TY - GEN
T1 - Secure computation with minimal interaction, revisited
AU - Ishai, Yuval
AU - Kumaresan, Ranjit
AU - Kushilevitz, Eyal
AU - Paskin-Cherniavsky, Anat
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2015.
PY - 2015
Y1 - 2015
N2 - Motivated by the goal of improving the concrete efficiency of secure multiparty computation (MPC), we revisit the question of MPC with only two rounds of interaction. We consider a minimal setting in which parties can communicate over secure point-to-point channels and where no broadcast channel or other form of setup is available. Katz and Ostrovsky (Crypto 2004) obtained negative results for such protocols with n = 2 parties. Ishai et al. (Crypto 2010) showed that if only one party may be corrupted, then n ≥ 5 parties can securely compute any function in this setting, with guaranteed output delivery, assuming one-way functions exist. In this work, we complement the above results by presenting positive and negative results for the cases where n = 3 or n = 4 and where there is a single malicious party. When n = 3, we show a 2-round protocol which is secure with “selective abort” against a single malicious party. The protocol makes a black-box use of a pseudorandom generator or alternatively can offer unconditional security for functionalities in NC1. The concrete efficiency of this protocol is comparable to the efficiency of secure two-party computation protocols for semi-honest parties based on garbled circuits. When n = 4 in the setting described above, we show the following: – Astatistical VSS protocol that has a 1-round sharing phase and 1-round reconstruction phase. This improves over the state-of-the-art result of Patra et al. (Crypto 2009) whose VSS protocol required 2 rounds in the reconstruction phase. – A 2-round statistically secure protocol for linear functionalities with guaranteed output delivery. This implies a 2-round 4-party fair coin tossing protocol. We complement this by a negative result, showing that there is a (nonlinear) function for which there is no 2-round statistically secure protocol. – A 2-round computationally secure protocol for general functionalities with guaranteed output delivery, under the assumption that injective (one-to-one) one-way functions exist. – A 2-round protocol for general functionalities with guaranteed output delivery in the preprocessing model, whose correlated randomness complexity is proportional to the length of the inputs. This protocol makes a black-box use of a pseudorandom generator or alternatively can offer unconditional security for functionalities in NC1. Prior to our work, the feasibility results implied by our positive results were not known to hold even in the stronger MPC model considered by Gennaro et al. (Crypto 2002), where a broadcast channel is available.
AB - Motivated by the goal of improving the concrete efficiency of secure multiparty computation (MPC), we revisit the question of MPC with only two rounds of interaction. We consider a minimal setting in which parties can communicate over secure point-to-point channels and where no broadcast channel or other form of setup is available. Katz and Ostrovsky (Crypto 2004) obtained negative results for such protocols with n = 2 parties. Ishai et al. (Crypto 2010) showed that if only one party may be corrupted, then n ≥ 5 parties can securely compute any function in this setting, with guaranteed output delivery, assuming one-way functions exist. In this work, we complement the above results by presenting positive and negative results for the cases where n = 3 or n = 4 and where there is a single malicious party. When n = 3, we show a 2-round protocol which is secure with “selective abort” against a single malicious party. The protocol makes a black-box use of a pseudorandom generator or alternatively can offer unconditional security for functionalities in NC1. The concrete efficiency of this protocol is comparable to the efficiency of secure two-party computation protocols for semi-honest parties based on garbled circuits. When n = 4 in the setting described above, we show the following: – Astatistical VSS protocol that has a 1-round sharing phase and 1-round reconstruction phase. This improves over the state-of-the-art result of Patra et al. (Crypto 2009) whose VSS protocol required 2 rounds in the reconstruction phase. – A 2-round statistically secure protocol for linear functionalities with guaranteed output delivery. This implies a 2-round 4-party fair coin tossing protocol. We complement this by a negative result, showing that there is a (nonlinear) function for which there is no 2-round statistically secure protocol. – A 2-round computationally secure protocol for general functionalities with guaranteed output delivery, under the assumption that injective (one-to-one) one-way functions exist. – A 2-round protocol for general functionalities with guaranteed output delivery in the preprocessing model, whose correlated randomness complexity is proportional to the length of the inputs. This protocol makes a black-box use of a pseudorandom generator or alternatively can offer unconditional security for functionalities in NC1. Prior to our work, the feasibility results implied by our positive results were not known to hold even in the stronger MPC model considered by Gennaro et al. (Crypto 2002), where a broadcast channel is available.
KW - Efficiency
KW - Round complexity
KW - Secure multiparty computation
UR - https://www.scopus.com/pages/publications/84943394950
U2 - 10.1007/978-3-662-48000-7_18
DO - 10.1007/978-3-662-48000-7_18
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84943394950
SN - 9783662479995
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 359
EP - 378
BT - Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings
A2 - Robshaw, Matthew
A2 - Gennaro, Rosario
T2 - 35th Annual Cryptology Conference, CRYPTO 2015
Y2 - 16 August 2015 through 20 August 2015
ER -