Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries

In the setting of secure two-party computation, two parties wish to securely compute a joint function of their private inputs, while revealing only the output. One of the primary techniques for achieving efficient secure two-party computation is that of Yao’s garbled circuits (FOCS 1986). In the semi-honest model, where just one garbled circuit is constructed and evaluated, Yao’s protocol has proven itself to be very efficient. However, a malicious adversary who constructs the garbled circuit may construct a garbling of a different circuit computing a different function, and this cannot be detected (due to the garbling). In order to solve this problem, many circuits are sent and some of them are opened to check that they are correct while the others are evaluated. This methodology, called cut-and-choose, introduces significant overhead, both in computation and in communication, and is mainly due to the number of circuits that must be used in order to prevent cheating.

[1]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols , 2010, Information Security and Cryptography.

[2]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[3]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, EUROCRYPT.

[4]  Yehuda Lindell,et al.  The IPS Compiler: Optimizations, Variants and Concrete Efficiency , 2011, CRYPTO.

[5]  J. Nielsen,et al.  Fast and Maliciously Secure Two-Party Computation Using the GPU , 2013, ACNS.

[6]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[7]  Ivan Damgård,et al.  Multiparty Computation for Dishonest Majority: from Passive to Active Security at Low Cost , 2010, IACR Cryptol. ePrint Arch..

[8]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[9]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[10]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[11]  Hugo Krawczyk,et al.  Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes , 2004, CRYPTO.

[12]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[13]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[14]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[15]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[16]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[17]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[18]  Pim Tuyls,et al.  Practical Two-Party Computation Based on the Conditional Gate , 2004, ASIACRYPT.

[19]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[20]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[21]  Ben Riva,et al.  Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation , 2013, IACR Cryptol. ePrint Arch..

[22]  Claudio Orlandi,et al.  LEGO for Two-Party Secure Computation , 2009, TCC.

[23]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.