Cryptography Reference
In-Depth Information
(2) Upon receiving inputs from all parties, the trusted party
determines the corresponding outputs and sends them to the
corresponding parties. (We stress that the information sent
between the honest parties and the trusted party is not seen
by the dishonest colluding minority.)
(3) Upon receiving the output-message from the trusted party,
each honest party outputs it locally, whereas the dishonest
colluding minority may determine their outputs based on all
they know (i.e., their initial inputs and their received out-
puts).
Note that the above behavior of the minority group is unavoidable in
any execution of any protocol (even in presence of trusted parties).
This is the reason that the ideal model was defined as above. Now,
a secure multi-party computation with honest majority is required to
emulate this ideal model. That is, the effect of any feasible adversary
that controls a minority of the parties in a real execution of the actual
protocol, can be essentially simulated by a (different) feasible adversary
that controls the corresponding parties in the ideal model. That is:
Definition 7.1. (secure protocols - a sketch): Let f be an m -ary func-
tionality and Π be an m -party protocol operating in the real model.
For a real-model adversary A , controlling some minority of
the parties (and tapping all communication channels) ,and
an m -sequence x ,wedenotebyreal Π ,A ( x ) the sequence of
m outputs resulting from the execution of Π on input x under
attack of the adversary A .
For an ideal-model adversary A , controlling some minority of
the parties, and an m -sequence x ,wedenotebyideal f,A ( x )
the sequence of m outputs resulting from the ideal process
described above, on input x under attack of the adversary
A .
We say that Π securely implements f with honest majority if for every
feasible real-model adversary A , controlling some minority of the par-
Search WWH ::




Custom Search