Separating Two-Round Secure Computation From Oblivious Transfer

We consider the question of minimizing the round complexity of protocols for secure multiparty computation (MPC) with security against an arbitrary number of semi-honest parties. Very recently, Garg and Srinivasan (Eurocrypt 2018) and Benhamouda and Lin (Eurocrypt 2018) constructed such 2-round MPC protocols from minimal assumptions. This was done by showing a round preserving reduction to the task of secure 2-party computation of the oblivious transfer functionality (OT). These constructions made a novel non-black-box use of the underlying OT protocol. The question remained whether this can be done by only making black-box use of 2-round OT. This is of theoretical and potentially also practical value as black-box use of primitives tends to lead to more efficient constructions. Our main result proves that such a black-box construction is impossible, namely that nonblack-box use of OT is necessary. As a corollary, a similar separation holds when starting with any 2-party functionality other than OT. As a secondary contribution, we prove several additional results that further clarify the landscape of black-box MPC with minimal interaction. In particular, we complement the separation from 2-party functionalities by presenting a complete 4-party functionality, give evidence for the difficulty of ruling out a complete 3-party functionality and for the difficulty of ruling out blackbox constructions of 3-round MPC from 2-round OT, and separate a relaxed “non-compact” variant of 2-party homomorphic secret sharing from 2-round OT. ∗Supported by the European Union’s Horizon 2020 Programme (ERC-StG-2014-2020) under grant agreement no. 639813 ERC-CLC, and the Check Point Institute for Information Security. †Supported by the Binational Science Foundation (Grant No. 2016726), and by the European Union Horizon 2020 Research and Innovation Program via ERC Project REACT (Grant 756482) and via Project PROMETHEUS (Grant 780701). ‡Supported in part from AFOSR Award FA9550-19-1-0200, AFOSR YIP Award, NSF CNS Award 1936826, DARPA and SPAWAR under contract N66001-15-C-4065, a Hellman Award and research grants by the Okawa Foundation, Visa Inc., and Center for Long-Term Cybersecurity (CLTC, UC Berkeley). The views expressed are those of the authors and do not reflect the official policy or position of the funding agencies. §Supported by ERC Project NTSC (742754), NSF-BSF grant 2015782, BSF grant 2018393, and a grant from the Ministry of Science and Technology, Israel and Department of Science and Technology, Government of India.

[1]  Gabriel Bracha,et al.  An O(log n) expected rounds randomized byzantine generals protocol , 1987, JACM.

[2]  Yuval Ishai,et al.  COMPUTATIONALLY PRIVATE RANDOMIZING POLYNOMIALS AND THEIR APPLICATIONS , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[3]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[4]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[5]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[6]  Sanjam Garg,et al.  When Does Functional Encryption Imply Obfuscation? , 2017, TCC.

[7]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[8]  Periklis A. Papakonstantinou,et al.  How powerful are the DDH hard groups? , 2012, Electron. Colloquium Comput. Complex..

[9]  Yuval Ishai,et al.  Low-Complexity Cryptographic Hash Functions , 2017, ITCS.

[10]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[11]  Nir Bitansky,et al.  Indistinguishability Obfuscation from Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[12]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[13]  Yuval Ishai,et al.  Foundations of Homomorphic Secret Sharing , 2018, ITCS.

[14]  Fuyuki Kitagawa,et al.  Obfustopia Built on Secret-Key Functional Encryption , 2018, Journal of Cryptology.

[15]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[16]  Zvika Brakerski,et al.  Perfect Secure Computation in Two Rounds , 2018, IACR Cryptol. ePrint Arch..

[17]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[18]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[19]  Rafail Ostrovsky,et al.  Secure Multi-Party Computation with Identifiable Abort , 2014, CRYPTO.

[20]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[21]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[22]  Salil P. Vadhan,et al.  Derandomization in Cryptography , 2003, SIAM J. Comput..

[23]  Rafail Ostrovsky,et al.  Trapdoor Hash Functions and Their Applications , 2019, IACR Cryptol. ePrint Arch..

[24]  Eran Omri,et al.  Limits on the Usefulness of Random Oracles , 2013, Journal of Cryptology.

[25]  Manoj Prabhakaran,et al.  Limits of random oracles in secure computation , 2012, Electron. Colloquium Comput. Complex..

[26]  Eyal Kushilevitz,et al.  A Zero-One Law for Boolean Privacy (extended abstract) , 1989, STOC 1989.

[27]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[28]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[29]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[30]  Sanjam Garg,et al.  Two-round Multiparty Secure Computation from Minimal Assumptions , 2018, IACR Cryptol. ePrint Arch..

[31]  Sanjam Garg,et al.  On the Round Complexity of OT Extension , 2018, IACR Cryptol. ePrint Arch..

[32]  Ron Rothblum,et al.  Spooky Encryption and Its Applications , 2016, CRYPTO.

[33]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[34]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, FOCS.

[35]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[36]  Daniel Wichs,et al.  Two Round Multiparty Computation via Multi-key FHE , 2016, EUROCRYPT.

[37]  Abhishek Jain,et al.  Indistinguishability Obfuscation from Compact Functional Encryption , 2015, CRYPTO.

[38]  Arka Rai Choudhuri,et al.  A New Approach to Round-Optimal Secure Multiparty Computation , 2017, CRYPTO.

[39]  Yuval Ishai,et al.  Randomization Techniques for Secure Computation , 2013, Secure Multi-Party Computation.

[40]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[41]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[42]  Fabrice Benhamouda,et al.  k-Round Multiparty Computation from k-Round Oblivious Transfer via Garbled Interactive Circuits , 2018, EUROCRYPT.

[43]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[44]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[45]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[46]  Gil Segev,et al.  Limits on the Power of Indistinguishability Obfuscation and Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[47]  Yuval Ishai,et al.  Breaking the Circuit Size Barrier for Secure Computation Under DDH , 2016, CRYPTO.

[48]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[49]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[50]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[51]  Rafael Pass,et al.  The Curious Case of Non-Interactive Commitments - On the Power of Black-Box vs. Non-Black-Box Use of Primitives , 2012, CRYPTO.

[52]  Yuval Ishai,et al.  Two-Round MPC: Information-Theoretic and Black-Box , 2018, IACR Cryptol. ePrint Arch..

[53]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[54]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[55]  Nico Döttling,et al.  Identity-Based Encryption from the Diffie-Hellman Assumption , 2017, CRYPTO.

[56]  Rafail Ostrovsky,et al.  Identifying Cheaters without an Honest Majority , 2012, TCC.

[57]  Yuval Ishai,et al.  Group-Based Secure Computation: Optimizing Rounds, Communication, and Computation , 2017, EUROCRYPT.

[58]  Benny Applebaum,et al.  Garbled Circuits as Randomized Encodings of Functions: a Primer , 2017, Tutorials on the Foundations of Cryptography.

[59]  Yehuda Lindell,et al.  Black-Box Constructions of Protocols for Secure Computation , 2011, IACR Cryptol. ePrint Arch..

[60]  Nico Döttling,et al.  From Selective IBE to Full IBE and Selective HIBE , 2017, TCC.

[61]  Eran Omri,et al.  Completeness for Symmetric Two-Party Functionalities: Revisited , 2017, Journal of Cryptology.

[62]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..