Communication Lower Bounds for Statistically Secure MPC, with or without Preprocessing

We prove a lower bound on the communication complexity of unconditionally secure multiparty computation, both in the standard model with \(n=2t+1\) parties of which t are corrupted, and in the preprocessing model with \(n=t+1\). In both cases, we show that for any \(g \in \mathbb {N}\) there exists a Boolean circuit C with g gates, where any secure protocol implementing C must communicate \(\varOmega (n g)\) bits, even if only passive and statistical security is required. The results easily extends to constructing similar circuits over any fixed finite field. This shows that for all sizes of circuits, the O(n) overhead of all known protocols when t is maximal is inherent. It also shows that security comes at a price: the circuit we consider could namely be computed among n parties with communication only O(g) bits if no security was required. Our results extend to the case where the threshold t is suboptimal. For the honest majority case, this shows that the known optimizations via packed secret-sharing can only be obtained if one accepts that the threshold is \(t= (1/2 - c)n\) for a constant c. For the honest majority case, we also show an upper bound that matches the lower bound up to a constant factor (existing upper bounds are a factor \(\lg n\) off for Boolean circuits).

[1]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[2]  Geoffroy Couteau A Note on the Communication Complexity of Multiparty Computation in the Correlated Randomness Model , 2018, IACR Cryptol. ePrint Arch..

[3]  Vinod M. Prabhakaran,et al.  On the Communication Complexity of Secure Computation , 2013, IACR Cryptol. ePrint Arch..

[4]  Ingo Wegener,et al.  The Complexity of Symmetric Boolean Functions , 1987, Computation Theory and Logic.

[5]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[6]  Alfredo De Santis,et al.  Randomness complexity of private computation , 1999, computational complexity.

[7]  D SIAMJ. RANDOMNESS IN PRIVATE COMPUTATIONS , 1997 .

[8]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[9]  Eyal Kushilevitz,et al.  A Randomnesss-Rounds Tradeoff in Private Computation , 1994, CRYPTO.

[10]  Ivan Damgård,et al.  On the Communication Required for Unconditionally Secure Multiplication , 2016, CRYPTO.

[11]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[12]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[13]  Ivan Damgård,et al.  Statistical Secrecy and Multibit Commitments , 1998, IEEE Trans. Inf. Theory.

[14]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[15]  Ignacio Cascudo,et al.  Amortized Complexity of Information-Theoretically Secure MPC Revisited , 2018, IACR Cryptol. ePrint Arch..

[16]  Anat Paskin-Cherniavsky,et al.  On the Power of Correlated Randomness in Secure Computation , 2013, TCC.

[17]  Rafail Ostrovsky,et al.  Unconditionally Secure Computation with Reduced Interaction , 2016, EUROCRYPT.

[18]  Ingo Wegener,et al.  The complexity of Boolean functions , 1987 .

[19]  Anna Gál,et al.  Lower bounds on the amount of randomness in private computation , 2003, STOC '03.

[20]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[21]  Eyal Kushilevitz,et al.  A Communication-Privacy Tradeoff for Modular Addition , 1993, Inf. Process. Lett..