On the Power of Correlated Randomness in Secure Computation

We investigate the extent to which correlated secret randomness can help in secure computation with no honest majority. It is known that correlated randomness can be used to evaluate any circuit of size s with perfect security against semi-honest parties or statistical security against malicious parties, where the communication complexity grows linearly with s. This leaves open two natural questions: (1) Can the communication complexity be made independent of the circuit size? (2) Is it possible to obtain perfect security against malicious parties? We settle the above questions, obtaining both positive and negative results on unconditionally secure computation with correlated randomness. Concretely, we obtain the following results. Minimizing communication. Any multiparty functionality can be realized, with perfect security against semi-honest parties or statistical security against malicious parties, by a protocol in which the number of bits communicated by each party is linear in its input length. Our protocol uses an exponential number of correlated random bits. We give evidence that super-polynomial randomness complexity may be inherent. Perfect security against malicious parties. Any finite 'sender-receiver' functionality, which takes inputs from a sender and a receiver and delivers an output only to the receiver, can be perfectly realized given correlated randomness. In contrast, perfect security is generally impossible for functionalities which deliver outputs to both parties. We also show useful functionalities (such as string equality) for which there are efficient perfectly secure protocols in the correlated randomness model. Perfect correctness in the plain model. We present a general approach for transforming perfectly secure protocols for sender-receiver functionalities in the correlated randomness model into secure protocols in the plain model which offer perfect correctness against a malicious sender. This should be contrasted with the impossibility of perfectly sound zero-knowledge proofs.

[1]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[2]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[3]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[4]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[5]  Matthias Fitzi,et al.  Pseudo-signatures, Broadcast, and Multi-party Computation from Correlated Randomness , 2004, CRYPTO.

[6]  Matthias Fitzi,et al.  Unconditional Byzantine Agreement and Multi-party Computation Secure against Dishonest Minorities from Scratch , 2002, EUROCRYPT.

[7]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[8]  Moni Naor,et al.  Derandomized Constructions of k-Wise (Almost) Independent Permutations , 2005, Algorithmica.

[9]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[10]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[11]  Donald Beaver,et al.  Commodity-based cryptography (extended abstract) , 1997, STOC '97.

[12]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[13]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[14]  Goichiro Hanaoka,et al.  Information-theoretically secure oblivious polynomial evaluation in the commodity-based model , 2014, International Journal of Information Security.

[15]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[16]  Barbara Masucci,et al.  Constructions and Bounds for Unconditionally Secure Non-Interactive Commitment Schemes , 2002, Des. Codes Cryptogr..

[17]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[18]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[19]  Birgit Pfitzmann,et al.  Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3 , 2007 .

[20]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[21]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[22]  Ivan Damgård,et al.  Constant-Overhead Secure Computation for Boolean Circuits in the Preprocessing Model , 2012, IACR Cryptol. ePrint Arch..

[23]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[24]  C. Pandu Rangan,et al.  Round Efficient Unconditionally Secure MPC and Multiparty Set Intersection with Optimal Resilience , 2009, INDOCRYPT.

[25]  Ivan Damgård,et al.  Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing , 2013, TCC.

[26]  Severin Winkler,et al.  On the Efficiency of Classical and Quantum Oblivious Transfer Reductions , 2010, IACR Cryptol. ePrint Arch..

[27]  Rafail Ostrovsky,et al.  Identifying Cheaters without an Honest Majority , 2012, TCC.

[28]  InitializerRonald L. RivestLaboratory Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer , 1999 .

[29]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[30]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[31]  Dan Bogdanov,et al.  Deploying Secure Multi-Party Computation for Financial Data Analysis - (Short Paper) , 2012, Financial Cryptography.

[32]  Shachar Lovett,et al.  Probabilistic existence of regular combinatorial structures , 2011, ArXiv.

[33]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[34]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[35]  Shachar Lovett,et al.  Probabilistic existence of rigid combinatorial structures , 2012, STOC '12.

[36]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[37]  Jeroen van de Graaf,et al.  A Two-Party Protocol with Trusted Initializer for Computing the Inner Product , 2010, WISA.

[38]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[39]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[40]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.