Multiparty Protocol that Usually Shuffles

TL;DR

This paper introduces two secure multiparty shuffling protocols based on permutation networks, enabling parties to agree on secret permutations with provable security, while optimizing network layers and supporting quorum-based distribution.

Contribution

The work presents novel permutation network-based shuffling protocols that are unconditionally secure and more efficient, with one protocol supporting permutation sets and reduced layers.

Findings

Protocols are unconditionally secure against malicious adversaries.

The $n_{ ext{pi}}$-permute network has fewer layers than the $n$-permute network.

Security bounds are mathematically established for both protocols.

Abstract

Multiparty computation is raising importance because it's primary objective is to replace any trusted third party in the distributed computation. This work presents two multiparty shuffling protocols where each party, possesses a private input, agrees on a random permutation while keeping the permutation secret. The proposed shuffling protocols are based on permutation network, thereby data-oblivious. The first proposal is $n\text{-}permute$ that permutes $n$ inputs in all $n!$ possible ways. $n$-permute network consists of $2\log{n}-1$ layers, and in each layer there are $n/2$ gates. Our second protocol is $n_{\pi}$-permute shuffling that defines a permutation set $\Pi=\{\pi_1,\dots,\pi_N\}$ where $|\Pi| < n!$, and the resultant shuffling is a random permutation $\pi_i \in \Pi$. The $n_{\pi}$-permute network contains leases number of layers compare to $n$-permute network. Let $n=n_1n_2$, the $n_{\pi}$-permute network would define $2\log{n_1}-1+\log{n_2}$ layers. \par The proposed shuffling protocols are unconditionally secure against malicious adversary who can corrupt at most $t<n/3$ parties. The probability that adversary can learn the outcome of $n$-permute is upper bound by $((n-t)!)^{-1}$. Whereas, the probability that adversary can learn the outcome of $n_{\pi}$-permute is upper bounded by $\big(f_{\Pi}(n_1-\theta_1)^{n_2}2^{\theta_2}\big)^{-1}$, for some positive integer $\theta_1, \theta_2$, and a recursive definition of $f_{\Pi}$. The protocols allow the parties to build quorums, and distribute the load among the quorums.