TY - GEN

T1 - Complexity of multi-party computation problems

T2 - 6th Theory of Cryptography Conference, TCC 2009

AU - Maji, Hemanta K.

AU - Prabhakaran, Manoj

AU - Rosulek, Mike

N1 - Copyright:
Copyright 2009 Elsevier B.V., All rights reserved.

PY - 2009

Y1 - 2009

N2 - In symmetric secure function evaluation (SSFE), Alice has an input x, Bob has an input y, and both parties wish to securely compute f(x,y). We show several new results classifying the feasibility of securely implementing these functions in several security settings. Namely, we give new alternate characterizations of the functions that have (statistically) secure protocols against passive and active (standalone), computationally unbounded adversaries. We also show a strict, infinite hierarchy of complexity for SSFE functions with respect to universally composable security against unbounded adversaries. That is, there exists a sequence of functions f 1, f 2, ⋯ such that there exists a UC-secure protocol for f i in the f j -hybrid world if and only if ij. The main new technical tool that unifies our unrealizability results is a powerful protocol simulation theorem, which may be of independent interest. Essentially, in any adversarial setting (UC, standalone, or passive), f is securely realizable if and only if a very simple (deterministic) "canonical" protocol for f achieves the desired security. Thus, to show that f is unrealizable, one need simply demonstrate a single attack on a single simple protocol.

AB - In symmetric secure function evaluation (SSFE), Alice has an input x, Bob has an input y, and both parties wish to securely compute f(x,y). We show several new results classifying the feasibility of securely implementing these functions in several security settings. Namely, we give new alternate characterizations of the functions that have (statistically) secure protocols against passive and active (standalone), computationally unbounded adversaries. We also show a strict, infinite hierarchy of complexity for SSFE functions with respect to universally composable security against unbounded adversaries. That is, there exists a sequence of functions f 1, f 2, ⋯ such that there exists a UC-secure protocol for f i in the f j -hybrid world if and only if ij. The main new technical tool that unifies our unrealizability results is a powerful protocol simulation theorem, which may be of independent interest. Essentially, in any adversarial setting (UC, standalone, or passive), f is securely realizable if and only if a very simple (deterministic) "canonical" protocol for f achieves the desired security. Thus, to show that f is unrealizable, one need simply demonstrate a single attack on a single simple protocol.

UR - http://www.scopus.com/inward/record.url?scp=70350679063&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350679063&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-00457-5_16

DO - 10.1007/978-3-642-00457-5_16

M3 - Conference contribution

AN - SCOPUS:70350679063

SN - 3642004563

SN - 9783642004568

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 256

EP - 273

BT - Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings

Y2 - 15 March 2009 through 17 March 2009

ER -