Crowd Verifiable Zero-Knowledge and End-to-end Verifiable Multiparty Computation

Auditing a secure multiparty computation (MPC) protocol entails the validation of the protocol transcript by a third party that is otherwise untrusted. In this work we introduce the concept of end-to-end verifiable MPC (VMPC), that requires the validation to provide a correctness guarantee even in the setting that all servers, trusted setup primitives and all the client systems utilized by the input-providing users of the MPC protocol are subverted by an adversary. To instantiate VMPC, we introduce a new concept in the setting of zero-knowlegde protocols that we term crowd verifiable zero-knowledge (CVZK). A CVZK protocol enables a prover to convince a set of verifiers about a certain statement, even though each one individually contributes a small amount of entropy for verification and some of them are adversarially controlled. Given CVZK, we present a VMPC protocol that is based on discretelogarithm related assumptions. At the high level of adversity that VMPC is meant to withstand, it is infeasible to ensure perfect correctness, thus we investigate the classes of functions and verifiability relations that are feasible in our framework, and present a number of possible applications the underlying functions of which can be implemented via VMPC.

[1]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[2]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[3]  Nathan Linial,et al.  The influence of large coalitions , 1993, Comb..

[4]  Ivan Damgård,et al.  Publicly Auditable Secure Multi-Party Computation , 2014, SCN.

[5]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[6]  Ivan Damgård,et al.  Confidential Benchmarking Based on Multiparty Computation , 2016, Financial Cryptography.

[7]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[8]  Donald Beaver,et al.  Commodity-based cryptography (extended abstract) , 1997, STOC '97.

[9]  Josh Benaloh,et al.  Ballot Casting Assurance via Voter-Initiated Poll Station Auditing , 2007, EVT.

[10]  Carmit Hazay,et al.  On the Power of Secure Two-Party Computation , 2016, Journal of Cryptology.

[11]  Rafail Ostrovsky,et al.  Incoercible Multi-party Computation and Universally Composable Receipt-Free Voting , 2015, CRYPTO.

[12]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[13]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[14]  Yevgeniy Dodis,et al.  Randomness Condensers for Efficiently Samplable, Seed-Dependent Sources , 2012, TCC.

[15]  Yael Tauman Kalai,et al.  From Obfuscation to the Security of Fiat-Shamir for Proofs , 2017, CRYPTO.

[16]  Carl M. Ellison,et al.  Ceremony Design and Analysis , 2007, IACR Cryptol. ePrint Arch..

[17]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[18]  Véronique Cortier,et al.  SoK: Verifiability Notions for E-Voting Protocols , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[19]  Ben Riva,et al.  Salus: a system for server-aided secure function evaluation , 2012, CCS.

[20]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[21]  Berry Schoenmakers,et al.  Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems , 2015, ACNS.

[22]  Adi Shamir,et al.  Publicly Verifiable Non-Interactive Zero-Knowledge Proofs , 1990, CRYPTO.

[23]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[24]  Ran Canetti,et al.  Adaptive Hardness and Composable Security in the Plain Model from Standard Assumptions , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[25]  Vinod Vaikuntanathan,et al.  On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption , 2012, STOC '12.

[26]  Ralf Küsters,et al.  Clash Attacks on the Verifiability of E-Voting Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[27]  Aggelos Kiayias,et al.  End-to-End Verifiable Elections in the Standard Model , 2015, EUROCRYPT.

[28]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[29]  Ivan Visconti,et al.  Online/Offline OR Composition of Sigma Protocols , 2016, IACR Cryptol. ePrint Arch..

[30]  Silvio Micali,et al.  How to play any mental game, or a completeness theorem for protocols with honest majority , 2019, Providing Sound Foundations for Cryptography.

[31]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[32]  Raghu Meka,et al.  Explicit Resilient Functions Matching Ajtai-Linial , 2015, SODA.

[33]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[34]  Aggelos Kiayias,et al.  DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles , 2015, CCS.

[35]  Rafael Pass,et al.  Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition , 2003, EUROCRYPT.

[36]  Vipul Goyal,et al.  On the Existence of Three Round Zero-Knowledge Proofs , 2018, IACR Cryptol. ePrint Arch..

[37]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[38]  Nathan Linial,et al.  Collective coin flipping, robust voting schemes and minima of Banzhaf values , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[39]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[40]  Yehuda Lindell,et al.  An Efficient Transform from Sigma Protocols to NIZK with a CRS and Non-programmable Random Oracle , 2015, TCC.

[41]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[42]  C. Andrew Ne,et al.  Practical high certainty intent verification for encrypted votes , 2004 .

[43]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[44]  David Zuckerman,et al.  Explicit two-source extractors and resilient functions , 2016, Electron. Colloquium Comput. Complex..

[45]  Xin Li,et al.  Improved Two-Source Extractors, and Affine Extractors for Polylogarithmic Entropy , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[46]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[47]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[48]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[49]  Yehuda Lindell,et al.  Secure Multiparty Computation for Privacy-Preserving Data Mining , 2009, IACR Cryptol. ePrint Arch..

[50]  Yvo Desmedt,et al.  Broadcast Interactive Proofs (Extended Abstract) , 1991, EUROCRYPT.

[51]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[52]  Abhi Shelat,et al.  Fair-Zero Knowledge , 2005, TCC.

[53]  Yehuda Lindell,et al.  Secure Computation on the Web: Computing without Simultaneous Interaction , 2011, IACR Cryptol. ePrint Arch..

[54]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[55]  Nathan Linial,et al.  The Influence of Variables on Boolean Functions (Extended Abstract) , 1988, FOCS 1988.

[56]  Aggelos Kiayias,et al.  Ceremonies for End-to-End Verifiable Elections , 2015, IACR Cryptol. ePrint Arch..

[57]  Ivan Visconti,et al.  Improved OR Composition of Sigma-Protocols , 2016, IACR Cryptol. ePrint Arch..

[58]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[59]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[60]  Georg Fuchsbauer,et al.  NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion , 2016, IACR Cryptol. ePrint Arch..

[61]  Anat Paskin-Cherniavsky,et al.  Secure Multiparty Computation with Minimal Interaction , 2010, CRYPTO.

[62]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.