Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
References
All Topics
Computer Science
Cryptography

The Price of Low Communication in Secure Multi-party Computation

Profile image of Juan A. GarayJuan A. Garay

2017

https://doi.org/10.1007/978-3-319-63688-7_14
visibility

description

32 pages

link

1 file

Abstract

Traditional protocols for secure multi-party computation among n parties communicate at least a linear (in n) number of bits, even when computing very simple functions. In this work we investigate the feasibility of protocols with sublinear communication complexity. Concretely, we consider two clients, one of which may be corrupted, who wish to perform some “small” joint computation using n servers but without any trusted setup. We show that enforcing sublinear communication complexity drastically affects the feasibility bounds on the number of corrupted parties that can be tolerated in the setting of information-theoretic security.

Related papers

Practical Fully Secure Three-Party Computation via Sublinear Distributed Zero-Knowledge Proofs
Ariel Nof

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

Secure multiparty computation enables a set of parties to securely carry out a joint computation on their private inputs without revealing anything but the output. A particularly motivated setting is that of three parties with a single corruption (hereafter denoted 3PC). This 3PC setting is particularly appealing for two main reasons: (1) it admits more efficient MPC protocols than in other standard settings; (2) it allows in principle to achieve full security (and fairness). Highly efficient protocols exist within this setting with security against a semi-honest adversary; however, a significant gap remains between these and protocols with stronger security against a malicious adversary. In this paper, we narrow this gap within concretely efficient protocols. More explicitly, we have the following contributions:

View PDFchevron_right
Secure Two-Party Computation over Unreliable Channels
Anat Paskin-Cherniavsky

Lecture Notes in Computer Science, 2018

We consider information-theoretic secure two-party computation in the plain model where no reliable channels are assumed, and all communication is performed over the binary symmetric channel (BSC) that flips each bit with fixed probability. In this reality-driven setting we investigate feasibility of communication-optimal noise-resilient semihonest two-party computation i.e., efficient computation which is both private and correct despite channel noise. We devise an information-theoretic technique that converts any correct, but not necessarily private, two-party protocol that assumes reliable channels, into a protocol which is both correct and private against semihonest adversaries, assuming BSC channels alone. Our results also apply to other types of noisy-channels such as the elastic-channel. Our construction combines tools from the cryptographic literature with tools from the literature on interactive coding, and achieves, to our knowledge, the best known communication overhead. Specifically, if f is given as a circuit of size s, our scheme communicates O(s + κ) bits for κ a security parameter. This improves the state of the art (Ishai et al., CRYPTO' 11) where the communication is O(s) + poly(κ • depth(s)).

View PDFchevron_right
Lower Bounds on the Multiparty Communication Complexity
Pavol Duris

Journal of Computer and System Sciences, 1998

We derive a general technique for obtaining lower bounds on the multiparty communication complexity of boolean functions. We extend the two-party method based on a crossing sequence argument introduced by Yao to the multiparty communication model. We use our technique to derive optimal lower and upper bounds of some simple boolean functions. Lower bounds for the multiparty model have been a challenge since (D. Dolev and T. Feder, in``Proceedings, 30th IEEE FOCS, 1989,'' pp. 428 433), where only an upper bound on the number of bits exchanged by a deterministic algorithm computing a boolean function f (x 1 , ..., x n) was derived, namely of the order (k 0 C 0)(k 1 C 1) 2 , up to logarithmic factors, where k 1 and C 1 are the number of processors accessed and the bits exchanged in a nondeterministic algorithm for f, and k 0 and C 0 are the analogous parameters for the complementary function 1& f. We show that C 0 n(1+2 C1) and D n(1+2 C1), where D is the number of bits exchanged by a deterministic algorithm computing f. We also investigate the power of a restricted multiparty communication model in which the coordinator is allowed to send at most one message to each party.

