(Unconditional) Secure Multiparty Computation with Man-in-the-middle Attacks

In secure multi-party computation $n$ parties jointly evaluate an $n$-variate function $f$ in the presence of an adversary which can corrupt up till $t$ parties. Almost all the works that have appeared in the literature so far assume the presence of authenticated channels between the parties. This assumption is far from realistic. Two directions of research have been borne from relaxing this (strong) assumption: (a) The adversary is virtually omnipotent and can control all the communication channels in the network, (b) Only a partially connected topology of authenticated channels is guaranteed and adversary controls a subset of the communication channels in the network. This work introduces a new setting for (unconditional) secure multiparty computation problem which is an interesting intermediate model with respect to the above well studied models from the literature (by sharing a salient feature from both the above models). We consider the problem of (unconditional) secure multi-party computation when ‘some’ of the communication channels connecting the parties can be corrupted passively as well as actively. For this setting, some honest parties may be connected to several other honest parties via corrupted channels and may not be able to authentically communicate with them. Such parties may not be assured the canonical guarantees of correctness or privacy. We present refined definitions of security for this new intermediate model of unconditional multiparty computation. We show how to adapt protocols for (Unconditional) secure multiparty computation to realize the definitions and also argue the tightness of the results achieved by us.

💡 Research Summary

This paper tackles a realistic gap in the literature on unconditional (information‑theoretic) secure multiparty computation (SMPC). Traditional SMPC protocols assume that every pair of parties communicates over an authenticated channel, an assumption that rarely holds in practice. Two extreme models have been studied: (a) the adversary controls all communication links (the “full‑control” model) and (b) only a subset of links is authenticated while the rest are under adversarial control (the “partial‑auth” model). Both are either too pessimistic or too optimistic for many real‑world networks.

The authors introduce an intermediate threat model in which a subset of the communication channels can be corrupted either passively (eavesdropping) or actively (message tampering). Importantly, the model separates the notions of “party corruption” (up to t parties may be fully compromised) and “channel corruption” (any number of links may be compromised, each independently classified as normal, passively corrupted, or actively corrupted). Consequently, an honest party may be linked to other honest parties through compromised channels, making direct, trustworthy communication impossible for those pairs.

To capture security in this setting, the paper refines the classic SMPC security definition (correctness, privacy, and simulation‑based indistinguishability) by adding a “channel‑security” dimension. The refined definition requires:

1. Channel Correctness – Even if some messages are altered on corrupted links, the overall protocol must still output the correct function value for all honest parties.
2. Channel Privacy – Information gleaned by the adversary from eavesdropped or tampered links must not increase the adversary’s knowledge about honest inputs beyond what is allowed by the standard privacy definition.
3. Channel Simulation – The simulator used in the security proof must be able to reproduce both the passive observations and the active forgeries that the adversary can obtain from corrupted channels.

Armed with these definitions, the authors show how to adapt two canonical unconditional SMPC constructions—BGW (based on Shamir secret sharing) and GMW (based on Boolean circuits)—to the new model. The adaptation consists of three main engineering ideas:

• Multi‑path transmission – Each share or message is sent over several independent network paths. If only a fraction of the paths are compromised, the receiver can still recover the original share.
• Error‑correcting codes – Shares are encoded with Reed‑Solomon or similar codes before transmission, allowing the receiver to correct a bounded number of tampered symbols introduced by actively corrupted links.
• Channel‑authentication layer – A common reference string (CRS) is used to derive MACs or public‑key signatures that accompany every transmitted piece. Even if an adversary modifies a packet, the recipient can detect the alteration and discard the faulty copy.

These mechanisms increase communication overhead modestly (additional rounds for verification and larger messages for redundancy) but preserve the unconditional security guarantees as long as the proportion of corrupted channels does not exceed a threshold that is essentially the same as the threshold on corrupted parties (i.e., ≤ t / n).

The security proof follows the standard simulation paradigm. The simulator is given full control over the set of corrupted parties and over every compromised link. It reproduces the adversary’s view by generating exactly the same passive observations and the same forged messages that the real adversary could produce on active links. The multi‑path and error‑correction steps are simulated faithfully, ensuring that the distribution of the simulated transcript is statistically indistinguishable from the real execution transcript. Consequently, the refined security definition is satisfied.

A key contribution of the paper is the tightness argument. The authors prove that if the fraction of corrupted channels exceeds (t + 1) / n, the adversary can either force an incorrect output or learn additional information about honest inputs, making any protocol insecure under the refined definition. Hence the presented protocols achieve the optimal trade‑off between the number of tolerable corrupted parties and the number of tolerable corrupted channels.

In conclusion, the work provides a rigorous framework for unconditional SMPC in networks where only some links are authenticated, bridging the gap between the two previously studied extremes. It offers concrete protocol transformations, formal security definitions, and tight impossibility bounds. Future directions suggested include dynamic detection of corrupted links, integration of quantum‑safe authentication primitives, and empirical evaluation of the communication overhead in realistic network topologies.