Complexity of Multi-party Computation Problems: The Case of 2-Party Symmetric Secure Function Evaluation

Maji, Hemanta K.; Prabhakaran, Manoj; Rosulek, Mike

doi:10.1007/978-3-642-00457-5_16

Cited by 36 publications

(47 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We then use the combinatorial characterizations of Symmetric Secure Function Evaluation (SSFE) functionalities (obtained using frontier analysis) from [16] to extend the result to arbitrary SSFE functionalities (instead of just XOR). Further, using an extension of a result in [12], we extend this to arbitrary SFE functionalities by associating a symmetric SFE with every general SFE that has a secure protocol using a source of common randomness.…”

Section: Overviewmentioning

confidence: 99%

“…The analysis of protocols in [6,1,14] also have some elements of a frontier analysis, but of a rudimentary form which was sufficient for analysis of perfect security. In [16] frontier analysis was explicitly introduced and used to prove several protocol impossibility results and characterizations. [13] also presented similar results and used somewhat similar techniques (but relied on analyzing the protocol by rounds, instead of frontiers, and suffered limitations on the round complexity of the protocols for which the impossibility could be shown).…”

Section: Overviewmentioning

confidence: 99%

“…It is well-known that there is no standalone-secure (or UC-secure) protocol for F xor in the plain model (cf. the complete characterization of [13,16]). Also note that standalone security is a special case of UC security.…”

Section: Handling General Sfe Functionalitiesmentioning

confidence: 99%

“…The full proof is given in Appendix B.1. The main novelty in this proof (compared to the techniques in [16]) is the nature of the frontier we consider, in a semi-honest protocol. For semi-honest security, F xor does not have a canonical order for what information must be revealed by the two parties.…”

Section: Handling General Sfe Functionalitiesmentioning

confidence: 99%

“…In deriving the impossibility results our analysis crucially relies on the communication and information structure of protocols. We build on the "frontier analysis" paradigm in [8,16,17], but significantly extend its power, among other things, to enable analyzing protocols for arbitrary randomized functionalities, and protocols using randomized functionalities.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Exploring the Limits of Common Coins Using Frontier Analysis of Protocols

Maji

Ouppaphan

Prabhakaran

et al. 2011

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract. In 2-party secure computation, access to common, trusted randomness is a fundamental primitive. It is widely employed in the setting of computationally bounded players (under various complexity assumptions) to great advantage. In this work we seek to understand the power of trusted randomness, primarily in the computationally unbounded (or information theoretic) setting. We show that a source of common randomness does not add any additional power for secure evaluation of deterministic functions, even when one of the parties has arbitrary influence over the distribution of the common randomness. Further, common randomness helps only in a trivial sense for realizing randomized functions too (namely, it only allows for sampling from publicly fixed distributions), if UC security is required. To obtain these impossibility results, we employ a recently developed protocol analysis technique, which we call the frontier analysis. This involves analyzing carefully defined "frontiers" in a weighted tree induced by the protocol's execution (or executions, with various inputs), and establishing various properties regarding one or more such frontiers. We demonstrate the versatility of this technique by employing carefully chosen frontiers to derive the different results. To analyze randomized functionalities we introduce a frontier argument that involves a geometric analysis of the space of probability distributions. Finally, we relate our results to computational intractability questions. We give an equivalent formulation of the "cryptomania assumption" (that there is a semi-honest or standalone secure oblivious transfer protocol) in terms of UC-secure reduction among randomized functionalities. Also, we provide an unconditional result on the uselessness of common randomness, even in the computationally bounded setting. Our results make significant progress towards understanding the exact power of shared randomness in cryptography. To the best of our knowledge, our results are the first to comprehensively characterize the power of large classes of randomized functionalities.

show abstract

Section: Overviewmentioning

confidence: 99%