View PDFchevron_right
Security with Low Communication Overhead
Phillip Rogaway

Lecture Notes in Computer Science, 1991

We consider the communication complexity of secure multiparty computations by networks of processors each with unlimited computing power. Say that an n-party protocol for a function of m bits is efficient if it uses a constant number of rounds of communication and a total number of message bits that is polynomial in max(m, n). We show that any function has an efficient protocol that achieves (rclog n)/m resilience. Ours is the first secure multiparty protocol in which the communication complexity is independent of the computational complexity of the function being computed. We also consider the communication complexity of zero-knowledge proofs of properties of committed bits. We show that every function / of m bits has an efficient notarized envelope scheme; that is, there is a protocol in which a computationally unlimited prover commits a sequence of bits x to a computationally unlimited verifier and then proves in perfect zero-knowledge (without decommitting x) that f(x) = 1, using a constant number of rounds and poly(m) message bits. Ours is the first notarized envelope scheme in which the communication complexity is independent of the computational complexity of /. Finally, we establish a new upper bound on the number of oracles needed in instance-hiding schemes for arbitrary functions. These schemes allow a computationally limited querier to capitalize on the superior power of one or more computationally unlimited oracles in order to obtain f(x) without revealing its private input x to any one of the oracles. We show that every function of m bits has an (m/logm)-oracle instance-hiding scheme. The central technique used in all of these results is locally random reducibility, which was used for the first time in [7] and is formally defined for the first time here. In addition to the applications that we present, locally random reducibility has been applied to interactive proof systems, program checking, and program testing.

View PDFchevron_right
Broadcast-Efficient Secure Multiparty Computation
Juan A. Garay

Verifiable secret sharing (VSS) is a fundamental cryptographic primitive, lying at the core of secure multi-party computation (MPC) and, as the distributed analogue of a commitment functionality, used in numerous applications. In this paper we focus on unconditionally secure VSS protocols with honest majority. In this setting it is typically assumed that parties are connected pairwise by authenticated, private channels, and that in addition they have access to a "broadcast" channel. Because broadcast cannot be simulated on a point-to-point network when a third or more of the parties are corrupt, it is impossible to construct VSS (and more generally, MPC) protocols in this setting without using a broadcast channel (or some equivalent addition to the model). A great deal of research has focused on increasing the efficiency of VSS, primarily in terms of round complexity. In this work we consider a refinement of the round complexity of VSS, by adding a measure we term broadcast complexity. We view the broadcast channel as an expensive resource and seek to minimize the number of rounds in which it is invoked as well. We construct a (linear) VSS protocol which uses the broadcast channel only twice in the sharing phase, while running in an overall constant number of rounds.

View PDFchevron_right
Recent Results in Scalable Multi-Party Computation
Mahdi Zamani

Secure multi-party computation (MPC) allows multiple parties to compute a known function over inputs held by each party, without any party having to reveal its private input. Unfortunately, traditional MPC algorithms do not scale well to large numbers of parties. In this paper, we describe several recent MPC algorithms that are designed to handle large networks. All of these algorithms rely on recent techniques from the Byzantine agreement literature on forming and using quorums. Informally, a quorum is a small set of parties, most of which are trust-worthy. We describe the advantages and disadvantages of these scalable algorithms, and we propose new ideas for improving practicality of current techniques. Finally, we conduct simulations to measure bandwidth cost for several current MPC algorithms.

View PDFchevron_right
Multi-party Finite Computations
Krzysztof Loryś

Lecture Notes in Computer Science, 1999

We consider systems consisting of a finite number of finite automata which communicate by sending messages. We consider number of messages necessary to recognize a language as a complexity measure of the language. We feel that these considerations give a new insight into computational complexity of problems computed by read-only devices in multiprocessor systems. Our considerations are related to multi-party communication complexity, but we make a realistic assumption that each party has a limited memory. We show a number of hierarchy results for this complexity measure: for each constant k there is a language, which may be recognized with k + 1 messages and cannot be recognized with k − 1 messages. We give an example of a language that requires Θ(log log n) messages and claim that Ω(log log(n)) messages are necessary, if a language requires more than a constant number of messages. We present a language that requires Θ(n) messages. For a large family of functions f , f (n) = ω(log log n), f (n) = o(n), we prove that there is a language which requires Θ(f (n)) messages. Finally, we present functions that require ω(n) messages.

