Cryptography Reference
In-Depth Information
•
Assuming the existence of enhanced
4
trapdoor permutations
,
secure multi-party computation is possible in the following
models (cf. (75; 124; 74) and details in (63; 67)):
(1) Passive adversary, for any number of dishonest par-
ties (cf. (67, Sec. 7.3)).
(2) Active adversary that may control only a minority of
the parties (cf. (67, Sec. 7.5.4)).
(3) Active adversary, for any number of bad parties, pro-
vided that suspension of execution is not consid-
ered a violation of security (i.e., as discussed in Sec-
tion 7.1.3). (See (67, Sec. 7.4 and 7.5.5).)
In all these cases, the adversary is computationally-bounded
and non-adaptive. On the other hand, the adversary may tap
the communication lines between honest parties (i.e., we do
not assume “private channels” here). The results for active
adversaries assume a broadcast channel. Indeed, the latter
can be implemented (while tolerating any number of bad
parties) using a signature scheme and assuming a public-key
infrastructure (or that each party knows the verification-key
corresponding to each of the other parties).
•
Making no computational assumptions and allowing
computationally-unbounded adversaries, but
assuming pri-
vate channels
, secure multi-party computation is possible in
the following models (cf. (25; 42)):
(1) Passive adversary that may control only a minority
of the parties.
(2) Active adversary that may control only less than one
third of the parties.
5
In both cases the adversary may be adaptive (cf. (25; 37)).
•
Secure multi-party computation is possible against an active,
adaptive and
mobile
adversary that may control a small con-
stant fraction of the parties at any point in time (106).
4
See Footnote 5.
5
Fault-tolerance can be increased to a regular minority if a broadcast channel exists (110).