically) secure protocols against passive and active (standalone), computationally unbounded adversaries. We also show a strict, infinite hierarchy of complexity for SSFE functions with respect to universally composable security against unbounded adversaries. That is, there exists a sequence of functions f 1, f 2, ⋯ such that there exists a UC-secure protocol for f i in the f j -hybrid world if and only if ij. The main new technical tool that unifies our unrealizability results is a powerful protocol simulation theorem, which may be of independent interest. Essentially, in any adversarial setting (UC, standalone, or passive), f is securely realizable if and only if a very simple (deterministic) "canonical" protocol for f achieves the desired security. Thus, to show that f is unrealizable, one need simply demonstrate a single attack on a single simple protocol.
UR - http://www.scopus.com/inward/record.url?scp=70350679063&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70350679063&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-00457-5_16
DO - 10.1007/978-3-642-00457-5_16
M3 - Conference contribution
AN - SCOPUS:70350679063
SN - 3642004563
SN - 9783642004568
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 256
EP - 273
BT - Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings
Y2 - 15 March 2009 through 17 March 2009
ER -