Concurrent composition of secure protocols in the timing model

Yael Tauman Kalai; Yehuda Lindell; Manoj Prabhakaran

doi:10.1007/s00145-007-0567-1

Concurrent composition of secure protocols in the timing model

Yael Tauman Kalai, Yehuda Lindell, Manoj Prabhakaran

Research output: Contribution to journal › Article › peer-review

Abstract

In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their inputs. In the stand-alone case it has been shown that every efficient function can be securely computed. However, in the setting of concurrent composition, broad impossibility results have been proven for the case of no honest majority and no trusted setup phase. These results hold both for the case of general composition (where a secure protocol is run many times concurrently with arbitrary other protocols) and self-composition (where a single secure protocol is run many times concurrently). In this paper we investigate the feasibility of obtaining security in the concurrent setting, assuming that each party has a local clock and that these clocks proceed at approximately the same rate. We show that under this mild timing assumption, it is possible to securely compute any multiparty functionality under concurrent self-composition. Loosely speaking, we also show that it is possible to securely compute any multiparty functionality under concurrent general composition, as long as the secure protocol is run only with protocols whose messages are delayed by a specified amount of time. On the negative side, we show that it is impossible to achieve security under concurrent general composition with no restrictions whatsoever on the network (like the aforementioned delays), even in the timing model.

Original language	English (US)
Pages (from-to)	431-492
Number of pages	62
Journal	Journal of Cryptology
Volume	20
Issue number	4
DOIs	https://doi.org/10.1007/s00145-007-0567-1
State	Published - Oct 2007
Externally published	Yes

Keywords

Concurrent composition
Secure multiparty computation
Theory of cryptography
Timing assumptions

ASJC Scopus subject areas

Software
Computer Science Applications
Applied Mathematics

Online availability

10.1007/s00145-007-0567-1

Library availability

Discover UIUC Full Text

Cite this

@article{190caee6d2ae4de482ae9cbf9a8214a4,

title = "Concurrent composition of secure protocols in the timing model",

abstract = "In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their inputs. In the stand-alone case it has been shown that every efficient function can be securely computed. However, in the setting of concurrent composition, broad impossibility results have been proven for the case of no honest majority and no trusted setup phase. These results hold both for the case of general composition (where a secure protocol is run many times concurrently with arbitrary other protocols) and self-composition (where a single secure protocol is run many times concurrently). In this paper we investigate the feasibility of obtaining security in the concurrent setting, assuming that each party has a local clock and that these clocks proceed at approximately the same rate. We show that under this mild timing assumption, it is possible to securely compute any multiparty functionality under concurrent self-composition. Loosely speaking, we also show that it is possible to securely compute any multiparty functionality under concurrent general composition, as long as the secure protocol is run only with protocols whose messages are delayed by a specified amount of time. On the negative side, we show that it is impossible to achieve security under concurrent general composition with no restrictions whatsoever on the network (like the aforementioned delays), even in the timing model.",

keywords = "Concurrent composition, Secure multiparty computation, Theory of cryptography, Timing assumptions",

author = "Kalai, {Yael Tauman} and Yehuda Lindell and Manoj Prabhakaran",

year = "2007",

month = oct,

doi = "10.1007/s00145-007-0567-1",

language = "English (US)",

volume = "20",

pages = "431--492",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer",

number = "4",

}

TY - JOUR

T1 - Concurrent composition of secure protocols in the timing model

AU - Kalai, Yael Tauman

AU - Lindell, Yehuda

AU - Prabhakaran, Manoj

PY - 2007/10

Y1 - 2007/10

N2 - In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their inputs. In the stand-alone case it has been shown that every efficient function can be securely computed. However, in the setting of concurrent composition, broad impossibility results have been proven for the case of no honest majority and no trusted setup phase. These results hold both for the case of general composition (where a secure protocol is run many times concurrently with arbitrary other protocols) and self-composition (where a single secure protocol is run many times concurrently). In this paper we investigate the feasibility of obtaining security in the concurrent setting, assuming that each party has a local clock and that these clocks proceed at approximately the same rate. We show that under this mild timing assumption, it is possible to securely compute any multiparty functionality under concurrent self-composition. Loosely speaking, we also show that it is possible to securely compute any multiparty functionality under concurrent general composition, as long as the secure protocol is run only with protocols whose messages are delayed by a specified amount of time. On the negative side, we show that it is impossible to achieve security under concurrent general composition with no restrictions whatsoever on the network (like the aforementioned delays), even in the timing model.

AB - In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their inputs. In the stand-alone case it has been shown that every efficient function can be securely computed. However, in the setting of concurrent composition, broad impossibility results have been proven for the case of no honest majority and no trusted setup phase. These results hold both for the case of general composition (where a secure protocol is run many times concurrently with arbitrary other protocols) and self-composition (where a single secure protocol is run many times concurrently). In this paper we investigate the feasibility of obtaining security in the concurrent setting, assuming that each party has a local clock and that these clocks proceed at approximately the same rate. We show that under this mild timing assumption, it is possible to securely compute any multiparty functionality under concurrent self-composition. Loosely speaking, we also show that it is possible to securely compute any multiparty functionality under concurrent general composition, as long as the secure protocol is run only with protocols whose messages are delayed by a specified amount of time. On the negative side, we show that it is impossible to achieve security under concurrent general composition with no restrictions whatsoever on the network (like the aforementioned delays), even in the timing model.

KW - Concurrent composition

KW - Secure multiparty computation

KW - Theory of cryptography

KW - Timing assumptions

UR - http://www.scopus.com/inward/record.url?scp=36749090144&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=36749090144&partnerID=8YFLogxK

U2 - 10.1007/s00145-007-0567-1

DO - 10.1007/s00145-007-0567-1

M3 - Article

AN - SCOPUS:36749090144

SN - 0933-2790

VL - 20

SP - 431

EP - 492

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 4

ER -

Concurrent composition of secure protocols in the timing model

Abstract

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this