Skip to main content
QUICK REVIEW

[论文解读] Security, fault tolerance, and communication complexity in distributed systems

Michael O. Rabin, Donald Beaver|arXiv (Cornell University)|Jan 1, 1990
Cryptography and Data Security参考文献 61被引用 17
一句话总结

本文提出了一种新颖的、通信高效的协议,用于容错系统中的安全分布式计算,通过局部随机化约化技术,实现了常数轮次、低通信复杂度的协议,且在计算复杂度模型和信息论模型下均具有可证明的安全性,无论函数的复杂度如何。

ABSTRACT

We present efficient and practical algorithms for a large, distributed system of processors to achieve reliable computations in a secure manner. Specifically, we address the problem of computing a general function of several private inputs distributed among the processors of a network, while ensuring the correctness of the results and the privacy of the inputs, despite accidental or malicious faults in the system. Communication is often the most significant bottleneck in distributed computing. Our algorithms maintain a low cost in local processing time, are the first to achieve optimal levels of fault-tolerance, and most importantly, have low communication complexity. In contrast to the best known previous methods, which require large numbers of rounds even for fairly simple computations, we devise protocols that use small messages and a constant number of rounds regardless of the complexity of the function to be computed. Through direct algebraic approaches, we separate the communication complexity of secure computing from the computational complexity of the function to be computed. We examine security under both the modern approach of computational complexity-based cryptography and the classical approach of unconditional, information-theoretic security. We develop a clear and concise set of definitions that support formal proofs of claims to security, addressing an important deficiency in the literature. Our protocols are provably secure. In the realm of information-theoretic security, we characterize those functions which two parties can compute jointly with absolute privacy. We also characterize those functions which a weak processor can compute using the aid of powerful processors without having to reveal the instances of the problem it would like to solve. Our methods include a promising new technique called a locally random reduction, which has given rise not only to efficient solutions for many of the problems considered in this work but to several powerful new results in complexity theory.

研究动机与目标

  • 设计安全的、容错的分布式协议,确保在意外和恶意故障下仍能保持私有输入的隐私性并保证正确性。
  • 最小化分布式安全计算中的通信复杂度,使其与被计算函数的计算复杂度解耦。
  • 在基于计算复杂度的密码学和信息论安全模型下实现可证明的安全性。
  • 表征在绝对隐私条件下,两个参与方可安全计算的函数集合,以及弱处理器在强大处理器协助下不泄露输入实例即可计算函数的场景。
  • 提出并形式化一种新技术——局部随机化约化,以实现高效解决方案并推动复杂度理论的新发现。

提出的方法

  • 作者采用一种新颖的技术——局部随机化约化,将安全计算任务转化为计算开销小的子问题,通信开销极低。
  • 设计的协议使用小消息且通信轮次为常数,与函数的计算复杂度无关。
  • 通过直接代数构造方法,将通信复杂度与函数的计算复杂度分离开来。
  • 建立了形式化定义以支持严谨的、可证明的安全性声明,弥补了先前文献中的关键缺陷。
  • 协议设计为能抵御意外和恶意故障,确保正确性和隐私性。
  • 在基于计算复杂度的密码学和无条件的信息论安全模型下分析安全性。

实验结果

研究问题

  • RQ1在信息论安全模型下,两个参与方可安全计算哪些函数并实现绝对隐私?
  • RQ2弱处理器能否在强大处理器协助下计算函数而不泄露其输入实例?
  • RQ3如何在不依赖函数复杂度的前提下,实现通信量最小化且轮次恒定的安全分布式计算?
  • RQ4安全计算的通信复杂度是多少?能否将其与函数的计算复杂度解耦?
  • RQ5在安全计算中使用局部随机化约化技术,会引出哪些新的复杂度理论结果?

主要发现

  • 所提出的协议实现了最优容错能力,且是首个在不考虑函数复杂度的情况下,保持低通信复杂度和常数轮次的协议。
  • 通过直接代数方法,成功地将通信复杂度与函数的计算复杂度解耦。
  • 本文提供了形式化的定义框架,使可证明的安全性声明得以实现,解决了先前工作中存在的缺陷。
  • 提出了一种新技术——局部随机化约化,并证明其能带来高效解决方案和复杂度理论的新发现。
  • 作者表征了在双参与方和客户端协助场景下,可实现绝对隐私安全计算的函数集合。
  • 协议在计算复杂度模型和信息论模型下均具有可证明的安全性,确保对恶意故障的鲁棒性。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。