Secure Multiparty Computation and Secret Sharing

In a data-driven society, individuals and companies encounter numerous situations where private information is an important resource. How can parties handle confidential data if they do not trust everyone involved? This text is the first to present a comprehensive treatment of unconditionally secure techniques for multiparty computation (MPC) and secret sharing. In a secure MPC, each party possesses some private data, while secret sharing provides a way for one party to spread information on a secret such that all parties together hold full information, yet no single party has all the information. The authors present basic feasibility results from the last 30 years, generalizations to arbitrary access structures using linear secret sharing, some recent techniques for efficiency improvements, and a general treatment of the theory of secret sharing, focusing on asymptotic results with interesting applications related to MPC.

[1]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[2]  Douglas R. Stinson,et al.  Decomposition constructions for secret-sharing schemes , 1994, IEEE Trans. Inf. Theory.

[3]  Gabriel Bracha,et al.  An O(log n) expected rounds randomized byzantine generals protocol , 1987, JACM.

[4]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[5]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[6]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[7]  Eike Kiltz,et al.  Unconditionally Secure Constant Round Multi-Party Computation for Equality, Comparison, Bits and Exponentiation , 2006, IACR Cryptol. ePrint Arch..

[8]  Ueli Maurer,et al.  Constructive Cryptography - A New Paradigm for Security Definitions and Proofs , 2011, TOSCA.

[9]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[10]  Matthias Fitzi,et al.  Efficient Byzantine Agreement Secure Against General Adversaries , 1998, DISC.

[11]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[12]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[13]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[14]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[15]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[16]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[17]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[18]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[19]  Pierre Samuel,et al.  Algebraic theory of numbers , 1971 .

[20]  Hugues Randriambololona Asymptotically Good Binary Linear Codes With Asymptotically Good Self-Intersection Spans , 2013, IEEE Transactions on Information Theory.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[23]  Ignacio Cascudo,et al.  Squares of Random Linear Codes , 2014, IEEE Transactions on Information Theory.

[24]  Robert Rolland,et al.  ON THE BILINEAR COMPLEXITY OF THE MULTIPLICATION IN FINITE FIELDS , 2005 .

[25]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[26]  Simeon Ball,et al.  On sets of vectors of a finite vector space in which every subset of basis size is a basis II , 2012, Designs, Codes and Cryptography.

[27]  Hao Chen,et al.  Secure Computation from Random Error Correcting Codes , 2007, EUROCRYPT.

[28]  Ivan Damgård,et al.  Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing , 2013, TCC.

[29]  Kenneth W. Shum,et al.  A low-complexity algorithm for the construction of algebraic-geometric codes better than the Gilbert-Varshamov bound , 2001, IEEE Trans. Inf. Theory.

[30]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[31]  Ignacio Cascudo,et al.  Strongly Multiplicative Ramp Schemes from High Degree Rational Points on Curves , 2008, EUROCRYPT.

[32]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[33]  Luciane Quoos,et al.  Bases for Riemann–Roch Spaces of One-Point Divisors on an Optimal Tower of Function Fields , 2011, IEEE Transactions on Information Theory.

[34]  Dennis Hofheinz,et al.  GNUC: A New Universal Composability Framework , 2015, Journal of Cryptology.

[35]  Kaoru Kurosawa,et al.  Some Basic Properties of General Nonperfect Secret Sharing Schemes , 1998, J. Univers. Comput. Sci..

[36]  Michael Rosen,et al.  Number Theory in Function Fields , 2002 .

[37]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[38]  Ignacio Cascudo,et al.  Asymptotic Bound for Multiplication Complexity in the Extensions of Small Finite Fields , 2012, IEEE Transactions on Information Theory.

[39]  Richard M. Wilson,et al.  A course in combinatorics , 1992 .

[40]  Alfredo De Santis,et al.  On Secret Sharing Schemes , 1998, Inf. Process. Lett..

[41]  Henning Stichtenoth,et al.  A new tower over cubic finite fields , 2008 .

[42]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[43]  Carles Padró,et al.  Optimal Algebraic Manipulation Detection Codes in the Constant-Error Model , 2015, TCC.

[44]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[45]  H. Stichtenoth,et al.  On the Asymptotic Behaviour of Some Towers of Function Fields over Finite Fields , 1996 .

[46]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[47]  Ingemar Ingemarsson,et al.  A Construction of Practical Secret Sharing Schemes using Linear Block Codes , 1992, AUSCRYPT.

[48]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[49]  ME Marten Secret key sharing and secret key generation , 1997 .

[50]  M. Tsfasman,et al.  Algebraic Geometric Codes: Basic Notions , 2007 .

