Counting Method for Multi-party Computation over Non-abelian Groups

  • Authors:
  • Youming Qiao;Christophe Tartary

  • Affiliations:
  • Institute for Theoretical Computer Science, Tsinghua University, Beijing, People's Republic of China 100084;Institute for Theoretical Computer Science, Tsinghua University, Beijing, People's Republic of China 100084 and Division of Mathematical Sciences School of Physical and Mathematical Sciences, Nany ...

  • Venue:
  • CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

In the Crypto'07 paper [5], Desmedt et al. studied the problem of achieving secure n -party computation over non-Abelian groups. The function to be computed is f G (x 1 ,...,x n ) : = x 1 ·...·x n where each participant P i holds an input x i from the non-commutative group G . The settings of their study are the passive adversary model, information-theoretic security and black-box group operations over G . They presented three results. The first one is that honest majority is needed to ensure security when computing f G . Second, when the number of adversary $t\leq\lceil\frac{n}{2}\rceil-1$, they reduced building such a secure protocol to a graph coloring problem and they showed that there exists a deterministic secure protocol computing f G using exponential communication complexity. Finally, Desmedt et al. turned to analyze random coloring of a graph to show the existence of a probabilistic protocol with polynomial complexity when t n /μ , in which μ is a constant less than 2.948. We call their analysis method of random coloring the counting method as it is based on the counting of the number of a specific type of random walks. This method is inspiring because, as far as we know, it is the first instance in which the theory of self-avoiding walk appears in multiparty computation. In this paper, we first give an altered exposition of their proof. This modification will allow us to adapt this method to a different lattice and reduce the communication complexity by 1/3, which is an important saving for practical implementations of the protocols. We also show the limitation of the counting method by presenting a lower bound for this technique. In particular, we will deduce that this approach would not achieve the optimal collusion resistance $\lceil \frac{n}{2} \rceil - 1$.