Limits on the security of coin flips when half the processors are faulty
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Founding crytpography on oblivious transfer
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
A zero-one law for Boolean privacy
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Verifiable secret sharing and multiparty protocols with honest majority
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
The detection of cheaters in threshold schemes
SIAM Journal on Discrete Mathematics
A perfect threshold secret sharing scheme to identify cheaters
Designs, Codes and Cryptography
Reducibility and Completeness in Private Computations
SIAM Journal on Computing
On sharing secrets and Reed-Solomon codes
Communications of the ACM
Unconditional Byzantine Agreement for any Number of Faulty Processors
STACS '92 Proceedings of the 9th Annual Symposium on Theoretical Aspects of Computer Science
Linear VSS and Distributed Commitments Based on Secret Sharing and Pairwise Checks
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
t-Cheater Identifiable (k, n) Threshold Secret Sharing Schemes
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Robust computational secret sharing and a unified account of classical secret-sharing goals
Proceedings of the 14th ACM conference on Computer and communications security
Reducibility and completeness in multi-party private computations
SFCS '94 Proceedings of the 35th Annual Symposium on Foundations of Computer Science
Universally Composable Multi-party Computation Using Tamper-Proof Hardware
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Founding Cryptography on Oblivious Transfer --- Efficiently
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Round Efficient Unconditionally Secure Multiparty Computation Protocol
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Interactive locking, zero-knowledge PCPs, and unconditional cryptography
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Protocols for multiparty coin toss with dishonest majority
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
1/p-Secure multiparty computation without honest majority and the best of both worlds
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Almost optimum secret sharing schemes secure against cheating for arbitrary secret distribution
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
On complete primitives for fairness
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Partial fairness in secure two-party computation
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Unconditionally-Secure robust secret sharing with compact shares
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
On the power of correlated randomness in secure computation
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
| Hi-index | 0.00 |
Motivated by problems in secure multiparty computation (MPC), we study a natural extension of identifiable secret sharing to the case where an arbitrary number of players may be corrupted. An identifiable secret sharing scheme is a secret sharing scheme in which the reconstruction algorithm, after receiving shares from all players, either outputs the correct secret or publicly identifies the set of all cheaters (players who modified their original shares) with overwhelming success probability. This property is impossible to achieve without an honest majority. Instead, we settle for having the reconstruction algorithm inform each honest player of the correct set of cheaters. We show that this new notion of secret sharing can be unconditionally realized in the presence of arbitrarily many corrupted players. We demonstrate the usefulness of this primitive by presenting several applications to MPC without an honest majority. Complete primitives for MPC. We present the first unconditional construction of a complete primitive for fully secure function evaluation whose complexity does not grow with the complexity of the function being evaluated. This can be used for realizing fully secure MPC using small and stateless tamper-proof hardware. A previous completeness result of Gordon et al. (TCC 2010) required the use of cryptographic signatures. Applications to partial fairness. We eliminate the use of cryptography from the online phase of recent protocols for multiparty coin-flipping and MPC with partial fairness (Beimel et al., Crypto 2010 and Crypto 2011). This is a corollary of a more general technique for unconditionally upgrading security against fail-stop adversaries with preprocessing to security against malicious adversaries. Finally, we complement our positive results by a negative result on identifying cheaters in unconditionally secure MPC. It is known that MPC without an honest majority can be realized unconditionally in the OT-hybrid model, provided that one settles for "security with abort" (Kilian, 1988). That is, the adversary can decide whether to abort the protocol after learning the outputs of corrupted players. We show that such protocols cannot be strengthened so that all honest players agree on the identity of a corrupted player in the event that the protocol aborts, even if a broadcast primitive can be used. This is contrasted with the computational setting, in which this stronger notion of security can be realized under standard cryptographic assumptions (Goldreich et al., 1987).