Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography

We study the following two related questions: What are the minimal computational resources required for general secure multiparty computation in the presence of an honest majority? What are the minimal resources required for two-party primitives such as zero-knowledge proofs and general secure two-party computation? We obtain a nearly tight answer to the first question by presenting a perfectly secure protocol which allows n players to evaluate an arithmetic circuit of size s by performing a total of $\mathcal{O}(s\log s\log^2 n)$ arithmetic operations, plus an additive term which depends (polynomially) on n and the circuit depth, but only logarithmically on s. Thus, for typical large-scale computations whose circuit width is much bigger than their depth and the number of players, the amortized overhead is just polylogarithmic in n and s. The protocol provides perfect security with guaranteed output delivery in the presence of an active, adaptive adversary corrupting a (1/3−e) fraction of the players, for an arbitrary constant e>0 and sufficiently large n. The best previous protocols in this setting could only offer computational security with a computational overhead of poly(k,logn,logs), where k is a computational security parameter, or perfect security with a computational overhead of $\mathcal{O}(n\log n)$. We then apply the above result towards making progress on the second question. Concretely, under standard cryptographic assumptions, we obtain zero-knowledge proofs for circuit satisfiability with 2−k soundness error in which the amortized computational overhead per gate is only polylogarithmic in k, improving over the ω(k) overhead of the best previous protocols. Under stronger cryptographic assumptions, we obtain similar results for general secure two-party computation.

[1]  V. Benes Optimal rearrangeable multistage connecting networks , 1964 .

[2]  Abraham Waksman,et al.  A Permutation Network , 1968, JACM.

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Gabriel Bracha,et al.  An O(log n) expected rounds randomized byzantine generals protocol , 1987, JACM.

[5]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[6]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[7]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[8]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[9]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[10]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[11]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[12]  Ueli Maurer,et al.  Efficient Secure Multi-party Computation , 2000, ASIACRYPT.

[13]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[14]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[15]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[16]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Eli Ben-Sasson,et al.  Short PCPs verifiable in polylogarithmic time , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[18]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[19]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[20]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[21]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[22]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[23]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[24]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[25]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[26]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[27]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[28]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.