View PDFchevron_right
Information-Theoretic Secure Multi-Party Computation With Collusion Deterrence
Sen-Ching Cheung

IEEE Transactions on Information Forensics and Security, 2017

Secure multi-party computation (MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. Among many secure MPC primitives, Shamir's secret sharing (SSS) has the advantages of having low complexity and information-theoretic security. However, SSS requires multiple honest participants and is susceptible to collusion attacks. In this paper, we provide a detailed analysis of different types of collusion attacks and propose novel mechanisms to deter such attacks in a fully distributed manner. Focusing on outsourced computing environments where secret data owners can collaborate on a public computing platform, we study collusion attacks using game-theoretic analysis. For those attacks where the thefts are detectable, we show that they can be effectively deterred by an explicit retaliation mechanism between data owners. The result is based on a comprehensive analysis that takes into account the cost of collusion, the privacy preference and the associated uncertainty. For those attacks where the thefts cannot be detected, we expand the analysis to include the computing platform and provide deterrence through deceptive collusion requests as well as a novel cryptographic censorship protocol. The correctness and privacy of the protocols are proved under the rational adversarial model. Our SSS-based protocols are shown to outperform state-of-the-arts garbled circuit systems while our simulation results validate the proposed mechanism designs in deterring collusion.

View PDFchevron_right
Lower bounds on information complexity via zero-communication protocols and applications
David Xiao, Jérémie Roland

53rd Annual IEEE Symposium on Foundations of Computer Science (FOCS'12), 2012

We show that almost all known lower bound methods for communication complexity are also lower bounds for the information complexity. In particular, we define a relaxed version of the partition bound of Jain and Klauck and prove that it lower bounds the information complexity of any function. Our relaxed partition bound subsumes all norm based methods (e.g. the γ 2 method) and rectangle-based methods (e.g. the rectangle/corruption bound, the smooth rectangle bound, and the discrepancy bound), except the partition bound.

View PDFchevron_right
Round Efficiency of Multi-party Computation with a Dishonest Majority
Rafail Ostrovsky

Lecture Notes in Computer Science, 2003

We consider the round complexity of multi-party computation in the presence of a static adversary who controls a majority of the parties. Here, n players wish to securely compute some functionality and up to n − 1 of these players may be arbitrarily malicious. Previous protocols for this setting (when a broadcast channel is available) require O(n) rounds. We present two protocols with improved round complexity: The first assumes only the existence of trapdoor permutations and dense cryptosystems, and achieves round complexity O(log n) based on a proof scheduling technique of Chor and Rabin [13]; the second requires a stronger hardness assumption (along with the non-black-box techniques of Barak [2]) and achieves O(1) round complexity.-Secure two-party computation may be achieved in a constant number of rounds by applying the compiler of Lindell [30] (based on earlier work of Goldreich, Micali, and Wigderson [24]) to the constant-round protocol of Yao [34] (which is secure against semi-honest adversaries).

View PDFchevron_right

References (56)

