Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation

We propose a simple and efficient framework for obtaining efficient constant-round protocols for maliciously secure two-party computation. Our framework uses a function-independent preprocessing phase to generate authenticated information for the two parties; this information is then used to construct a single "authenticated" garbled circuit which is transmitted and evaluated. We also show how to efficiently instantiate the preprocessing phase with a new, highly optimized version of the TinyOT protocol by Nielsen et al. Our protocol outperforms existing work in both the single-execution and amortized settings, with or without preprocessing: In the single-execution setting, our protocol evaluates an AES circuit with malicious security in 37 ms with an online time of 1 ms. Previous work with the best overall time requires 62 ms (with 14 ms online time); previous work with the best online time (also 1 ms) requires 124 ms overall. If we amortize over 1024 executions, each AES computation requires just 6.7 ms with roughly the same online time as above. The best previous work in the amortized setting has roughly the same total time but does not support function-independent preprocessing. Our work shows that the performance penalty for maliciously secure two-party computation (as compared to semi-honest security) is much smaller than previously believed.

[1]  Abhi Shelat,et al.  Efficient Secure Computation with Garbled Circuits , 2011, ICISS.

[2]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[3]  Benny Pinkas,et al.  Non-Interactive Secure Computation Based on Cut-and-Choose , 2014, IACR Cryptol. ePrint Arch..

[4]  Vladimir Kolesnikov,et al.  FleXOR: Flexible garbling for XOR gates that beats free-XOR , 2014, IACR Cryptol. ePrint Arch..

[5]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[6]  Yehuda Lindell,et al.  Efficient Constant Round Multi-Party Computation Combining BMR and SPDZ , 2015, IACR Cryptol. ePrint Arch..

[7]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[8]  Yehuda Lindell,et al.  Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries , 2015, IACR Cryptol. ePrint Arch..

[9]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[10]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[11]  Yehuda Lindell,et al.  Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings , 2014, CRYPTO.

[12]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.

[13]  Alex J. Malozemoff,et al.  Faster Two-Party Computation Secure Against Malicious Adversaries in the Single-Execution Setting , 2016, IACR Cryptol. ePrint Arch..

[14]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[15]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[16]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[17]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2011, Journal of Cryptology.

[18]  Abhi Shelat,et al.  Fast two-party secure computation with minimal assumptions , 2013, CCS.

[19]  Alex J. Malozemoff,et al.  Efficient Three-Party Computation from Cut-and-Choose , 2014, CRYPTO.

[20]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[21]  Yehuda Lindell,et al.  The IPS Compiler: Optimizations, Variants and Concrete Efficiency , 2011, CRYPTO.

[22]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[23]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[24]  Yan Huang,et al.  Revisiting LEGOs: Optimizations, Analysis, and their Limit , 2015, IACR Cryptol. ePrint Arch..

[25]  Vladimir Kolesnikov,et al.  DUPLO: Unifying Cut-and-Choose for Garbled Circuits , 2017, CCS.

[26]  Ben Riva,et al.  Efficient Server-Aided 2PC for Mobile Phones , 2016, Proc. Priv. Enhancing Technol..

[27]  Yehuda Lindell,et al.  More efficient oblivious transfer and extensions for faster secure computation , 2013, CCS.

[28]  Marcel Keller,et al.  Actively Secure OT Extension with Optimal Overhead , 2015, CRYPTO.

[29]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[30]  Jesper Buus Nielsen,et al.  TinyLEGO: An Interactive Garbling Scheme for Maliciously Secure Two-party Computation , 2015, IACR Cryptol. ePrint Arch..

[31]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[32]  Rafail Ostrovsky,et al.  Extracting Correlations , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[33]  Ivan Damgård,et al.  The TinyTable Protocol for 2-Party Secure Computation, or: Gate-Scrambling Revisited , 2017, CRYPTO.

[34]  Claudio Orlandi,et al.  MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions , 2013, EUROCRYPT.

[35]  Peter Rindal,et al.  Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution , 2016, USENIX Security Symposium.

[36]  Ivan Damgård,et al.  Gate-scrambling Revisited - or: The TinyTable protocol for 2-Party Secure Computation , 2016, IACR Cryptol. ePrint Arch..

[37]  Yehuda Lindell Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries , 2013, CRYPTO.

[38]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[39]  Claudio Orlandi,et al.  LEGO for Two-Party Secure Computation , 2009, TCC.

[40]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[41]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[42]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[43]  Silvio Micali,et al.  How to play any mental game, or a completeness theorem for protocols with honest majority , 2019, Providing Sound Foundations for Cryptography.

[44]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[45]  Claudio Orlandi,et al.  The Simplest Protocol for Oblivious Transfer , 2015, IACR Cryptol. ePrint Arch..

[46]  Claudio Orlandi,et al.  Cross and Clean: Amortized Garbled Circuits with Constant Overhead , 2016, TCC.

[47]  Peter Scholl,et al.  Low Cost Constant Round MPC Combining BMR and Oblivious Transfer , 2017, Journal of Cryptology.

[48]  Alex J. Malozemoff,et al.  Faster Secure Two-Party Computation in the Single-Execution Setting , 2017, EUROCRYPT.

[49]  Luís T. A. N. Brandão,et al.  Secure Two-Party Computation with Reusable Bit-Commitments, via a Cut-and-Choose with Forge-and-Lose Technique , 2013, IACR Cryptol. ePrint Arch..

[50]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[51]  Alex J. Malozemoff,et al.  Efficiently Enforcing Input Validity in Secure Two-party Computation , 2016, IACR Cryptol. ePrint Arch..

[52]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[53]  Jesper Buus Nielsen,et al.  Faster Maliciously Secure Two-Party Computation Using the GPU , 2014, SCN.

[54]  A. Zuger A New Approach to , 2013 .

[55]  Ivan Damgård,et al.  An Empirical Study and Some Improvements of the MiniMac Protocol for Secure Computation , 2014, SCN.

[56]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[57]  Thomas Schneider,et al.  Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO , 2017, NDSS.

[58]  Alex J. Malozemoff,et al.  Amortizing Garbled Circuits , 2015, IACR Cryptol. ePrint Arch..

[59]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[60]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[61]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[62]  Jonathan Katz,et al.  Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose , 2013, CRYPTO.