Cryptography Reference
In-Depth Information
of the active parties are honest (34). This holds unconditionally for the
private channel model, and under standard assumptions (e.g., allowing
the construction of public-key encryption schemes) for the standard
model (i.e., without private channel). The immediate consequence of
this result is that general environmentally-secure multi-party computa-
tion is possible, provided that more than two-thirds of the parties are
honest.
In contrast, general environmentally-secure
two-party
computation
is not possible (in the standard sense).
8
Still, one can salvage general
environmentally-secure two-party computation in the following reason-
able model: Consider a network that contains servers that are willing
to participate (as “helpers”, possibly for a payment) in computations
initiated by a set of (two or more) users. Now, suppose that two users
wishing to conduct a secure computation can agree on a set of servers so
that each user believes that more than two-thirds of the servers (in this
set) are honest. Then, with the active participation of this set of servers,
the two users can compute any functionality in an environmentally-
secure manner.
Other reasonable models where general environmentally-secure
two-
party
computation is possible include the common random-string
(CRS) model (41) and variants of the public-key infrastructure (PKI)
model (10). In the CRS model, all parties have access to a univer-
sal random string (of length related to the security parameter). We
stress that the entity trusted to post this universal random string is
not required to take part in any execution of any protocol, and that all
executions of all protocols may use the same universal random string.
The PKI models considered in (10) require that each party deposits a
public-key with a trusted center, while proving knowledge of a corre-
sponding private-key. This proof may be conducted in zero-knowledge
during special epochs in which no other activity takes place.
7.5
Concluding remarks
In Sections 7.1-7.2 we have mentioned a host of definitions of secu-
rity and constructions for multi-party protocols (especially for the case
8
Of course, some specific two-party computations do have environmentally-secure protocols.
See (34) for several important examples (e.g., key exchange).
