Unconditionally Secure Multi-party Computation from Weak Primitives

Let us assume that old friends meet again, after a long time. Both have become millionaires since that last time they met would like to find out who has been more successful in making money. However, they don't want the other to find out how much they earn, they both only want to get to know one bit of information. This problem is an example of secure multi-party computation, which has been introduced by Yao [46], where different parties want to collaborate in a secure way in order to achieve a common goal, however they mutually distrust each other and do not want to make use of a trusted third party, i.e., a distinct player that would carry out the computation for them. Note that, opposed to many other problem in cryptography, the players are not apriori good or bad. In this chapter we will only look at special case of secure function evaluation , where every party holds an input to a function, and the output should be computed in a way such that no party has to reveal unnecessary information about her input. A complete solution for this problem with respect to computational security was given in [27]. In [4, 13], it was shown that in a model with only pairwise secure channels, MPC unconditionally secure against an active adversary is achievable if and only if t < n/3 players are corrupted. However, if the players are provided additionally In [3, 39] it was shown that this bound can be improved to t < n/2, assuming that global broadcast channels are additionally given—and this bound was shown tight. A protocol more efficient than those in [3, 39] was given in [15]. For the case where n = 2, there cannot exist a protocol that is unconditionally secure, as we will see later. However, if a primitive called oblivious transfer is assumed, then any function can be calculated unconditionally secure, this was shown by Kilian [31]. In this work we will present several protocols that implement the basic primitives bit-commitment, oblivious transfer and broadcast based on noisy resources, such as noisy channels and correlated randomness.