TY - GEN
T1 - Non-interactive secure multiparty computation
AU - Beimel, Amos
AU - Gabizon, Ariel
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
AU - Meldgaard, Sigurd
AU - Paskin-Cherniavsky, Anat
N1 - Funding Information:
Research by the first three authors and the fifth author received funding from the European Union’s Tenth Framework Programme (FP10/2010-2016) under grant agreement no. 259426 ERC-CaC. The first author was also supported by the Frankel center for computer science. Research by the second author received funding from the European Union’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no. 257575. The third and fourth authors were supported by ISF grant 1361/10 and BSF grant 2012378.
PY - 2014
Y1 - 2014
N2 - We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,...,x n) is specified by a joint probability distribution R = (R 1,...,Rn) and local encoding functions Enc i(xi,ri), 1 ≤ i ≤ n. Given correlated randomness (r1,...,rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, r i). The messages m1,...,mn can be used to decode f(x1,...,xn). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enci(xi, ri))i∈T together with the randomness (r i)i∈T gives the same information about (x 1i∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x1,...,x n) = x1x2...xn admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:Xn → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity nO(t). For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity nO(w). On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.
AB - We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,...,x n) is specified by a joint probability distribution R = (R 1,...,Rn) and local encoding functions Enc i(xi,ri), 1 ≤ i ≤ n. Given correlated randomness (r1,...,rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, r i). The messages m1,...,mn can be used to decode f(x1,...,xn). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enci(xi, ri))i∈T together with the randomness (r i)i∈T gives the same information about (x 1i∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x1,...,x n) = x1x2...xn admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:Xn → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity nO(t). For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity nO(w). On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.
KW - garbling schemes
KW - multi-input functional encryption
KW - obfuscation
KW - private simultaneous messages protocols
KW - randomized encoding of functions
KW - secure multiparty computation
UR - http://www.scopus.com/inward/record.url?scp=84905370158&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-44381-1_22
DO - 10.1007/978-3-662-44381-1_22
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84905370158
SN - 9783662443804
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 387
EP - 404
BT - Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings
T2 - 34rd Annual International Cryptology Conference, CRYPTO 2014
Y2 - 17 August 2014 through 21 August 2014
ER -