Network Agnostic MPC with Statistical Security
share
We initiate the study of the network agnostic MPC protocols with statistical security. Network agnostic protocols give the best possible security guarantees irrespective of the underlying network type. We consider the general-adversary model, where the adversary is characterized by an adversary structure which enumerates all possible candidate subsets of corrupt parties. The 𝒬^(k) condition enforces that the union of no k subsets from the adversary structure covers the party set. Given an unconditionally-secure PKI setup, known statistically-secure synchronous MPC protocols are secure against adversary structures satisfying the 𝒬^(2) condition. Known statistically-secure asynchronous MPC protocols can tolerate 𝒬^(3) adversary structures. Fix a set of n parties 𝒫 = {P_1, ... ,P_n} and adversary structures 𝒵_s and 𝒵_a, satisfying the 𝒬^(2) and 𝒬^(3) conditions respectively, where 𝒵_a ⊂𝒵_s. Then, given an unconditionally-secure PKI, we ask whether it is possible to design a statistically-secure MPC protocol resilient against 𝒵_s and 𝒵_a in a synchronous and an asynchronous network respectively if the parties in 𝒫 are unaware of the network type. We show that it is possible iff 𝒵_s and 𝒵_a satisfy the 𝒬^(2,1) condition, meaning that the union of any two subsets from 𝒵_s and any one subset from 𝒵_a is a proper subset of 𝒫. We design several important network agnostic building blocks with the 𝒬^(2,1) condition, such as Byzantine broadcast, Byzantine agreement, information checking protocol, verifiable secret-sharing and secure multiplication protocol, whose complexity is polynomial in n and |𝒵_s|.
READ FULL TEXT