On the Correlation Complexity of MPC with Cheater Identification

Composable protocols for Multi-Party Computation that provide security with Identifiable Abort against a dishonest majority require some form of setup, e.g. correlated randomness among the parties. While this is a very useful model, it has the downside that the setup's randomness must be programmable, otherwise security becomes provably impossible. Since programmability is more realistic for smaller setups (in terms of number of parties), it is crucial to minimize the correlation complexity (degree of correlation) of the setup's randomness. We give a tight tradeoff between the correlation complexity beta and the corruption threshold t. Our bounds are strong in that beta-wise correlation is sufficient for statistical security while beta - 1-wise correlation is insufficient even for computational security. In particular, for strong security, i.e., t < n, full n-wise correlation is necessary. However, for any constant fraction of honest parties, we provide a protocol with constant correlation complexity which tightens the gap between the theoretical model and the setup's implementation in the real world. In contrast, previous state-of-the-art protocols require full n-wise correlation regardless of t.