Realistic Failures in Secure Multi-party Computation

In secure multi-party computation, the different ways in which the adversary can control the corrupted players are described by different corruption types. The three most common corruption types are active corruption (the adversary has full control over the corrupted player), passive corruption (the adversary sees what the corrupted player sees) and fail-corruption (the adversary can force the corrupted player to crash irrevocably). Because fail-corruption is inadequate for modeling recoverable failures, the so-called omission corruption was proposed and studied mainly in the context of Byzantine Agreement (BA). It allows the adversary to selectively block messages sent from and to the corrupted player, but without actually seeing the message. In this paper we propose a modular study of omission failures in MPC, by introducing the notions of send-omission (the adversary can selectively block outgoing messages) and receive-omission (the adversary can selectively block incoming messages) corruption. We provide security definitions for protocols tolerating a threshold adversary who can actively, receive-omission, and sendomission corrupt up to t(alpha), t(rho), and t(sigma) players, respectively. We show that the condition 3t(alpha) + t(rho) + t(sigma) < n is necessary and sufficient for perfectly secure MPC tolerating such an adversary. Along the way we provide perfectly secure protocols for BA under the same bound. As an implication of our results, we show that an adversary who actively corrupts up to t(alpha) players and omission corrupts (according to the already existing notion) up to t(omega) players can be tolerated for perfectly secure MPC if 3t(alpha) + 2t(omega) < n. This significantly improves a result by Koo in TCC 2006.