Best of Both Worlds: Revisiting the Spymasters Double Agent Problem.

This work introduces the notion of secure multiparty computation: MPC with fall-back security. Fall-back security for an n -party protocol is defined with respect to an adversary structure Z wherein security is guaranteed in the presence of both a computationally unbounded adversary with adversary structure Z , and a computationally bounded adversary corrupting an arbitrarily large subset of the parties. This notion was considered in the work of Chaum (Crypto 89) via the Spymaster’s double agent problem where he showed a semi-honest secure protocol for the honest majority adversary structure. Our first main result is a compiler that can transform any n -party protocol that is semi-honestly secure with statistical security tolerating an adversary structure Z to one that (additionally) provides semi-honest fall-back security w.r.t Z . The resulting protocol has optimal round complexity, up to a constant factor, and is optimal in assumptions and the adversary structure. Our second result fully characterizes when malicious fall-back security is feasible. More precisely, we show that malicious fallback secure protocol w.r.t Z exists if and only if Z admits unconditional MPC against a semi-honest adversary (namely, iff Z ∈ Q 2 ).