Modularity in Trusted Party Emulation

Status

This project started in August 2010 and is now closed.

Researchers

Prof. Ueli Maurer, Cryptography & Information Security Group, ETH
Christoph Lucas, Cryptography & Information Security Group, ETH

Description

In our work we focus on the field of Trusted Party Emulation, which is a generalization of Secure Multiparty Computation (MPC) and Secure Function Evaluation (SFE). A Trusted Party is an entity that interacts with the environment over a predefined interface and (correctly) performs arbitrary efficient computations. In other words, a Trusted Party is a machine that can evaluate certain programs in a correct and incorruptible manner. In the real world, such a trusted party does usually not exist. The goal of Trusted Party Emulation is to provide a protocol that can be run among a set of parties, and that emulates the functionality offered by the trusted party, even if some of the parties behave dishonestly.
The initial results in this field were mostly presented with intuitive notions of security. These notions have been formalized by simulation-based security models, i.e. the security of a protocol (the real world) is defined with respect to an ideal world, where the computation is performed by a Trusted Party or Ideal Functionality. Informally, a protocol achieves security if whatever an adversary can achieve in the real world, could also be achieved in the ideal world. Simulation-based security models can be divided into two categories.
The security of protocols proven in the Stand-Alone model holds only if the protocol is run alone and separately, without any other protocol running concurrently. This seems to be a good starting point, but it does not allow composition of protocols, and hence leads to monolithic solutions that are complicated and hard to verify.

A first step towards the simplification of the design and the proof of secure protocols was provided by the Universal Composability (UC) model of security. In contrast to stand-alone security, protocols proven secure in the UC model can be run in any arbitrary environment without losing security. A central paradigm in any constructive discipline is to construct a complex system from simpler component systems, which each may consist of yet simpler component systems, and so on. This important iterative construction paradigm is often called step-wise refinement. Due to its universal composability property, UC allows for step-wise refinement.
Interestingly enough, even though the paradigm of step-wise refinement has been introduced several years ago, still many results in the field of Trusted Party Emulation are published with a monolithic structure. Not only are those results hard to understand, but also innovative techniques are either lost in overly complicated descriptions, or are too interweaved with the remaining protocol that it is impossible to reuse these techniques in other scenarios.

Objectives

Our goal is to foster the methodology of step-wise refinement and modularization in the field of Trusted Party Emulation. For this purpose, we first demonstrate the power of modularity by extracting, modularizing and generalizing core techniques from previous results. Each resulting module should implement a functionality that is both simple enough to be easily understood, and universal enough to be widely applicable. One such core technique applicable in many different scenarios is the notion of party emulation. This technique allows a (non-trusted) party in a protocol run among one set of parties to be implemented by another set of parties.
The modularized descriptions of known protocols yield a collection of modules that can be combined in arbitrary ways. Given such a collection, we intend to investigate the possibility to construct new protocols by combining several techniques in new ways. These new protocols might either be significantly simpler than previous protocols, or they might have properties not achieved so far. One field in which this strategy might be of special interest is the field of Hybrid Security. Protocols with hybrid security provide different levels of security depending on the corruption scenario. This is in contrast to the conventional protocols that only distinguish between secure and insecure.

Publications

Martin Hirt, Christoph Lucas, and Ueli Maurer
A Dynamic Tradeoff Between Active and Passive Corruptions in Secure Multi-Party Computation.
Crypto 2013.

Christoph Lucas, Dominik Raub, and Ueli Maurer.
Hybrid Secure MPC: Trading Information-Theoretic Robustness for Computational Privacy.

In PODC’10, ACM, pp. 219-228, 2010.

Martin Hirt, Christoph Lucas, Ueli Maurer, and Dominik Raub

Graceful Degradation in Multi-Party Computation.

The 5th International Conference on Information Theoretic Security, 2011.