Paper 2022/606

Honorific Security: Efficient Two-Party Computation with Offloaded Arbitration and Public Verifiability

Tianxiang Dai, Lancaster University Leipzig
Yufan Jiang, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Yong Li, Huawei Technologies (Germany)
Jörn Müller-Quade, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Andy Rupp, University of Luxembourg, KASTEL Security Research Labs
Abstract

Secure two-party computation (2PC) allows two distrustful parties to jointly compute some functions while keeping their private secrets unrevealed. Adversaries are often categorized as semi-honest and malicious, depending on whether they follow the protocol specifications or not. While a semi-honest secure protocol is fast but strongly assumed that all participants will follow the protocol, a malicious protocol often requires heavy verification steps and preprocessing phase to prohibit any cheat. Covert security [10] was first introduced by Aumann and Lindell, which looks into the "middle ground" between semi-honest security and malicious security, such that active adversaries who cheat will be caught with a predefined probability. However, it is still an open question that how to properly determine such a probability before protocol execution, and the misbehavior detection must be made by other honest participants with cut-and-choose in current constructions. To achieve public verifiability and meanwhile outsource the verification steps, [12] presented publicly auditable security to enable an external auditor to verify the result correctness. Essentially, an additional existence assumption of a bulletin board functionality is required to keep tracking the broadcasted messages for the auditor. And moreover, the auditor cannot identify the cheater, but only points out the incorrect result. The (robust) accountability family [40, 62, 76] achieves both output delivery guarantee and public verifiability, which relies on heavy offline and online constructions with zero knowledge proofs. In this paper, we propose a new security notion called honorific security, where an external arbiter can find the cheater with overwhelming probability under the malicious corruption. With honorific security, we do not prohibit cheat of a corrupted party during the online stage, but enable the honest party to detect and punish the cheater later on in public. We show that a maliciously secure garbled circuit (GC) [83] protocol can thus be constructed with only slightly more overhead than a passively secure protocol. Our construction performs up to 2.37 times and 13.30 times as fast as the state-of-the-art protocols with covert and malicious security, respectively.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. Secrypt 2025
Keywords
Two-party computationSecurity notionEfficient protocolsMulti-party computationHonorific security
Contact author(s)
yufan jiang @ kit edu
History
2025-04-03: revised
2022-05-23: received
See all versions
Short URL
https://ia.cr/2022/606
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/606,
      author = {Tianxiang Dai and Yufan Jiang and Yong Li and Jörn Müller-Quade and Andy Rupp},
      title = {Honorific Security: Efficient Two-Party Computation with Offloaded Arbitration and Public Verifiability},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/606},
      year = {2022},
      url = {https://eprint.iacr.org/2022/606}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.