[51]  Tsit Yuen Lam,et al.  Introduction To Quadratic Forms Over Fields , 2004 .

[52]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[53]  J. H. van Lint,et al.  Introduction to Coding Theory , 1982 .

[54]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[55]  Ronald Cramer,et al.  Optimal Black-Box Secret Sharing over Arbitrary Abelian Groups , 2002, CRYPTO.

[56]  Ivan Damgård,et al.  Linear Integer Secret Sharing and Distributed Exponentiation , 2006, IACR Cryptol. ePrint Arch..

[57]  Iwan Duursma,et al.  On lower bounds for the Ihara constants $A(2)$ and $A(3)$ , 2011, Compositio Mathematica.

[58]  Alfredo De Santis,et al.  Efficient Sharing of Many Secrets , 1993, STACS.

[59]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[60]  Michael Francis Atiyah,et al.  Introduction to commutative algebra , 1969 .

[61]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[62]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[63]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[64]  Peter Bro Miltersen,et al.  Efficient Multiparty Protocols via Log-Depth Threshold Formulae , 2013, Electron. Colloquium Comput. Complex..

[65]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[66]  Henning Stichtenoth,et al.  Algebraic function fields and codes , 1993, Universitext.

[67]  Richard M. Wilson,et al.  On the minimum distance of cyclic codes , 1986, IEEE Trans. Inf. Theory.

[68]  Amit Sahai,et al.  On Perfect and Adaptive Security in Exposure-Resilient Cryptography , 2001, EUROCRYPT.

[69]  Madhu Sudan,et al.  Decoding of Reed Solomon Codes beyond the Error-Correction Bound , 1997, J. Complex..

[70]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[71]  J. C. Martin,et al.  Introduction to Languages and the Theory of Computation" 3rd Ed , 1991 .

[72]  Birgit Pfitzmann,et al.  Secure Reactive Systems , 2000 .

[73]  K. A. Bush Orthogonal Arrays of Index Unity , 1952 .

[74]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[75]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[76]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation (Extended Abstract) , 1998, CRYPTO.

[77]  J. Massey Some Applications of Coding Theory in Cryptography , 1999 .

[78]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[79]  M. Tsfasman,et al.  Modular curves, Shimura curves, and Goppa codes, better than Varshamov‐Gilbert bound , 1982 .

[80]  Nader H. Bshouty Multilinear Complexity is Equivalent to Optimal Tester Size , 2013, Electron. Colloquium Comput. Complex..

[81]  H. Stichtenoth,et al.  A tower of Artin-Schreier extensions of function fields attaining the Drinfeld-Vladut bound , 1995 .

[82]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[83]  I. Shparlinski,et al.  Curves with many points and multiplication in finite fileds , 1992 .

[84]  Henning Stichtenoth,et al.  An explicit tower of function fields over cubic finite fields and Zink’s lower bound , 2005 .

[85]  Ignacio Cascudo,et al.  On Secret Sharing with Nonlinear Product Reconstruction , 2013, SIAM J. Discret. Math..

[86]  Venkatesan Guruswami,et al.  List decoding reed-solomon, algebraic-geometric, and gabidulin subcodes up to the singleton bound , 2013, STOC '13.

[87]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[88]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[89]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[90]  Jesper Buus Nielsen,et al.  On Protocol Security in the Cryptographic Model , 2003 .

[91]  Arnaldo Garcia On Towers and Composita of Towers of Function Fields over Finite Fields , 1997 .

[92]  Eli Ben-Sasson,et al.  A new family of locally correctable codes based on degree-lifted algebraic geometry codes , 2013, STOC '13.

[93]  Ignacio Cascudo,et al.  Torsion Limits and Riemann-Roch Systems for Function Fields and Applications , 2012, IEEE Transactions on Information Theory.

[94]  Marcel van der Vlugt,et al.  An asymptotically good tower of curves over the field with eight elements , 2001 .

[95]  Rafail Ostrovsky,et al.  Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority , 2012, CRYPTO.

[96]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[97]  Henning Stichtenoth,et al.  Towers of Function Fields over Non-prime Finite Fields , 2012, 1202.5922.

[98]  Alain Couvreur,et al.  Polynomial Time Attack on Wild McEliece Over Quadratic Extensions , 2017, IEEE Transactions on Information Theory.

[99]  Michael Clausen,et al.  Algebraic complexity theory , 1997, Grundlehren der mathematischen Wissenschaften.

[100]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[101]  Ivan Damgård,et al.  On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations , 2012, ICITS.

[102]  W. Cary Huffman,et al.  Fundamentals of Error-Correcting Codes , 1975 .

[103]  Ruud Pellikaan,et al.  On decoding by error location and dependent sets of error positions , 1992, Discret. Math..