  1. Donald Beaver. Precomputing oblivious transfer. In Don Coppersmith, editor, Ad- vances in Cryptology -CRYPTO' 95: 15th Annual International Cryptology Con- ference Santa Barbara, California, USA, August 27-31, 1995 Proceedings, pages 97-109, Berlin, Heidelberg, 1995. Springer Berlin Heidelberg.
  2. Zuzana Beerliová-Trubíniová and Martin Hirt. Efficient multi-party computation with dispute control. In Shai Halevi and Tal Rabin, editors, TCC 2006, volume 3876 of LNCS, pages 305-328. Springer, Heidelberg, March 2006.
  3. Zuzana Beerliová-Trubíniová and Martin Hirt. Perfectly-secure MPC with linear communication complexity. In Ran Canetti, editor, TCC 2008, volume 4948 of LNCS, pages 213-230. Springer, Heidelberg, March 2008.
  4. Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In 20th ACM STOC, pages 1-10. ACM Press, May 1988.
  5. Eli Ben-Sasson, Serge Fehr, and Rafail Ostrovsky. Near-linear unconditionally- secure multiparty computation with a dishonest minority. In Reihaneh Safavi-Naini and Ran Canetti, editors, CRYPTO 2012, volume 7417 of LNCS, pages 663-680.
  6. Springer, Heidelberg, August 2012.
  7. Elette Boyle, Kai-Min Chung, and Rafael Pass. Large-scale secure computation: Multi-party computation for (parallel) RAM programs. In Rosario Gennaro and Matthew J. B. Robshaw, editors, CRYPTO 2015, Part II, volume 9216 of LNCS, pages 742-762. Springer, Heidelberg, August 2015.
  8. Elette Boyle, Shafi Goldwasser, and Stefano Tessaro. Communication locality in secure multi-party computation -how to run sublinear algorithms in a distributed setting. In Amit Sahai, editor, TCC 2013, volume 7785 of LNCS, pages 356-376.
  9. Springer, Heidelberg, March 2013.
  10. Gabriel Bracha. An o(log n) expected rounds randomized byzantine generals pro- tocol. J. ACM, 34(4):910-920, October 1987.
  11. Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143-202, 2000.
  12. Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In 42nd FOCS, pages 136-145. IEEE Computer Society Press, October 2001.
  13. Ran Canetti, Uriel Feige, Oded Goldreich, and Moni Naor. Adaptively secure multi-party computation. In 28th ACM STOC, pages 639-648. ACM Press, May 1996.
  14. Ran Canetti and Marc Fischlin. Universally composable commitments. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 19-40. Springer, Hei- delberg, August 2001.
  15. Nishanth Chandran, Wutichai Chongchitmate, Juan A. Garay, Shafi Goldwasser, Rafail Ostrovsky, and Vassilis Zikas. The hidden graph model: Communication locality and optimal resiliency with adaptive faults. In Tim Roughgarden, editor, ITCS 2015, pages 153-162. ACM, January 2015.
  16. David Chaum, Claude Crépeau, and Ivan Damgård. Multiparty unconditionally secure protocols (extended abstract). In 20th ACM STOC, pages 11-19. ACM Press, May 1988.
  17. Gil Cohen, Ivan Bjerre Damgård, Yuval Ishai, Jonas Kölker, Peter Bro Miltersen, Ran Raz, and Ron D. Rothblum. Efficient multiparty protocols via log-depth threshold formulae -(extended abstract). In Ran Canetti and Juan A. Garay, ed- itors, Advances in Cryptology -CRYPTO 2013 -33rd Annual Cryptology Confer- ence, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part II, volume 8043 of Lecture Notes in Computer Science, pages 185-202. Springer, 2013.
  18. Ronald Cramer, Ivan Damgård, and Yuval Ishai. Share conversion, pseudoran- dom secret-sharing and applications to secure computation. In Joe Kilian, editor, TCC 2005, volume 3378 of LNCS, pages 342-362. Springer, Heidelberg, February 2005.
  19. Ronald Cramer, Ivan Damgård, and Jesper Buus Nielsen. Multiparty computa- tion from threshold homomorphic encryption. In Birgit Pfitzmann, editor, EURO- CRYPT 2001, volume 2045 of LNCS, pages 280-299. Springer, Heidelberg, May 2001.
