Cheater Detection in SPDZ Multiparty Computation
SPINI, Gabriele
Institut de Mathématiques de Bordeaux [IMB]
Mathematisch Instituut Universiteit Leiden
Centrum Wiskunde & Informatica [CWI]
Institut de Mathématiques de Bordeaux [IMB]
Mathematisch Instituut Universiteit Leiden
Centrum Wiskunde & Informatica [CWI]
SPINI, Gabriele
Institut de Mathématiques de Bordeaux [IMB]
Mathematisch Instituut Universiteit Leiden
Centrum Wiskunde & Informatica [CWI]
< Réduire
Institut de Mathématiques de Bordeaux [IMB]
Mathematisch Instituut Universiteit Leiden
Centrum Wiskunde & Informatica [CWI]
Langue
en
Communication dans un congrès
Ce document a été publié dans
9th International Conference on Information Theoretic Security, 9th International Conference on Information Theoretic Security, Information Theoretic Security, 2016-08-09, Tacoma, WA. vol. 10015, p. 151--176
Springer
Résumé en anglais
In this work we revisit the SPDZ multiparty computation protocol by Damgård et al. for securely computing a function in the presence of an unbounded number of dishonest parties. The SPDZ protocol is distinguished by its ...Lire la suite >
In this work we revisit the SPDZ multiparty computation protocol by Damgård et al. for securely computing a function in the presence of an unbounded number of dishonest parties. The SPDZ protocol is distinguished by its fast performance. A downside of the SPDZ protocol is that one single dishonest party can enforce the computation to fail, meaning that the honest parties have to abort the computation without learning the outcome, whereas the cheating party may actually learn it. Furthermore, the dishonest party can launch such an attack without being identified to be the cheater. This is a serious obstacle for practical deployment: there are various reasons for why a party may want the computation to fail, and without cheater detection there is little incentive for such a party not to cheat. As such, in many cases, the protocol will actually fail to do its job.In this work, we enhance the SPDZ protocol to allow for cheater detection: a dishonest party that enforces the protocol to fail will be identified as being the cheater. As a consequence, in typical real-life scenarios, parties will actually have little incentive to cheat, and if cheating still takes place, the cheater can be identified and discarded and the computation can possibly be re-done, until it succeeds.The challenge lies in adding this cheater detection feature to the original protocol without increasing its complexity significantly. In case no cheating takes place, our new protocol is as efficient as the original SPDZ protocol which has no cheater detection. In case cheating does take place, there may be some additional overhead, which is still reasonable in size though, and since the cheater knows he will be caught, this is actually unlikely to occur in typical real-life scenarios.< Réduire
Origine
Importé de halUnités de recherche