On Secure Multi-party Computation in Black-Box Groups

Abstract

We study the natural problem of secure n-party computation (in the passive, computationally unbounded attack model) of the n-product function fG(x1, . . . , xn) = x1 ċ x2 . . . xn in an arbitrary finite group (G, ċ), where the input of party Pi is xi ∈ G for i = 1, . . . , n. For flexibility, we are interested in protocols for fG which require only black-box access to the group G (i.e. the only computations performed by players in the protocol are a group operation, a group inverse, or sampling a uniformly random group element). Our results are as follows. First, on the negative side, we show that if (G, ċ) is non-abelian and n ≥ 4, then no ⌈n/2⌉-private protocol for computing fG exists. Second, on the positive side, we initiate an approach for construction of black-box protocols for fG based on k-of-k threshold secret sharing schemes, which are efficiently implementable over any black-box group G. We reduce the problem of constructing such protocols to a combinatorial colouring problem in planar graphs. We then give two constructions for such graph colourings. Our first colouring construction gives a protocol with optimal collusion resistance t < n/2, but has exponential communication complexity O(n(2t+1/t)2) group elements (this construction easily extends to general adversary structures). Our second probabilistic colouring construction gives a protocol with (close to optimal) collusion resistance t < n/µ for a graph-related constant µ ≤ 2.948, and has efficient communication complexity O(nt2) group elements. Furthermore, we believe that our results can be improved by further study of the associated combinatorial problems.