TinyKeys: A New Approach to Efficient Multi-Party Computation

We present a new approach to designing concretely efficient MPC protocols with semi-honest security in the dishonest majority setting. Motivated by the fact that within the dishonest majority setting the efficiency of most practical protocols does not depend on the number of honest parties, we investigate how to construct protocols which improve in efficiency as the number of honest parties increases. Our central idea is to take a protocol which is secure for \(n-1\) corruptions and modify it to use short symmetric keys, with the aim of basing security on the concatenation of all honest parties’ keys. This results in a more efficient protocol tolerating fewer corruptions, whilst also introducing an LPN-style syndrome decoding assumption.

[1]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[2]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[3]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[4]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[5]  Vladimir Kolesnikov,et al.  FleXOR: Flexible garbling for XOR gates that beats free-XOR , 2014, IACR Cryptol. ePrint Arch..

[6]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[7]  J. Buchmann,et al.  Improving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems , 2011 .

[8]  J. Bibb Cain,et al.  Error-Correction Coding for Digital Communications , 1981 .

[9]  Vladimir Kolesnikov,et al.  Improved OT Extension for Transferring Short Secrets , 2013, CRYPTO.

[10]  Krzysztof Pietrzak,et al.  Subspace LWE , 2012, TCC.

[11]  Nicolas Sendrier,et al.  A Non Asymptotic Analysis of Information Set Decoding , 2013, IACR Cryptol. ePrint Arch..

[12]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[13]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[14]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[15]  Emmanuela Orsini,et al.  Concretely Efficient Large-Scale MPC with Active Security (or, TinyKeys for TinyOT) , 2018, IACR Cryptol. ePrint Arch..

[16]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[17]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[18]  Marcel Keller,et al.  A Unified Approach to MPC with Preprocessing using OT , 2015, IACR Cryptol. ePrint Arch..

[19]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[20]  Anne Canteaut,et al.  Cryptanalysis of the Original McEliece Cryptosystem , 1998, ASIACRYPT.

[21]  Scott Shenker,et al.  Privacy-Preserving Interdomain Routing at Internet Scale , 2017, Proc. Priv. Enhancing Technol..

[22]  Gabriel Bracha,et al.  An O(lg n) expected rounds randomized Byzantine generals protocol , 1985, STOC '85.

[23]  Antoine Joux,et al.  New Generic Algorithms for Hard Knapsacks , 2010, EUROCRYPT.

[24]  Tanja Lange,et al.  Smaller decoding exponents: ball-collision decoding , 2011, IACR Cryptol. ePrint Arch..

[25]  Yehuda Lindell,et al.  More efficient oblivious transfer and extensions for faster secure computation , 2013, CCS.

[26]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[27]  Jeffrey S. Leon,et al.  A probabilistic algorithm for computing minimum weights of large error-correcting codes , 1988, IEEE Trans. Inf. Theory.

[28]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[29]  Mihir Bellare,et al.  A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[30]  Nicolas Sendrier,et al.  Analysis of Information Set Decoding for a Sub-linear Error Weight , 2016, PQCrypto.

[31]  Peter Scholl,et al.  Low Cost Constant Round MPC Combining BMR and Oblivious Transfer , 2017, Journal of Cryptology.

[32]  Daniel Augot,et al.  A Fast Provably Secure Cryptographic Hash Function , 2003, IACR Cryptol. ePrint Arch..

[33]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[34]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[35]  Eran Omri,et al.  Concrete Efficiency Improvements for Multiparty Garbling with an Honest Majority , 2017, LATINCRYPT.

[36]  Yuval Ishai,et al.  Cryptography with Constant Input Locality , 2007, Journal of Cryptology.

[37]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[38]  Yehuda Lindell,et al.  A Simpler Variant of Universally Composable Security for Standard Multiparty Computation , 2015, CRYPTO.

[39]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .

[40]  Richard J. Lipton,et al.  Cryptographic Primitives Based on Hard Learning Problems , 1993, CRYPTO.

[41]  Markku-Juhani O. Saarinen Linearization Attacks Against Syndrome Based Hashes , 2007, INDOCRYPT.

[42]  Antoine Joux,et al.  Cryptanalysis of a Provably Secure Cryptographic Hash Function , 2004, IACR Cryptol. ePrint Arch..

[43]  Ke Xu,et al.  On Garbled Circuits and Constant Round Secure Function Evaluation , 2012 .

[44]  Alexander May,et al.  On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes , 2015, EUROCRYPT.

[45]  S. Shenker,et al.  Privacy-Preserving Interdomain Routing at Internet Scale ( Full Version ) ? , 2017 .

[46]  Nicolas Sendrier McEliece Public Key Cryptosystem , 2005, Encyclopedia of Cryptography and Security.

[47]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[48]  Ahmad-Reza Sadeghi,et al.  Pushing the Communication Barrier in Secure Computation using Lookup Tables , 2017, NDSS.

[49]  Benny Applebaum,et al.  Garbling XOR Gates “For Free” in the Standard Model , 2016, Journal of Cryptology.

[50]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[51]  Eran Omri,et al.  Optimizing Semi-Honest Secure Multiparty Computation for the Internet , 2016, IACR Cryptol. ePrint Arch..

[52]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[53]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[54]  Yehuda Lindell,et al.  High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority , 2016, IACR Cryptol. ePrint Arch..

[55]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[56]  Jesper Buus Nielsen,et al.  On the Computational Overhead of MPC with Dishonest Majority , 2017, Public Key Cryptography.

[57]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[58]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[59]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[60]  Paul Kirchner Improved Generalized Birthday Attack , 2011, IACR Cryptol. ePrint Arch..

[61]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[62]  Alistair Sinclair,et al.  The Extended k-tree Algorithm , 2011, Journal of Cryptology.

[63]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[64]  Alexander Meurer,et al.  Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$ , 2011, ASIACRYPT.

[65]  Ernest F. Brickell,et al.  An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.

[66]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[67]  Nicolas Sendrier,et al.  Decoding One Out of Many , 2011, PQCrypto.

[68]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[69]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[70]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[71]  Leif Both,et al.  Decoding Linear Codes with High Error Rate and its Impact for LPN Security , 2017, IACR Cryptol. ePrint Arch..

[72]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[73]  Yehuda Lindell,et al.  Efficient Constant Round Multi-Party Computation Combining BMR and SPDZ , 2015, IACR Cryptol. ePrint Arch..

[74]  Gregory V. Bard,et al.  Efficient Dense Gaussian Elimination over the Finite Field with Two Elements , 2011, ArXiv.

[75]  Eran Omri,et al.  Efficient Scalable Constant-Round MPC via Garbled Circuits , 2017, IACR Cryptol. ePrint Arch..