20
7

Multiparty Protocol that Usually Shuffles

Abstract

Multiparty computation is raising importance because it's primary objective is to replace any trusted third party in the distributed computation. This work presents two multiparty shuffling protocols where each party, possesses a private input, agrees on a random permutation while keeping the permutation secret. The proposed shuffling protocols are based on permutation network, thereby data-oblivious. The first proposal is n-permuten\text{-}permute that permutes nn inputs in all n!n! possible ways. nn-permute network consists of 2logn12\log{n}-1 layers, and in each layer there are n/2n/2 gates. Our second protocol is nπn_{\pi}-permute shuffling that defines a permutation set Π={π1,,πN}\Pi=\{\pi_1,\dots,\pi_N\} where Π<n!|\Pi| < n!, and the resultant shuffling is a random permutation πiΠ\pi_i \in \Pi. The nπn_{\pi}-permute network contains leases number of layers compare to nn-permute network. Let n=n1n2n=n_1n_2, the nπn_{\pi}-permute network would define 2logn11+logn22\log{n_1}-1+\log{n_2} layers. \par The proposed shuffling protocols are unconditionally secure against malicious adversary who can corrupt at most t<n/3t<n/3 parties. The probability that adversary can learn the outcome of nn-permute is upper bound by ((nt)!)1((n-t)!)^{-1}. Whereas, the probability that adversary can learn the outcome of nπn_{\pi}-permute is upper bounded by (fΠ(n1θ1)n22θ2)1\big(f_{\Pi}(n_1-\theta_1)^{n_2}2^{\theta_2}\big)^{-1}, for some positive integer θ1,θ2\theta_1, \theta_2, and a recursive definition of fΠf_{\Pi}. The protocols allow the parties to build quorums, and distribute the load among the quorums.

View on arXiv
Comments on this paper