On the Communication Complexity of Secure Multi-Party Computation With Aborts

Abstract

A central goal of cryptography is Secure Multi-party Computation (MPC), where n parties desire to compute a function of their joint inputs without letting any party learn about the inputs of its peers. Unfortunately, it is well-known that MPC guaranteeing output delivery to every party is infeasible when a majority of the parties are malicious. In fact, parties operating over a point-to-point network (i.e., without access to a broadcast channel) cannot even reach an agreement on the output when more than one third of the parties are malicious (Lamport, Shostak, and Pease, JACM 1980). Motivated by this infeasibility in the point-to-point model, Gold-wasser and Lindell (J. Cryptol 2005) introduced a definition of MPC that does not require agreement, which today is generally referred to as MPC with selective abort. Under this definition, any party may abort the protocol if they detect malicious behavior. They showed that MPC with selective abort is feasible for any number of malicious parties by implementing a broadcast functionality with abort. While the model of MPC with abort has attracted much attention over the years, little is known about its communication complexity over point-to-point networks. In this work, we study the communication complexity of MPC with abort and devise nearly-optimal communication efficient protocols in this model. Namely, we prove trade-offs between the number of honest parties h, the communication complexity, and the locality of the protocols. Here, locality is a bound on the number of peers with which each party must communicate. Our results are as follows: (1) Near-optimal communication: A protocol with $Õ(n^2/h)$ communication complexity. (2) Near-optimal locality: A protocol with $Õ(n^3/h)$ communication complexity where each party communicates with only $Õ(n/h)$ other parties. (3) Intermediate communication vs locality: A protocol with communication complexity $Õ(n^3/h^{3/2})$ where each party communicates with only $Õ(n/h^{1/2})$ parties. (4) Lower bound: An $Ω(n^2/h)$ lower bound on the communication complexity. In particular, we show that any party must communicate with $Ω(n/h)$ other parties. Our lower bound is inspired by a recent lower bound for Broadcast by Blum et. al (DISC 2023).

Publication
43rd ACM Symposium on Principles of Distributed Computing