On the Communication Complexity of Secure Multi-Party Computation With Aborts
A central goal of cryptography is Secure Multi-party Computation (MPC), where $n$ parties desire to compute a function of their joint inputs without letting any party learn about the inputs of its peers. Unfortunately, it is well-known that MPC guaranteeing output delivery to every party is infeasib...
Gespeichert in:
Hauptverfasser: | , , , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | A central goal of cryptography is Secure Multi-party Computation (MPC), where
$n$ parties desire to compute a function of their joint inputs without letting
any party learn about the inputs of its peers. Unfortunately, it is well-known
that MPC guaranteeing output delivery to every party is infeasible when a
majority of the parties are malicious. In fact, parties operating over a
point-to-point network (i.e. without access to a broadcast channel) cannot even
reach an agreement on the output when more than one third of the parties are
malicious (Lamport, Shostak, and Pease, JACM 1980).
Motivated by this infeasibility in the point-to-point model, Goldwasser and
Lindell (J. Cryptol 2005) introduced a definition of MPC that does not require
agreement, referred to as MPC with selective abort. Under this definition, any
party may abort the protocol if they detect malicious behavior. They showed
that MPC with selective abort is feasible for any number of malicious parties
by implementing a broadcast functionality with abort.
While the model of MPC with abort has attracted much attention over the
years, little is known about its communication complexity over point-to-point
networks. In this work, we study the communication complexity of MPC with abort
and devise nearly-optimal communication efficient protocols in this model.
Namely, we prove trade-offs between the number of honest parties $h$, the
communication complexity, and the locality of the protocols. Here, locality is
a bound on the number of peers with which each party must communicate. |
---|---|
DOI: | 10.48550/arxiv.2406.06914 |