Catching MPC Cheaters: Identification and Openability
Secure multi-party computation (MPC) protocols do not completely prevent malicious parties from cheating or disrupting the computation. We augment MPC with three new properties to discourage cheating. First is a strengthening of identifiable abort, called completely identifiable abort, where all parties who do not follow the protocol will be identified as cheaters by each honest party. The second is completely identifiable auditability, which means that a third party can determine whether the computation was performed correctly (and who cheated if it was not). The third is openability, which means that a distinguished coalition of parties can recover the MPC inputs.
We construct the first (efficient) MPC protocol achieving these properties. Our scheme is built on top of the SPDZ protocol (Damgard et al., Crypto 2012), which leverages an offline (computation-independent) pre-processing phase to speed up the online computation. Our protocol is optimistic, retaining online SPDZ efficiency when no one cheats. If cheating does occur, each honest party performs only local computation to identify cheaters.
Our main technical tool is a new locally identifiable secret sharing scheme (as defined by Ishai, Ostrovsky, and Zikas (TCC 2012)) which we call commitment enhanced secret sharing or CESS.
The work of Baum, Damgård, and Orlandi (SCN 2014) introduces the concept of auditability, which allows a third party to verify that the computation was executed correctly, but not to identify the cheaters if it was not. We enable the third party to identify the cheaters by augmenting the scheme with CESS. We add openability through the use of verifiable encryption and specialized zero-knowledge proofs.
2016 Massachusetts Institute of Technology. Delivered to the US Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. The work of Benjamin Fuller was done in part at MIT Lincoln Laboratory.
The authors would like to thank Carsten Baum, Mayank Varia, Samuel Yeom, and Arkady Yerukhimovich for helpful discussion.
- 3.Baum, C., Orsini, E., Scholl, P.: Efficient secure multiparty computation with identifiable abort. Cryptology ePrint Archive, Report 2016/187 (2016). http://eprint.iacr.org/2016/187
- 5.Bogetoft, P., Christensen, D.L., Damgård, I., Geisler, M., Jakobsen, T., Krøigaard, M., Nielsen, J.D., Nielsen, J.B., Nielsen, K., Pagter, J., Schwartzbach, M., Toft, T.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03549-4_20 CrossRefGoogle Scholar
- 9.Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2000). http://eprint.iacr.org/2000/067
- 11.Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, STOC 1986, pp. 364–369. ACM, New York (1986)Google Scholar
- 13.Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_1 CrossRefGoogle Scholar
- 16.Hemenway, B., Lu, S., Ostrovsky, R., IV, W.W.: High-precision secure computation of satellite collision probabilities. Cryptology ePrint Archive, Report 2016/319 (2016). http://eprint.iacr.org/2016/319
- 17.Hemenway, B., Welser, W.I., Baiocchi, D.: Achieving higher-fidelity conjunction analyses using cryptography to improve information sharing. Technical report (2014). http://www.rand.org/pubs/research_reports/RR344.html
- 20.Jakhu, R.S.: Iridium-Cosmos collision and its implications for space operations. In: Schrogl, KU., Rathgeber, W., Baranes, B., Venet C. (eds.) Yearbook on Space Policy 2008/2009. Yearbook on Space Policy, pp. 254–275. Springer, Vienna (2010). https://doi.org/10.1007/978-3-7091-0318-0_10
- 21.Kumaresan, R., Bentov, I.: How to use Bitcoin to incentivize correct computations. In: Ahn, G.-J., Yung, M., Li, N. (eds.) ACM CCS 14: 21st Conference on Computer and Communications Security, 3–7 November 2014, pp. 30–41. ACM Press, Scottsdale (2014)Google Scholar
- 24.Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: 21st Annual ACM Symposium on Theory of Computing, 15–17 May 1989, pp. 73–85. ACM Press, Seattle (1989)Google Scholar
- 28.Wright, D.: Colliding satellites: consequences and implications. Union Concerned Scientists 26, 1–10 (2009)Google Scholar
- 29.Wu, T.-C., Wu, T.-S.: Cheating detection and cheater identification in secret sharing schemes. In: IEE Proceedings - Computers and Digital Techniques, vol. 142, pp. 367–369. IET (1995)Google Scholar