Counting method for multi-party computation over non-abelian groups

Publication Type:
Conference Proceeding
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2008, 5339 LNCS pp. 162 - 177
Issue Date:
Full metadata record
Files in This Item:
Filename Description Size
Thumbnail2013005439OK.pdf463.18 kB
Adobe PDF
In the Crypto'07 paper [5], Desmedt et al. studied the problem of achieving secure n-party computation over non-Abelian groups. The function to be computed is fG(x1,...,xn) :∈=∈x1•...•xnwhere each participant Piholds an input xifrom the non-commutative group G. The settings of their study are the passive adversary model, information-theoretic security and black-box group operations over G. They presented three results. The first one is that honest majority is needed to ensure security when computing fG. Second, when the number of adversary , they reduced building such a secure protocol to a graph coloring problem and they showed that there exists a deterministic secure protocol computing fGusing exponential communication complexity. Finally, Desmedt et al. turned to analyze random coloring of a graph to show the existence of a probabilistic protocol with polynomial complexity when t∈<∈n/μ, in which μ is a constant less than 2.948. We call their analysis method of random coloring the counting method as it is based on the counting of the number of a specific type of random walks. This method is inspiring because, as far as we know, it is the first instance in which the theory of self-avoiding walk appears in multiparty computation. In this paper, we first give an altered exposition of their proof. This modification will allow us to adapt this method to a different lattice and reduce the communication complexity by 1/3, which is an important saving for practical implementations of the protocols. We also show the limitation of the counting method by presenting a lower bound for this technique. In particular, we will deduce that this approach would not achieve the optimal collusion resistance. © 2008 Springer Berlin Heidelberg.
Please use this identifier to cite or link to this item: