Global-Scale Secure Multiparty Computation

We propose a new, constant-round protocol for multi-party computation of boolean circuits that is secure against an arbitrary number of malicious corruptions. At a high level, we extend and generalize recent work of Wang et al. in the two-party setting. Namely, we design an efficient preprocessing phase that allows the parties to generate authenticated information; we then show how to use this information to distributively construct a single "authenticated" garbled circuit that is evaluated by one party. Our resulting protocol improves upon the state-of-the-art both asymptotically and concretely. We validate these claims via several experiments demonstrating both the efficiency and scalability of our protocol: Efficiency: For three-party computation over a LAN, our protocol requires only 95 ms to evaluate AES. This is roughly a 700X improvement over the best prior work, and only 2.5X slower than the best known result in the two-party setting. In general, for n-party computation our protocol improves upon prior work (which was never implemented) by a factor of more than 230n, e.g., an improvement of 3 orders of magnitude for 5-party computation. Scalability: We successfully executed our protocol with a large number of parties located all over the world, computing (for example) AES with 128 parties across 5 continents in under 3 minutes. Our work represents the largest-scale demonstration of secure computation to date.

[1]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[2]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[3]  Yehuda Lindell,et al.  Efficient Constant Round Multi-Party Computation Combining BMR and SPDZ , 2015, IACR Cryptol. ePrint Arch..

[4]  Yehuda Lindell,et al.  High-Throughput Secure Three-Party Computation for Malicious Adversaries and an Honest Majority , 2017, IACR Cryptol. ePrint Arch..

[5]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[6]  Ye Zhang,et al.  Fast and Secure Three-party Computation: The Garbled Circuit Approach , 2015, IACR Cryptol. ePrint Arch..

[7]  Marc X. Makkes,et al.  Efficient Implementation of the Orlandi Protocol , 2010, ACNS.

[8]  Marcel Keller,et al.  A Unified Approach to MPC with Preprocessing using OT , 2015, IACR Cryptol. ePrint Arch..

[9]  Marcel Keller,et al.  An architecture for practical actively secure MPC with dishonest majority , 2013, IACR Cryptol. ePrint Arch..

[10]  Emmanuela Orsini,et al.  Dishonest Majority Multi-Party Computation for Binary Circuits , 2014, IACR Cryptol. ePrint Arch..

[11]  Alex J. Malozemoff,et al.  Efficient Three-Party Computation from Cut-and-Choose , 2014, CRYPTO.

[12]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[13]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[14]  Eran Omri,et al.  Optimizing Semi-Honest Secure Multiparty Computation for the Internet , 2016, IACR Cryptol. ePrint Arch..

[15]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[16]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[17]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[18]  Marcel Keller,et al.  Actively Secure OT Extension with Optimal Overhead , 2015, CRYPTO.

[19]  Marcel Keller,et al.  Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol , 2012, SCN.

[20]  Alex J. Malozemoff,et al.  Faster Two-Party Computation Secure Against Malicious Adversaries in the Single-Execution Setting , 2016, IACR Cryptol. ePrint Arch..

[21]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[22]  Peter Scholl,et al.  Low Cost Constant Round MPC Combining BMR and Oblivious Transfer , 2017, Journal of Cryptology.

[23]  A. Zuger A New Approach to , 2013 .

[24]  Dan Bogdanov,et al.  Students and Taxes: a Privacy-Preserving Study Using Secure Computation , 2016, Proc. Priv. Enhancing Technol..

[25]  Alex J. Malozemoff,et al.  Efficiently Enforcing Input Validity in Secure Two-party Computation , 2016, IACR Cryptol. ePrint Arch..

[26]  Yehuda Lindell,et al.  High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority , 2016, IACR Cryptol. ePrint Arch..

[27]  Thomas Schneider,et al.  Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO , 2017, NDSS.

[28]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[29]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[30]  Ivan Damgård,et al.  Asynchronous Multiparty Computation: Theory and Implementation , 2008, IACR Cryptol. ePrint Arch..

[31]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[32]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[33]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[34]  Yehuda Lindell,et al.  Secure Multi-Party Computation without Agreement , 2005, Journal of Cryptology.

[35]  Emmanuela Orsini,et al.  High-Performance Multi-party Computation for Binary Circuits Based on Oblivious Transfer , 2021, IACR Cryptol. ePrint Arch..

[36]  Dan Bogdanov,et al.  Students and Taxes: a Privacy-Preserving Social Study Using Secure Computation , 2015, IACR Cryptol. ePrint Arch..

[37]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[38]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[39]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[40]  Jonathan Katz,et al.  Secure Multi-Party Computation of Boolean Circuits with Applications to Privacy in On-Line Marketplaces , 2012, CT-RSA.

[41]  Benny Pinkas,et al.  Non-Interactive Secure Computation Based on Cut-and-Choose , 2014, IACR Cryptol. ePrint Arch..

[42]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[43]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[44]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[45]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.