Founding Cryptography on Oblivious Transfer - Efficiently

We present a simple and efficient compiler for transforming secure multi-party computation (MPC) protocols that enjoy security only with an honest majority into MPC protocols that guarantee security with no honest majority, in the oblivious-transfer (OT) hybrid model. Our technique works by combining a secure protocol in the honest majority setting with a protocol achieving only security against semi-honestparties in the setting of no honest majority. Applying our compiler to variants of protocols from the literature, we get several applications for secure two-party computation and for MPC with no honest majority. These include: Constant-rate two-party computation in the OT-hybrid model. We obtain a statistically UC-secure two-party protocol in the OT-hybrid model that can evaluate a general circuit Cof size sand depth dwith a total communication complexity of O(s) + poly(k, d, log s) and O(d) rounds. The above result generalizes to a constant number of parties. Extending OTs in the malicious model. We obtain a computationally efficient protocol for generating many string OTs from few string OTs with only a constant amortized communication overheadcompared to the total length of the string OTs. Black-box constructions for constant-round MPC with no honest majority. We obtain general computationally UC-secure MPC protocols in the OT-hybrid model that use only a constant number of rounds, and only make a black-boxaccess to a pseudorandom generator. This gives the first constant-round protocols for three or more parties that only make a black-box use of cryptographic primitives (and avoid expensive zero-knowledge proofs).

[1]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[2]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[3]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[4]  Yuval Ishai,et al.  COMPUTATIONALLY PRIVATE RANDOMIZING POLYNOMIALS AND THEIR APPLICATIONS , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[5]  Nigel P. Smart Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[6]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[7]  Yehuda Lindell,et al.  Black-box constructions for secure computation , 2006, STOC '06.

[8]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[9]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[10]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[11]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[12]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[13]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[14]  Iftach Haitner,et al.  Semi-honest to Malicious Oblivious Transfer - The Black-Box Way , 2008, TCC.

[15]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[16]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[17]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[18]  Jonathan Katz,et al.  Universally-Composable Two-Party Computation in Two Rounds , 2007, CRYPTO.

[19]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[20]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[21]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[22]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[23]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[24]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[25]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[26]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[27]  Adam D. Smith,et al.  Efficient Two Party and Multi Party Computation Against Covert Adversaries , 2008, EUROCRYPT.

[28]  Claude Crépeau,et al.  Optimal Reductions Between Oblivious Transfers Using Interactive Hashing , 2006, EUROCRYPT.

[29]  Berry Schoenmakers,et al.  A protocol issue for the malicious case of Yao's garbled circuit construction , 2006 .

[30]  Matthew K. Franklin,et al.  Efficiency Tradeoffs for Malicious Two-Party Computation , 2006, Public Key Cryptography.

[31]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[32]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[33]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[34]  Ueli Maurer,et al.  Secure multi-party computation made simple , 2002, Discret. Appl. Math..

[35]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[36]  Yuval Ishai,et al.  OT-Combiners via Secure Computation , 2008, TCC.

[37]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[38]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[39]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[40]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[41]  Gilles Brassard,et al.  Oblivious transfers and intersecting codes , 1996, IEEE Trans. Inf. Theory.

[42]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[43]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[44]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[45]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[46]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[47]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[48]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[49]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[50]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[51]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[52]  Moni Naor,et al.  Small-bias probability spaces: efficient constructions and applications , 1990, STOC '90.

[53]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[54]  Gabriel Bracha,et al.  An O(log n) expected rounds randomized byzantine generals protocol , 1987, JACM.

[55]  Ivan Damgård,et al.  Multiparty Computation Goes Live , 2008, IACR Cryptol. ePrint Arch..

[56]  Claude Cripeaut Equivalence Between Two Flavours of Oblivious Transfers , 1988 .

[57]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[58]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[59]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[60]  Silvio Micali,et al.  Parallel Reducibility for Information-Theoretically Secure Computation , 2000, CRYPTO.

[61]  Amit Sahai,et al.  New notions of security , 2005 .