Insured MPC: Efficient Secure Multiparty Computation with Punishable Abort

Fairness in Secure Multiparty Computation (MPC) is known to be impossible to achieve in the presence of a dishonest majority. Previous works have proposed combining MPC protocols with Cryptocurrencies in order to financially punish aborting adversaries, providing an incentive for parties to honestly follow the protocol. This approach also yields privacy-preserving Smart Contracts, where private inputs can be processed with MPC in order to determine the distribution of funds given to the contract. Unfortunately, the focus of existing work is on proving that this approach is possible and they present monolithic and mostly inefficient constructions. In this work, we put forth the first modular construction of “Insured MPC”, where the result of the private computation of parties either yields an output describing how to distribute funds or a proof that a set of parties has misbehaved, allowing for financial punishments. Moreover, both the output and the proof of cheating are publicly verifiable, allowing third parties to independently validate an execution. We present a highly efficient protocol which allows public verification of cheating behavior during the output stage. This scheme is constructed using a publicly verifiable homomorphic commitment scheme, for which we propose an efficient construction. Furthermore, we construct a compiler that uses any such scheme together with a Smart Contract to implement Insured MPC. This compiler requires a standard (non-private) Smart Contract. Our results are proven in the Universal Composability framework using a Global Random Oracle as the setup assumption. From a theoretical perspective, our general results provide the first characterization of sufficient properties that MPC protocols must achieve in order to be efficiently combined with Cryptocurrencies, as well as insights on publicly verifiable protocols. On the other hand, all our constructions and protocols are highly efficient and allow for a fast implementation. ? Supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The author acknowledges additional support from IOHK. ?? This project has received funding from the European Research Council (ERC) under the European Unions’ Horizon 2020 research and innovation programme under grant agreement No 669255 (MPCPRO).

[1]  Andrew Miller,et al.  Instantaneous Decentralized Poker , 2017, ASIACRYPT.

[2]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[3]  Jonathan Katz,et al.  On the Security of the Free-XOR Technique , 2012, IACR Cryptol. ePrint Arch..

[4]  Berry Schoenmakers,et al.  Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems , 2015, ACNS.

[5]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[6]  Yehuda Lindell,et al.  On the composition of authenticated byzantine agreement , 2002, STOC '02.

[7]  Iddo Bentov,et al.  How to Use Bitcoin to Incentivize Correct Computations , 2014, CCS.

[8]  Ivan Damgård,et al.  Publicly Auditable Secure Multi-Party Computation , 2014, SCN.

[9]  Rafail Ostrovsky,et al.  Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[10]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[11]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[12]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[13]  Peter Scholl,et al.  Low Cost Constant Round MPC Combining BMR and Oblivious Transfer , 2017, Journal of Cryptology.

[14]  Benny Pinkas,et al.  Committed MPC - Maliciously Secure Multiparty Computation from Homomorphic Commitments , 2017, IACR Cryptol. ePrint Arch..

[15]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[16]  Robert K. Cunningham,et al.  Catching MPC Cheaters: Identification and Openability , 2017, ICITS.

[17]  Serge Fehr,et al.  Cheater Detection in SPDZ Multiparty Computation , 2016, ICITS.

[18]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[19]  Shai Halevi,et al.  Supporting Private Data on Hyperledger Fabric with Secure Multiparty Computation , 2018, 2018 IEEE International Conference on Cloud Engineering (IC2E).

[20]  Ledger Edinburgh Research Explorer Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016 .

[21]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[22]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[23]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[24]  Emmanuela Orsini,et al.  High-Performance Multi-party Computation for Binary Circuits Based on Oblivious Transfer , 2021, IACR Cryptol. ePrint Arch..

[25]  Yehuda Lindell,et al.  Complete Fairness in Secure Two-Party Computation , 2011, JACM.

[26]  Rafail Ostrovsky,et al.  Secure Multi-Party Computation with Identifiable Abort , 2014, CRYPTO.

[27]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[28]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[29]  Tommaso Gagliardoni,et al.  The Wonderful World of Global Random Oracles , 2018, IACR Cryptol. ePrint Arch..

[30]  Gilad Asharov,et al.  Towards Characterizing Complete Fairness in Secure Two-Party Computation , 2014, IACR Cryptol. ePrint Arch..

[31]  Yehuda Lindell,et al.  On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation , 2006, CRYPTO.

[32]  Emmanuela Orsini,et al.  Dishonest Majority Multi-Party Computation for Binary Circuits , 2014, IACR Cryptol. ePrint Arch..

[33]  Ignacio Cascudo,et al.  Rate-1, Linear Time and Additively Homomorphic UC Commitments , 2016, CRYPTO.

[34]  Eran Omri,et al.  Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions , 2015, TCC.

[35]  Marcin Andrychowicz,et al.  Fair Two-Party Computations via Bitcoin Deposits , 2014, Financial Cryptography Workshops.

[36]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[37]  Vinod Vaikuntanathan,et al.  Improvements to Secure Computation with Penalties , 2016, CCS.

[38]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[39]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[40]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[41]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[42]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[43]  Emmanuela Orsini,et al.  Efficient Secure Multiparty Computation with Identifiable Abort , 2016, IACR Cryptol. ePrint Arch..

[44]  Matthew Green,et al.  Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards , 2017, CCS.