Is there any secure deterministic two-party computation protocol?

amyyy

5/18/24, 7:23 PM

The notion of security considered here is privacy. Is there a secure two-party protocol does not rely on randomness at all when considering passive adversaries (or active adversaries)? If the answer is no, are there any proofs of this in the literature? I tried to find relevant information, but still got nothing.

1 + 2

multiparty-computation

protocol-design

randomness

Wilson

5/18/24, 7:47 PM

There always exist a secure two-party MPC for trivial functionalities that does not use any randomness. For example, consider the function $f(x_0, x_1)\to 1$. The protocol is that both parties output 1 and no interaction occurs.

amyyy

5/18/24, 8:51 PM

@Wilson um I think what I am looking for is probably a non-trivial example where parties "truly" interactive and make use of their private inputs. My point is that no such example exists, thank you for your comment as it made me realize that such non-trivial examples should be excluded.

Score:1

Crypto

Mikero

5/19/24, 4:09 AM

There are plenty of non-trivial deterministic protocols that achieve semi-honest or standalone security.

In Privacy and Communication Complexity, Kushilevitz characterized which functions have a deterministic semi-honest protocol. Here is one example: The function is the maximum function, where Alice has an input from $\{1, 3, \ldots, 2n+1\}$ and Bob has an input from $\{0, 2, \ldots, 2n\}$. The deterministic protocol proceeds as follows:

Alice announces whether she has input $2n+1$. If she does, then the protocol ends.
Bob announces whether he has input $2n$. If he does, then the protocol ends.
etc etc

Sometimes this particular protocol is called the "Dutch flower auction" protocol. It's possible to show that the protocol achieves semi-honest security --- given just the ideal function's output, it's easy to simulate the transcript.

Kushilevitz defines a "decomposable" function and shows that a function has a (perfectly secure) semi-honest protocol if and only if it is decomposable. Furthermore, every decomposable function has a deterministic protocol! So in this security model, deterministic protocols are the norm, not the exception!

This particular protocol is also secure in the standalone model, although the security reasoning is less obvious. In section 5 of Complexity of Multi-party Computation Problems, we characterize which functions have standalone-secure protocols of this form.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is there any secure deterministic two-party computation protocol?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.