## Abstract

We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x_{1},...,x _{n}) is specified by a joint probability distribution R = (R _{1},...,R_{n}) and local encoding functions Enc _{i}(x_{i},r_{i}), 1 ≤ i ≤ n. Given correlated randomness (r_{1},...,r_{n}) ∈_{R} R, each party P_{i}, using its input x_{i} and its randomness r_{i}, computes the message m_{i} = Enc_{i}(x_{i}, r _{i}). The messages m_{1},...,m_{n} can be used to decode f(x_{1},...,x_{n}). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enc_{i}(x_{i}, r_{i}))_{i∈T} together with the randomness (r _{i})_{i∈T} gives the same information about (x _{1i∈T} as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x_{1},...,x _{n}) = x_{1}x_{2}...x_{n} admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:X^{n} → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity n^{O(t)}. For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity n^{O(w)}. On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.

Original language | English |
---|---|

Title of host publication | Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings |

Pages | 387-404 |

Number of pages | 18 |

Edition | PART 2 |

DOIs | |

State | Published - 2014 |

Externally published | Yes |

Event | 34rd Annual International Cryptology Conference, CRYPTO 2014 - Santa Barbara, CA, United States Duration: 17 Aug 2014 → 21 Aug 2014 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Number | PART 2 |

Volume | 8617 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Conference

Conference | 34rd Annual International Cryptology Conference, CRYPTO 2014 |
---|---|

Country/Territory | United States |

City | Santa Barbara, CA |

Period | 17/08/14 → 21/08/14 |

## Keywords

- garbling schemes
- multi-input functional encryption
- obfuscation
- private simultaneous messages protocols
- randomized encoding of functions
- secure multiparty computation