Cross-Domain Secure Computation

Consider the setting of two mutually distrustful parties Alice and Bob communicating over the Internet, who want to securely evaluate desired functions on their private inputs. In this setting all known protocols for securely evaluating general functions either require honest parties to trust an external party or provide only weaker notions of security. Thus, the question of minimizing or removing trusted set-up assumptions remains open. In this work, we introduce the cross-domain model (CD) for secure computation as a means to reducing the level of required trust. In this model, each domain consists of a set of mutually trusting parties along with a key-registration authority, where we would like parties from distinct domains to be able to perform multiple secure computation tasks concurrently. In this setting, we show the followings: Positive Construction for 2 domains: We give a multiparty-party protocol that concurrently and securely evaluates any function in the CD model with two domains, using only a constant number of rounds and relying only on standard assumptions. Impossibility Results for 3 or more domains: Consider a deterministic function (e. g., 1-out-of-2 bit OT) that Alice and Bob in the standalone setting cannot evaluate trivially and which allows only Bob to receive the output. In this setting if besides Alice and Bob there is a third party (such that all three are from distinct domains) then they cannot securely compute any such function in the CD model in concurrent setting even when their inputs are pre-specified. These results extend to the setting of multiple parties as well. In particular, there exists an n-party concurrently secure protocol in the CD model of n domains if and only if there are exactly n domains in the system.