  20. Ivan Damgård and Yuval Ishai. Constant-round multiparty computation using a black-box pseudorandom generator. In Victor Shoup, editor, CRYPTO 2005, volume 3621 of LNCS, pages 378-394. Springer, Heidelberg, August 2005.
  21. Ivan Damgård and Yuval Ishai. Scalable secure multiparty computation. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 501-520.
  22. Springer, Heidelberg, August 2006.
  23. Ivan Damgård, Yuval Ishai, and Mikkel Krøigaard. Perfectly secure multiparty computation and the computational overhead of cryptography. In Henri Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS, pages 445-465. Springer, Hei- delberg, May 2010.
  24. Ivan Damgård and Jesper Buus Nielsen. Improved non-committing encryption schemes based on a general complexity assumption. In Mihir Bellare, editor, CRYPTO 2000, volume 1880 of LNCS, pages 432-450. Springer, Heidelberg, Au- gust 2000.
  25. Ivan Damgård and Jesper Buus Nielsen. Universally composable efficient multi- party computation from threshold homomorphic encryption. In Dan Boneh, editor, CRYPTO 2003, volume 2729 of LNCS, pages 247-264. Springer, Heidelberg, Au- gust 2003.
  26. Ivan Damgård and Jesper Buus Nielsen. Scalable and unconditionally secure mul- tiparty computation. In Alfred Menezes, editor, CRYPTO 2007, volume 4622 of LNCS, pages 572-590. Springer, Heidelberg, August 2007.
  27. Varsha Dani, Valerie King, Mahnush Movahedi, and Jared Saia. Brief announce- ment: breaking the o(nm) bit barrier, secure multiparty computation with a static adversary. In Darek Kowalski and Alessandro Panconesi, editors, ACM Symposium on Principles of Distributed Computing, PODC '12, Funchal, Madeira, Portugal, July 16-18, 2012, pages 227-228. ACM, 2012.
  28. Varsha Dani, Valerie King, Mahnush Movahedi, and Jared Saia. Quorums quicken queries: Efficient asynchronous secure multiparty computation. In Mainak Chatter- jee, Jian-Nong Cao, Kishore Kothapalli, and Sergio Rajsbaum, editors, Distributed Computing and Networking -15th International Conference, ICDCN 2014, Coim- batore, India, January 4-7, 2014. Proceedings, volume 8314 of Lecture Notes in Computer Science, pages 242-256. Springer, 2014.
  29. Matthew K. Franklin and Stuart Haber. Joint encryption and message-efficient secure computation. In Douglas R. Stinson, editor, CRYPTO'93, volume 773 of LNCS, pages 266-277. Springer, Heidelberg, August 1994.
  30. Matthew K. Franklin and Moti Yung. Communication complexity of secure com- putation (extended abstract). In 24th ACM STOC, pages 699-710. ACM Press, May 1992.
  31. Juan Garay, Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. The price of low communication in secure multi-party computation. Cryptology ePrint Archive, Report 2017/520, 2017. http://eprint.iacr.org/2017/520.
  32. Daniel Genkin, Yuval Ishai, Manoj Prabhakaran, Amit Sahai, and Eran Tromer. Circuits resilient to additive attacks with applications to secure computation. In David B. Shmoys, editor, 46th ACM STOC, pages 495-504. ACM Press, May / June 2014.
  33. Oded Goldreich. The Foundations of Cryptography -Volume 1, Basic Techniques. Cambridge University Press, 2001.
  34. Oded Goldreich. Foundations of Cryptography: Basic Applications, volume 2. Cam- bridge University Press, Cambridge, UK, 2004.
  35. Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game or A completeness theorem for protocols with honest majority. In Alfred Aho, editor, 19th ACM STOC, pages 218-229. ACM Press, May 1987.
  36. Danny Harnik, Yuval Ishai, Eyal Kushilevitz, and Jesper Buus Nielsen. Ot- combiners via secure computation. In Ran Canetti, editor, Theory of Cryptography: Fifth Theory of Cryptography Conference, TCC 2008, New York, USA, March 19- 21, 2008. Proceedings, pages 393-411, Berlin, Heidelberg, 2008. Springer Berlin Heidelberg.
