Characterization of Secure Multiparty Computation Without Broadcast

TL;DR

This paper characterizes the cryptographic assumptions needed for secure multiparty computation without broadcast, especially when a third or more of the parties may be corrupted, highlighting the importance of input dominance properties.

Contribution

It provides a precise characterization of when secure computation is possible without broadcast, based on input dominance and corruption thresholds, extending understanding of cryptographic assumptions.

Findings

Secure computation with honest majority requires the functionality to be (n-2t)-dominated.

Without honest majority, secure computation requires the functionality to be 1-dominated and computable with broadcast.

Broadcast is necessary for non-dominated functionalities when a third of parties may be corrupted.

Abstract

A major challenge in the study of cryptography is characterizing the necessary and sufficient assumptions required to carry out a given cryptographic task. The focus of this work is the necessity of a broadcast channel for securely computing symmetric functionalities (where all the parties receive the same output) when one third of the parties, or more, might be corrupted. Assuming all parties are connected via a peer-to-peer network, but no broadcast channel (nor a secure setup phase) is available, we prove the following characterization: 1) A symmetric $n$-party functionality can be securely computed facing $n/3\le t<n/2$ corruptions (\ie honest majority), if and only if it is \emph{$(n-2t)$-dominated}; a functionality is $k$-dominated, if \emph{any} $k$-size subset of its input variables can be set to \emph{determine} its output. 2) Assuming the existence of one-way functions, a symmetric $n$-party functionality can be securely computed facing $t\ge n/2$ corruptions (\ie no honest majority), if and only if it is $1$-dominated and can be securely computed with broadcast. It follows that, in case a third of the parties might be corrupted, broadcast is necessary for securely computing non-dominated functionalities (in which "small" subsets of the inputs cannot determine the output), including, as interesting special cases, the Boolean XOR and coin-flipping functionalities.