*** Welcome to piglix ***

Multi-party computing


Secure multi-party computation (also known as secure computation, multi-party computation/MPC, or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Unlike traditional cryptographic tasks, where the adversary is outside the system of participants (an eavesdropper on the sender and receiver) the adversary in this model controls actual participants. These types of tasks started in the late 1970's with the work on mental poker, cryptographic work that simulates game playing over distances without requiring a trusted third party.

Secure computation was formally introduced as secure two-party computation (2PC) in 1982 (for the so called Millionaires' Problem), and in generality in 1986 by Andrew Yao. The area is also referred to as Secure function evaluation (SFE). The two party case was followed by a generalization to the multi-party by Goldreich, Micali and Widgerson. The computation is based on secret sharing of all the inputs and zero-knowledge proofs for potentially malicious case, where majority of honest players in the malicious adversary case assure that bad behavior is detected and the computation continues with the dishonest person eliminated or his input revealed. This work suggested the very basic general scheme to be followed by essentially all future multi party protocols for secure computing. This work followed by a robust secure protocol which tolerates faulty behavior graciously without revealing anyone's output via a work which invented for this purpose the `share of shares idea' and a protocol that allows one of the parties to hide its input unconditionally. The above results are in a model where the adversary is limited to polynomial time computations, and it observes all communications, and therefore the model is called the `computational model'. Further, the protocol of Oblivious transfer was shown to be complete for these tasks. The above results established that it is possible under the above variations to achieve secure computation when majority of users are honest. The next question to ask is the case of secure communication channels where the point-to-point communication is not available to the adversary; in this case it was shown that solutions can be achieved with up to 1/3 of misbehaving malicious parties and the solutions apply no cryptographic tools (since secure communication is available) see: , where if both the point-to-point secure channels are available and also a global broadcast channel it was shown how up to 1/2 of the parties can be corrupted. The area of multi-party protocols became a fertile area to investigate basic and general protocol issues properties on, such as Universal composability or Mobile Adversary.


...
Wikipedia

...