  37. Danny Harnik, Joe Kilian, Moni Naor, Omer Reingold, and Alon Rosen. On robust combiners for oblivious transfer and other primitives. In Ronald Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 96-113. Springer, Heidelberg, May 2005.
  38. Martin Hirt and Ueli M. Maurer. Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract). In James E. Burns and Hagit Attiya, editors, 16th ACM PODC, pages 25-34. ACM, August 1997.
  39. Martin Hirt and Ueli M. Maurer. Player simulation and general adversary struc- tures in perfect multiparty computation. Journal of Cryptology, 13(1):31-60, 2000.
  40. Martin Hirt and Ueli M. Maurer. Robustness for free in unconditional multi-party computation. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 101-118. Springer, Heidelberg, August 2001.
  41. Martin Hirt, Ueli M. Maurer, and Bartosz Przydatek. Efficient secure multi-party computation. In Tatsuaki Okamoto, editor, ASIACRYPT 2000, volume 1976 of LNCS, pages 143-161. Springer, Heidelberg, December 2000.
  42. Martin Hirt and Jesper Buus Nielsen. Upper bounds on the communication com- plexity of optimally resilient cryptographic multiparty computation. In Bimal K. Roy, editor, ASIACRYPT 2005, volume 3788 of LNCS, pages 79-99. Springer, Heidelberg, December 2005.
  43. Martin Hirt and Vassilis Zikas. Adaptively secure broadcast. In Henri Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS, pages 466-485. Springer, Hei- delberg, May 2010.
  44. Wassily Hoeffding. Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):pp. 13-30, 1963.
  45. Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. Secure multi-party computa- tion with identifiable abort. In Juan A. Garay and Rosario Gennaro, editors, CRYPTO 2014, Part II, volume 8617 of LNCS, pages 369-386. Springer, Heidel- berg, August 2014.
  46. Yuval Ishai, Manoj Prabhakaran, and Amit Sahai. Founding cryptography on oblivious transfer -efficiently. In David Wagner, editor, CRYPTO 2008, volume 5157 of LNCS, pages 572-591. Springer, Heidelberg, August 2008.
  47. Markus Jakobsson and Ari Juels. Mix and match: Secure function evaluation via ciphertexts. In Tatsuaki Okamoto, editor, ASIACRYPT 2000, volume 1976 of LNCS, pages 162-177. Springer, Heidelberg, December 2000.
  48. Joe Kilian. Founding cryptography on oblivious transfer. In 20th ACM STOC, pages 20-31. ACM Press, May 1988.
  49. Joe Kilian. Founding crytpography on oblivious transfer. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 20-31, New York, NY, USA, 1988. ACM.
  50. Yehuda Lindell and Benny Pinkas. A proof of security of Yao's protocol for two- party computation. Journal of Cryptology, 22(2):161-188, April 2009.
  51. Remo Meier, Bartosz Przydatek, and Jürg Wullschleger. Robuster combiners for oblivious transfer. In Salil P. Vadhan, editor, TCC 2007, volume 4392 of LNCS, pages 404-418. Springer, Heidelberg, February 2007.
  52. Alessandro Panconesi and Aravind Srinivasan. Randomized distributed edge col- oring via an extension of the chernoff-hoeffding bounds. SIAM J. Comput., 26(2):350-368, 1997.
  53. Michael O. Rabin. How to exchange secrets with oblivious transfer. Technical Report TR-81, Aiken Computation Lab, Harvard University, 1981.
  54. Tal Rabin and Michael Ben-Or. Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In 21st ACM STOC, pages 73-85. ACM Press, May 1989.
  55. Adi Shamir. How to share a secret. Communications of the Association for Com- puting Machinery, 22(11):612-613, November 1979.
  56. Andrew Chi-Chih Yao. Protocols for secure computations (extended abstract). In 23rd FOCS, pages 160-164. IEEE Computer Society Press, November 1982.