[104]  V. D. Goppa Codes on Algebraic Curves , 1981 .

[105]  Alain Couvreur,et al.  Distinguisher-based attacks on public-key cryptosystems using Reed–Solomon codes , 2013, Des. Codes Cryptogr..

[106]  Rafail Ostrovsky,et al.  Constant-Rate Oblivious Transfer from Noisy Channels , 2011, CRYPTO.

[107]  Iwan M. Duursma,et al.  Error-locating pairs for cyclic codes , 1994, IEEE Trans. Inf. Theory.

[108]  Ignacio Cascudo,et al.  The arithmetic codex , 2012, 2012 IEEE Information Theory Workshop.

[109]  Yuval Ishai,et al.  OT-Combiners via Secure Computation , 2008, TCC.

[110]  Ignacio Cascudo,et al.  The Torsion-Limit for Algebraic Function Fields and Its Application to Arithmetic Secret Sharing , 2011, CRYPTO.

[111]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[112]  Ivan Damgård,et al.  Adaptive versus Static Security in the UC Model , 2014, ProvSec.

[113]  D. V. Chudnovsky,et al.  Algebraic complexities and algebraic curves over finite fields , 1987, J. Complex..

[114]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[115]  Paul G. Hoel,et al.  Introduction to Probability Theory , 1972 .

[116]  Iwan M. Duursma,et al.  Multiplicative secret sharing schemes from Reed-Muller type codes , 2012, 2012 IEEE International Symposium on Information Theory Proceedings.

[117]  Carles Padró,et al.  Multi-linear Secret-Sharing Schemes , 2014, TCC.

[118]  Ivan Damgård,et al.  On the complexity of verifiable secret sharing and multiparty computation , 2000, STOC '00.

[119]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[120]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[121]  S. Lang Algebraic Number Theory , 1971 .

[122]  Yvo Desmedt,et al.  Perfect Homomorphic Zero-Knowledge Threshold Schemes over any Finite Abelian Group , 1994, SIAM J. Discret. Math..

[123]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[124]  Iwan Duursma,et al.  Algebraic geometry codes: general theory , 2008 .

[125]  Ignacio Cascudo,et al.  Asymptotically Good Ideal Linear Secret Sharing with Strong Multiplication over Any Fixed Finite Field , 2009, CRYPTO.

[126]  Keith M. Martin,et al.  A combinatorial interpretation of ramp schemes , 1996, Australas. J Comb..

[127]  S. Hansen Rational Points on Curves over Finite Fields , 1995 .

[128]  Ignacio Cascudo,et al.  Bounds on the Threshold Gap in Secret Sharing and its Applications , 2013, IEEE Transactions on Information Theory.

[129]  Iwan M. Duursma,et al.  Coset bounds for algebraic geometric codes , 2008, Finite Fields Their Appl..

[130]  Ronald Cramer The Arithmetic Codex: Theory and Applications , 2011, EUROCRYPT.

[131]  Th. Zink,et al.  Degeneration of Shimura surfaces and a problem in coding theory , 1985, FCT.

[132]  J. Rotman An Introduction to the Theory of Groups , 1965 .

[133]  Ronald Cramer,et al.  Black-Box Secret Sharing from Primitive Sets in Algebraic Number Fields , 2005, CRYPTO.

[134]  Danny Dolev,et al.  Polynomial algorithms for multiple processor agreement , 1982, STOC '82.

[135]  Hugues Randriambololona,et al.  Bilinear complexity of algebras and the Chudnovsky-Chudnovsky interpolation method , 2011, J. Complex..

[136]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[137]  G. R. Blakley,et al.  Ideal perfect threshold schemes and MDS codes , 1995, Proceedings of 1995 IEEE International Symposium on Information Theory.

[138]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[139]  Danny Dolev,et al.  Early stopping in Byzantine agreement , 1990, JACM.

[140]  Leslie G. Valiant,et al.  Short Monotone Formulae for the Majority Function , 1984, J. Algorithms.

[141]  Ruud Pellikaan ALGEBRAIC CURVES OVER FINITE FIELDS: (Cambridge Tracts in Mathematics 97) , 1992 .

[142]  Or Meir,et al.  Constant Rate PCPs for Circuit-SAT with Sublinear Query Complexity , 2013, FOCS.

[143]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[144]  Hugues Randriam Hecke operators with odd determinant and binary frameproof codes beyond the probabilistic bound? , 2010, 2010 IEEE Information Theory Workshop.

[145]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[146]  Hendrik W. Lenstra On a Problem of Garcia, Stichtenoth, and Thomas , 2002 .

[147]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[148]  E. Wright,et al.  An Introduction to the Theory of Numbers , 1939 .