Cryptography Reference
In-Depth Information
This result makes no computational assumptions, allows
computationally-unbounded adversaries, but
assumes pri-
vate channels
.
•
Assuming the existence of enhanced trapdoor permutations
,
secure multi-party computation is possible in a model
allowing an active and
adaptive
computationally-bounded
adversary that may control only less than one third of the
parties (37; 48). We stress that this result does not assume
“private channels”.
Results for asynchronous communication and arbitrary networks of
point-to-point channels were presented in (23; 26) and (51), respec-
tively.
Note that the implementation of a broadcast channel can be
cast as a cryptographic protocol problem (i.e., for the functionality
(
v, λ, ..., λ
)
(
v, v, ..., v
), where
λ
denotes the empty string). Thus,
it is not surprising that the results regarding active adversaries either
assume the existence of such a channel or require a setting in which
the latter can be implemented.
→
Secure reactive computation:
All the above results (easily) extend
to a reactive model of computation in which each party interacts with a
high-level process (or application). The high-level process supplies each
party with a sequence of inputs, one at a time, and expect to receive
corresponding outputs from the parties. That is, a reactive system goes
through (a possibly unbounded number of) iterations of the following
type:
•
Parties are given inputs for the current iteration.
•
Depending on the current inputs, the parties are supposed
to compute outputs for the current iteration. That is, the
outputs in iteration
j
are determined by the inputs of the
j
th iteration.
A more general formulation allows the outputs of each iteration to
depend also on a global state, which is possibly updated in each itera-
tion. The global state may include all inputs and outputs of previous