Related papers

On the practical importance of communication complexity for secure multi-party computation protocols
Debmalya Biswas

2009

Many advancements in the area of Secure Multi-Party Computation (SMC) protocols use improvements in communication complexity as a justification. We conducted an experimental study of a specific protocol for a real-world sized problem under realistic conditions and it suggests that the practical performance of the protocol is almost independent of the network performance. We argue that our result can be generalized to a whole class of SMC protocols.

View PDFchevron_right
Optimally resilient and adaptively secure multi-party computation with low communication locality
Juan A. Garay

Secure multi-party computation (MPC) has been thoroughly studied over the past decades. The vast majority of works assume a full communication pattern: every party exchanges messages with all the network participants over a complete network of point-to-point channels. This can be problematic in modern large scale networks, where the number of parties can be of the order of millions, as for example when computing on large distributed data. Motivated by the above observation, Boyle, Goldwasser, and Tessaro [TCC 2013] recently put forward the notion of communication locality, namely, the total number of point-to-point channels that each party uses in the protocol, as a quality metric of MPC protocols. They proved that assuming a public-key infrastructure (PKI) and a common reference string (CRS), an MPC protocol can be constructed for computing any n-party function, with communication locality O(log c n) and round complexity O(log c n), for appropriate constants c and c. Their protocol tolerates a static (i.e., non-adaptive) adversary corrupting up to t < (1 3 −)n parties for any given constant 0 < < 1 3. These results leave open the following questions: (1) Can we achieve low communication locality and round complexity while tolerating adaptive adversaries? (2) Can we achieve low communication locality with optimal resiliency t < n/2? In this work we answer both questions affirmatively. First, we consider the model from [TCC 2013], where we replace the CRS with a symmetric-key infrastructure (SKI). In this model we give a protocol with communication locality and round complexity polylog(n) (as in the [TCC 2013] work) which tolerates up to t < n/2 adaptive corruptions, under a standard intractability assumption for adaptively secure protocols, namely, the existence of enhanced trapdoor permutations and secure erasures. This is done by using the SKI to derive a sequence of random hidden communication graphs among players. A central new technique then shows how to use these graphs to emulate a complete network in polylog(n) rounds while preserving the polylog(n) locality. Second, we show how we can even remove the SKI setup assumption at the cost, however, of increasing the communication locality (but not the round complexity) by a factor of √ n. * This is the full version of version of [12] which also fixes an inconsistency. Concretely, we need to assume atomic erasures as part of our adaptive-adversary security model.

View PDFchevron_right
Secure Multiparty Computation with Minimal Interaction
Anat Paskin-Cherniavsky

2010

We revisit the question of secure multiparty computation (MPC) with two rounds of interaction. It was previously shown by Gennaro et al. (Crypto 2002) that 3 or more communication rounds are necessary for general MPC protocols with guaranteed output delivery, assuming that there may be t ≥ 2 corrupted parties. This negative result holds regardless of the total number of parties, even if broadcast is allowed in each round, and even if only fairness is required. We complement this negative result by presenting matching positive results. Our first main result is that if only one party may be corrupted, then n ≥ 5 parties can securely compute any function of their inputs using only two rounds of interaction over secure point-to-point channels (without broadcast or any additional setup). The protocol makes a black-box use of a pseudorandom generator, or alternatively can offer unconditional security for functionalities in NC1. We also prove a similar result in a client-server setting, where there are m ≥ 2 clients who hold inputs and should receive outputs, and n additional servers with no inputs and outputs. For this setting, we obtain a general MPC protocol which requires a single message from each client to each server, followed by a single message from each server to each client. The protocol is secure against a single corrupted client and against coalitions of t < n/3 corrupted servers. The above protocols guarantee output delivery and fairness. Our second main result shows that under a relaxed notion of security, allowing the adversary to selectively decide (after learning its own outputs) which honest parties will receive their (correct) output, there is a general 2-round MPC protocol which tolerates t < n/3 corrupted parties. This protocol relies on the existence of a pseudorandom generator in NC1 (which is implied by standard cryptographic assumptions), or alternatively can offer unconditional security for functionalities in NC1.

View PDFchevron_right
Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography
Ivan Damgård

