Composition of secure multi-party protocols. A comprehensive study. (Q1407493)

Multi-party protocols consider the scenario where several parties wish to jointly compute some function. Such a protocol is secure if it does not reveal anything beyond what is necessary (privacy) and each party receive its correct output (correctness). The book studies security of multi-party protocols under composition, i.e. when more protocols run in succession or simultaneously. The initial chapter introduces the problem of multi-party protocols and security properties; describes possible adversarial models and types of protocol compositions; and summarizes new results presented in the book. Three technical chapters follow. The first one deals with the composition of authentication Byzantine agreement. The protocol securely simulates a broadcast channel within a point-to-point network, and is the key tool in the design of secure protocols for multi-party computation. The author shows that the problem of achieving secure broadcast is strictly harder when composition is allowed. Using unique identifiers to solve the problem is discussed. Lower bounds for the composition of deterministic protocols are presented as well. In Chapter 3 it is shown that if the definition of secure computation is slightly relaxed (``computation with abort''), one can construct secure protocols without using Byzantine Agreement, and, as a result, multi-party protocols in a point-to-point network that remain secure under self composition can be achieved for any number of corrupted parties and without a broadcast channel. The last chapter deals with the problem whether the secure multi-party computation remaining secure under general composition can be achieved for any number of corrupted parties, considering an asynchronous multi-party network and an adversary that can adaptively corrupt as many parties as it wishes. Several secure multi-party protocols are presented.