On Communication Models and Best-Achievable Security in Two-Round MPC

Recently, a sequence of works have made strong advances in two-round (i.e., round-optimal) secure multi-party computation (MPC). In the honest-majority setting – the focus of this work – Ananth et al. [CRYPTO’18, EC’19], Applebaum et al. [TCC’18, EC’19] and Garg et al. [TCC’18] have established the feasibility of general two-round MPC in standard communication models involving broadcast (BC) and private point-to-point (P2P) channels. In this work, we set out to understand what features of the communication model are necessary for these results, and more broadly the design of two-round MPC. Focusing our study on the plain model – the most natural model for honest-majority MPC – we obtain the following results: • Dishonest majority from Honest majority: In the two round setting, honest-majority MPC and dishonest-majority MPC are surprisingly close, and often equivalent. This follows from our results that the former implies 2-message oblivious transfer, in many settings. (i) We show that without private point-to-point (P2P) channels, i.e., when we use only broadcast (BC) channels, honest-majority MPC implies 2-message oblivious transfer. (ii) Furthermore, this implication holds even when we use both P2P and BC, provided that the MPC protocol is robust against “fail-stop” adversaries. • The curious case of Identifiable Abort: While security with guaranteed output delivery (and even fairness) against malicious adversaries is impossible in two rounds, nothing is known with regards to the “next best” security notion, namely, security with identifiable abort (IA). We show that IA is impossible to achieve with honest-majority even if we use both P2P and BC channels. However, surprisingly, this lower bound can be overcome by replacing P2P channels with a “bare” (i.e., untrusted) public-key infrastructure (PKI). These results “explain” that the reliance on P2P channels (together with BC) in the recent two-round protocols was in fact necessary, and that these protocols couldn’t have achieved a stronger security guarantee, namely, IA. Overall, our results (put together with prior works) fully determine the best-achievable security for honest-majority MPC in different communication models in two rounds. As a consequence, they yield the following hierarchy of communication models: BC < P2P < BC + P2P < BC + PKI. This shows that contrary to common perception, BC channel is the weakest communication model, and that a bare PKI setup is strictly stronger than P2P channels.

[1]  Anat Paskin-Cherniavsky,et al.  Secure Multiparty Computation with Minimal Interaction , 2010, CRYPTO.

[2]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[3]  Fabrice Benhamouda,et al.  k-Round Multiparty Computation from k-Round Oblivious Transfer via Garbled Interactive Circuits , 2018, EUROCRYPT.

[4]  Rafail Ostrovsky,et al.  Cryptography in the Multi-string Model , 2007, CRYPTO.

[5]  Nancy A. Lynch,et al.  Easy impossibility proofs for distributed consensus problems , 1985, PODC '85.

[6]  Luisa Siniscalchi,et al.  Broadcast-Optimal Two Round MPC with an Honest Majority , 2020, IACR Cryptol. ePrint Arch..

[7]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[8]  Sanjam Garg,et al.  Two-round Multiparty Secure Computation from Minimal Assumptions , 2018, IACR Cryptol. ePrint Arch..

[9]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[10]  Anat Paskin-Cherniavsky,et al.  Secure Computation with Minimal Interaction, Revisited , 2015, CRYPTO.

[11]  Amit Sahai,et al.  Secure MPC: Laziness Leads to GOD , 2018, IACR Cryptol. ePrint Arch..

[12]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[13]  Arka Rai Choudhuri,et al.  Two Round Information-Theoretic MPC with Malicious Security , 2019, IACR Cryptol. ePrint Arch..

[14]  Arka Rai Choudhuri,et al.  Round-Optimal Secure Multiparty Computation with Honest Majority , 2018, IACR Cryptol. ePrint Arch..

[15]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[16]  Rafail Ostrovsky,et al.  Secure Multi-Party Computation with Identifiable Abort , 2014, CRYPTO.

[17]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[18]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[19]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[20]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[21]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Abstract) , 1987, CRYPTO.

[22]  Zvika Brakerski,et al.  Degree 2 is Complete for the Round-Complexity of Malicious MPC , 2019, IACR Cryptol. ePrint Arch..

[23]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[24]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[25]  Juan A. Garay,et al.  Broadcast-Optimal Two-Round MPC , 2020, IACR Cryptol. ePrint Arch..

[26]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[27]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[28]  Yuval Ishai,et al.  Two-Round MPC: Information-Theoretic and Black-Box , 2018, IACR Cryptol. ePrint Arch..

[29]  Arpita Patra,et al.  On the Exact Round Complexity of Secure Three-Party Computation , 2018, Journal of Cryptology.

[30]  Yehuda Lindell,et al.  Fairness versus Guaranteed Output Delivery in Secure Multiparty Computation , 2014, ASIACRYPT.

[31]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[32]  Elaine Shi,et al.  Constant-Round MPC with Fairness and Guarantee of Output Delivery , 2015, CRYPTO.

[33]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[34]  Zvika Brakerski,et al.  Perfect Secure Computation in Two Rounds , 2018, IACR Cryptol. ePrint Arch..

[35]  Yuval Ishai,et al.  On 2-Round Secure Multiparty Computation , 2002, CRYPTO.

[36]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.