222 research outputs found
Asynchronous Multi-Party Quantum Computation
Multi-party quantum computation (MPQC) allows a set of parties to securely compute a quantum circuit over private quantum data. Current MPQC protocols rely on the fact that the network is synchronous, i.e., messages sent are guaranteed to be delivered within a known fixed delay upper bound, and unfortunately completely break down even when only a single message arrives late.
Motivated by real-world networks, the seminal work of Ben-Or, Canetti and Goldreich (STOC\u2793) initiated the study of multi-party computation for classical circuits over asynchronous networks, where the network delay can be arbitrary. In this work, we begin the study of asynchronous multi-party quantum computation (AMPQC) protocols, where the circuit to compute is quantum.
Our results completely characterize the optimal achievable corruption threshold: we present an n-party AMPQC protocol secure up to t < n/4 corruptions, and an impossibility result when t ? n/4 parties are corrupted. Remarkably, this characterization differs from the analogous classical setting, where the optimal corruption threshold is t < n/3
Computer Science and Game Theory: A Brief Survey
There has been a remarkable increase in work at the interface of computer
science and game theory in the past decade. In this article I survey some of
the main themes of work in the area, with a focus on the work in computer
science. Given the length constraints, I make no attempt at being
comprehensive, especially since other surveys are also available, and a
comprehensive survey book will appear shortly.Comment: To appear; Palgrave Dictionary of Economic
Brief Announcement: Optimally-Resilient Unconditionally-Secure Asynchronous Multi-Party Computation Revisited
In this paper, we present an optimally-resilient, unconditionally-secure asynchronous multi-party computation (AMPC) protocol for n parties, tolerating a computationally unbounded adversary, capable of corrupting up to t < n/3 parties. Our protocol needs a communication of ?(n?) field elements per multiplication gate. This is to be compared with previous best AMPC protocol (Patra et al, ICITS 2009) in the same setting, which needs a communication of ?(n?) field elements per multiplication gate. To design our protocol, we present a simple and highly efficient asynchronous verifiable secret-sharing (AVSS) protocol, which is of independent interest
Asynchronous Multi-Party Quantum Computation
Multi-party quantum computation (MPQC) allows a set of parties to securely compute a quantum circuit over private quantum data. Current MPQC protocols rely on the fact that the network is synchronous, i.e., messages sent are guaranteed to be delivered within a known fixed delay upper bound, and unfortunately completely break down even when only a single message arrives late.
Motivated by real-world networks, the seminal work of Ben-Or, Canetti and Goldreich (STOC\u2793) initiated the study of multi-party computation for classical circuits over asynchronous networks, where the network delay can be arbitrary. In this work, we begin the study of asynchronous multi-party quantum computation (AMPQC) protocols, where the circuit to compute is quantum.
Our results completely characterize the optimal achievable corruption threshold: we present an -party AMPQC protocol secure up to corruptions, and an impossibility result when parties are corrupted. Remarkably, this characterization differs from the analogous classical setting, where the optimal corruption threshold is
Asymmetric Multi-Party Computation
Current protocols for Multi-Party Computation (MPC) consider the setting where all parties have access to similar resources. For example, all parties have access to channels bounded by the same worst-case delay upper bound , and all channels have the same cost of communication. As a consequence, the overall protocol performance (resp. the communication cost) may be heavily affected by the slowest (resp. the most expensive) channel, even when most channels are fast (resp. cheap).
Given the state of affairs, we initiate a systematic study of \u27asymmetric\u27 MPC. In asymmetric MPC, the parties are divided into two categories: fast and slow parties, depending on whether they have access to high-end or low-end resources.
We investigate two different models. In the first, we consider asymmetric communication delays: Fast parties are connected via channels with small delay among themselves, while channels connected to (at least) one slow party have a large delay . In the second model, we consider asymmetric communication costs: Fast parties benefit from channels with cheap communication, while channels connected to a slow party have an expensive communication.
We provide a wide range of positive and negative results exploring the trade-offs between the achievable number of tolerated corruptions and slow parties , versus the round complexity and communication cost in each of the models. Among others, we achieve the following results.
In the model with asymmetric communication delays, focusing on the information-theoretic (i-t) setting:
- An i-t asymmetric MPC protocol with security with abort as long as and , in a constant number of slow rounds.
- We show that achieving an i-t asymmetric MPC protocol for and with number of slow rounds independent of the circuit size implies an i-t synchronous MPC protocol with round complexity independent of the circuit size, which is a major problem in the field of round-complexity of MPC.
- We identify a new primitive, \emph{asymmetric broadcast}, that allows to consistently distribute a value among the fast parties, and at a later time the same value to slow parties. We completely characterize the feasibility of asymmetric broadcast by showing that it is possible if and only if .
- An i-t asymmetric MPC protocol with guaranteed output delivery as long as and , in a number of slow rounds independent of the circuit size.
In the model with asymmetric communication cost, we achieve an asymmetric MPC protocol for security with abort for and , based on one-way functions (OWF). The protocol communicates a number of bits over expensive channels that is independent of the circuit size. We conjecture that assuming OWF is needed and further provide a partial result in this direction
- …