The Structure of Secure Multi-Party Computation
Mike Rosulek.
Ph.D. dissertation.
Abstract
Secure multi-party computation is a conceptual framework in which
distrusting parties engage in a protocol to securely perform a
computational task. Depending on the precise
model of security, different sets of tasks admit secure protocols.
We take a complexity-theoretic
approach to studying the inherent difficulty of securely
realizing tasks in various standard security models.
- We give the first alternate characterization of
secure realizability in the framework of universally composable (UC)
security. This is the first characterization in any model
to consider completely arbitrary computational tasks
and completely arbitrary communication channels.
- The most long-standing class of computational tasks
studied are those in which two parties evaluate a deterministic
function.
For these tasks, we give the first complete, combinatorial
characterizations
of secure realizability in the passive, standalone,
and universally composable security models, against computationally
unbounded adversaries.
- Say that a task G has ``as much cryptographic complexity''
as another task F if there is a secure protocol for F
that uses access to a secure implementation of G.
We show that there is an infinite hierarchy of tasks with
strictly increasing cryptographic complexities,
with respect to computationally unbounded security. We also
show that there exist tasks whose cryptographic complexities
are incomparable.
- In contrast, we show that under a standard
cryptographic assumption, there exist only two
distinct levels of cryptographic complexity with respect to
polynomial-time security. Every task either has a trivial
protocol using plain communication channels, or
is complete (i.e., given access to a secure implementation
of this task, there are secure protocols for all other tasks).
This is the first result to derive a characterization
of completeness for a class of arbitrary interactive tasks.
In light of these characterizations, the only tasks which are
securely realizable in the demanding framework of universal composition
are those related to secure communication. Indeed, the framework
has been used to define the security of encryption schemes,
which has allowed for modular design and analysis of protocols.
We consider a similar approach for
homomorphic encryption
schemes. A homomorphic scheme is one in which anyone can obtain
an encryption of
f(m_1, ..., m_n), given only the encryptions
of unknown messages
m_1, ..., m_n, for a specific set
of functions
f.
- We give a construction of a homomorphic encryption scheme
in which the allowed homomorphic operation is as full-featured as possible
--- namely, one can derive a correctly-distributed encryption
of f(m) given an encryption of unknown message m, for some
functions f --- yet it is computationally infeasible to
generate a ciphertext that is related to other ciphertexts
in any other way. Our contributions involve developing new
appropriate security definitions as well as new constructions.
- We show that schemes with such powerful security guarantees
can be used to build conceptually simple, efficient, UC-secure protocols
for verifiable computations on encrypted data. We show protocols for two
tasks related to aggregating encrypted data.
Downloads