Advances in Cryptology – EUROCRYPT 2010, 2010

We study the following two related questions:-What are the minimal computational resources required for general secure multiparty computation in the presence of an honest majority?-What are the minimal resources required for two-party primitives such as zero-knowledge proofs and general secure two-party computation? We obtain a nearly tight answer to the first question by presenting a perfectly secure protocol which allows n players to evaluate an arithmetic circuit of size s by performing a total of O(s log s log 2 n) arithmetic operations, plus an additive term which depends (polynomially) on n and the circuit depth, but only logarithmically on s. Thus, for typical largescale computations whose circuit width is much bigger than their depth and the number of players, the amortized overhead is just polylogarithmic in n and s. The protocol provides perfect security with guaranteed output delivery in the presence of an active, adaptive adversary corrupting a (1/3 − ε) fraction of the players, for an arbitrary constant ε > 0 and sufficiently large n. The best previous protocols in this setting could only offer computational security with a computational overhead of poly(k, log n, log s), where k is a computational security parameter, or perfect security with a computational overhead of O(n log n). We then apply the above result towards making progress on the second question. Concretely, under standard cryptographic assumptions, we obtain zero-knowledge proofs for circuit satisfiability with 2 −k soundness error in which the amortized computational overhead per gate is only polylogarithmic in k, improving over the ω(k) overhead of the best previous protocols. Under stronger cryptographic assumptions, we obtain similar results for general secure two-party computation.

View PDFchevron_right
Secure Computation with Minimal Interaction, Revisited
Anat Paskin-Cherniavsky

Lecture Notes in Computer Science, 2015

Motivated by the goal of improving the concrete efficiency of secure multiparty computation (MPC), we revisit the question of MPC with only two rounds of interaction. We consider a minimal setting in which parties can communicate over secure point-to-point channels and where no broadcast channel or other form of setup is available. Katz and Ostrovsky (Crypto 2004) obtained negative results for such protocols with n = 2 parties. Ishai et al. (Crypto 2010) showed that if only one party may be corrupted, then n ≥ 5 parties can securely compute any function in this setting, with guaranteed output delivery, assuming one-way functions exist. In this work, we complement the above results by presenting positive and negative results for the cases where n = 3 or n = 4 and where there is a single malicious party. When n = 3, we show a 2-round protocol which is secure with "selective abort" against a single malicious party. The protocol makes a black-box use of a pseudorandom generator or alternatively can offer unconditional security for functionalities in NC 1 . The concrete efficiency of this protocol is comparable to the efficiency of secure two-party computation protocols for semi-honest parties based on garbled circuits. When n = 4 in the setting described above, we show the following: -A statistical VSS protocol that has a 1-round sharing phase and 1-round reconstruction phase. This improves over the state-of-the-art result of Patra et al. (Crypto 2009) whose VSS protocol required 2 rounds in the reconstruction phase. -A 2-round statistically secure protocol for linear functionalities with guaranteed output delivery. This implies a 2-round 4-party fair coin tossing protocol. We complement this by a negative result, showing that there is a (nonlinear) function for which there is no 2-round statistically secure protocol.

View PDFchevron_right

Related topics

  • Computer Science
  • Secure Multi-party Computation

    • Cited by

    Can a Public Blockchain Keep a Secret?
    Chengyu Lin

    Theory of Cryptography, 2020

    Blockchains are gaining traction and acceptance, not just for cryptocurrencies, but increasingly as an architecture for distributed computing. In this work we seek solutions that allow a public blockchain to act as a trusted long-term repository of secret information: Our goal is to deposit a secret with the blockchain, specify how it is to be used (e.g., the conditions under which it is released), and have the blockchain keep the secret and use it only in the specified manner (e.g., release only it once the conditions are met). This simple functionality enables many powerful applications, including signing statements on behalf of the blockchain, using it as the control plane for a storage system, performing decentralized program-obfuscation-as-aservice, and many more. Using proactive secret sharing techniques, we present a scalable solution for implementing this functionality on a public blockchain, in the presence of a mobile adversary controlling a small minority of the participants. The main challenge is that, on the one hand, scalability requires that we use small committees to represent the entire system, but, on the other hand, a mobile adversary may be able to corrupt the entire committee if it is small. For this reason, existing proactive secret sharing solutions are either non-scalable or insecure in our setting. We approach this challenge via "player replaceability", which ensures the committee is anonymous until after it performs its actions. Our main technical contribution is a system that allows sharing and re-sharing of secrets among the members of small dynamic committees, without knowing who they are until after they perform their actions and erase their secrets. Our solution handles a fully mobile adversary corrupting roughly 1/4 of the participants at any time, and is scalable in terms of both the number of parties and the number of time intervals.

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved