Network Agnostic MPC with Statistical Security

Abstract

We initiate the study of the network agnostic MPC protocols with statistical security. Network agnostic protocols give the best possible security guarantees irrespective of the underlying network type. We consider the general-adversary model, where the adversary is characterized by an adversary structure which enumerates all possible candidate subsets of corrupt parties. The Q(k) condition enforces that the union of no k subsets from the adversary structure covers the party set. Given an unconditionally-secure PKI setup, known statistically-secure synchronous MPC protocols are secure against adversary structures satisfying the Q(2) condition. Known statistically-secure asynchronous MPC protocols can tolerate Q(3) adversary structures. Fix a set of n parties P = \P1, ... ,Pn\ and adversary structures Zs and Za, satisfying the Q(2) and Q(3) conditions respectively, where Za ⊂ Zs. Then, given an unconditionally-secure PKI, we ask whether it is possible to design a statistically-secure MPC protocol resilient against Zs and Za in a synchronous and an asynchronous network respectively if the parties in P are unaware of the network type. We show that it is possible iff Zs and Za satisfy the Q(2,1) condition, meaning that the union of any two subsets from Zs and any one subset from Za is a proper subset of P. We design several important network agnostic building blocks with the Q(2,1) condition, such as Byzantine broadcast, Byzantine agreement, information checking protocol, verifiable secret-sharing and secure multiplication protocol, whose complexity is polynomial in n and |Zs|.