In this work, we introduce the Gulliver multi-party computation model (GMPC).
The GMPC model considers a single highly powerful party, called the server or
Gulliver, that is connected to n users over a star topology network
(alternatively formulated as a full network, where the server can block any
message). The users are significantly less powerful than the server, and, in
particular, should have both computation and communication complexities that
are polylogarithmic in n. Protocols in the GMPC model should be secure
against malicious adversaries that may corrupt a subset of the users and/or the
server.
Designing protocols in the GMPC model is a delicate task, since users can
only hold information about polylog(n) other users (and, in particular, can
only communicate with polylog(n) other users). In addition, the server can
block any message between any pair of honest parties. Thus, reaching an
agreement becomes a challenging task. Nevertheless, we design generic protocols
in the GMPC model, assuming that at most Ξ±<1/6 fraction of the users may
be corrupted (in addition to the server). Our main contribution is a variant of
Feige's committee election protocol [FOCS 1999] that is secure in the GMPC
model. Given this tool we show:
1. Assuming fully homomorphic encryption (FHE), any computationally efficient
function with O(nβ polylog(n))-size output can be securely
computed in the GMPC model.
2. Any function that can be computed by a circuit of O(polylog(n)) depth,
O(nβ polylog(n)) size, and bounded fan-in and fan-out can be
securely computed in the GMPC model without assuming FHE.
3. In particular, sorting can be securely computed in the GMPC model without
assuming FHE. This has important applications for the shuffle model of
differential privacy, and resolves an open question of Bell et al. [CCS 2020]