Cryptography Reference
In-Depth Information
say, more than 10% of the sites). We comment that schemes
secure in this model were later termed “proactive” (cf., (39)).
7.1.2
Example: Multi-party protocols with honest majority
Here we consider an active, non-adaptive, computationally-bounded
adversary, and do not assume the existence of private channels. Our
aim is to define multi-party protocols that remain secure provided that
the honest parties are in majority. (The reason for requiring a honest
majority will be discussed at the end of this subsection.)
Consider any multi-party protocol. We first observe that each party
may change its local input before even entering the execution of the
protocol. However, this is unavoidable also when the parties utilize a
trusted party. Consequently, such an effect of the adversary on the
real execution (i.e., modification of its own input prior to entering the
actual execution) is not considered a breach of security. In general,
whatever cannot be avoided when the parties utilize a trusted party,
is not considered a breach of security. We wish secure protocols (in
the real model) to suffer only from whatever is unavoidable also when
the parties utilize a trusted party. Thus, the basic paradigm underlying
the definitions of
secure multi-party computations
amounts to requiring
that the only situations that may occur in the real execution of a secure
protocol are those that can also occur in a corresponding ideal model
(where the parties may employ a trusted party). In other words, the
“effective malfunctioning” of parties in secure protocols is restricted to
what is postulated in the corresponding ideal model.
When defining secure multi-party protocols with honest majority,
we need to pin-point what cannot be avoided in the ideal model (i.e.,
when the parties utilize a trusted party). This is easy, because the ideal
model is very simple. Since we are interested in executions in which the
majority of parties are honest, we consider an
ideal model
in which any
minority group (of the parties) may collude as follows:
(1) Firstly this dishonest minority shares its original inputs and
decides together on replaced inputs to be sent to the trusted
party. (The other parties send their respective original inputs
to the trusted party.)
