Black-Box Constructions for Secure Computation ∗ (extended abstract)

It is well known that the secure computation of non-trivial functionalities in the setting of no honest majority requires computational assumptions. We study the way such computational assumptions are used. Specifically, we ask whether the secure protocol can use the underlying primitive (e.g., one-way trapdoor permutation) in a black-box way, or must it be nonblack-box (by referring to the code that computes this primitive)? Despite the fact that many general constructions of cryptographic schemes (e.g., CPA-secure encryption) refer to the underlying primitive in a black-box way only, there are some constructions that are inherently nonblack-box. Indeed, all known constructions of protocols for general secure computation that are secure in the presence of a malicious adversary and without an honest majority use the underlying primitive in a nonblack-box way (requiring to prove in zero-knowledge statements that relate to the primitive). In this paper, we study whether such nonblack-box use is essential. We present protocols that use only black-box access to a family of (enhanced) trapdoor permutations or to a homomorphic public-key encryption scheme. The result is a protocol whose communication complexity is independent of the computational complexity of the underlying primitive (e.g., a trapdoor permutation) and whose computational complexity grows only linearly with that of the underlying primitive. This is the first protocol to exhibit these properties.

[1]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[2]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[3]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[4]  Joe Kilian,et al.  Uses of randomness in algorithms and protocols , 1990 .

[5]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[6]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[7]  Russell Impagliazzo,et al.  Limits on the Provable Consequences of One-way Permutations , 1988, CRYPTO.

[8]  Stefan Wolf,et al.  Oblivious Transfer Is Symmetric , 2006, EUROCRYPT.

[9]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[10]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[11]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[12]  Tal Malkin,et al.  On the impossibility of basing trapdoor functions on trapdoor predicates , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[13]  Joe Kilian,et al.  Improved Efficient Arguments (Preliminary Version) , 1995, CRYPTO.

[14]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[15]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[16]  Yehuda Lindell,et al.  A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions , 2006, Journal of Cryptology.

[17]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[18]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[19]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[20]  Daniel R. Simon,et al.  Limits on the efficiency of one-way permutation-based hash functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[21]  Moni Naor,et al.  Communication preserving protocols for secure function evaluation , 2001, STOC '01.

[22]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[23]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[24]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[25]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[26]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.