Asymptotically Good Multiplicative LSSS over Galois Rings and Applications to MPC over Z/p^k Z

We study information-theoretic multiparty computation (MPC) protocols over rings Z/pZ that have good asymptotic communication complexity for a large number of players. An important ingredient for such protocols is arithmetic secret sharing, i.e., linear secret-sharing schemes with multiplicative properties. The standard way to obtain these over fields is with a family of linear codes C, such that C, C⊥ and C are asymptotically good (strongly multiplicative). For our purposes here it suffices if the square code C is not the whole space, i.e., has codimension at least 1 (multiplicative). Our approach is to lift such a family of codes defined over a finite field F to a Galois ring, which is a local ring that has F as its residue field and that contains Z/pZ as a subring, and thus enables arithmetic that is compatible with both structures. Although arbitrary lifts preserve the distance and dual distance of a code, as we demonstrate with a counterexample, the multiplicative property is not preserved. We work around this issue by showing a dedicated lift that preserves self-orthogonality (as well as distance and dual distance), for p ≥ 3. Self-orthogonal codes are multiplicative, therefore we can use existing results of asymptotically good self-dual codes over fields to obtain arithmetic secret sharing over Galois rings. For p = 2 we obtain multiplicativity by using existing techniques of secret-sharing using both C and C⊥, incurring a constant overhead. As a result, we obtain asymptotically good arithmetic secret-sharing schemes over Galois rings. With these schemes in hand, we extend existing field-based MPC protocols to obtain MPC over Z/pZ, in the setting of a submaximal adversary corrupting less than a fraction 1/2 − ε of the players, where ε > 0 is arbitrarily small. We consider 3 different corruption models. For passive and active security with abort, our protocols communicate O(n) bits per multiplication. For full security with guaranteed output delivery we use a preprocessing model and get O(n) bits per multiplication in the online phase and O(n logn) bits per multiplication in the offline phase. Thus, we obtain true linear bit complexities, without the common assumption that the ring size depends on the number of players.

[1]  Daniel E. Escudero,et al.  SPDZ2k: Efficient MPC mod 2 for Dishonest Majority , 2022 .

[2]  R. Cramer,et al.  Asymptotically-Good Arithmetic Secret Sharing over Z/pZ with Strong Multiplication and Its Applications to E cient MPC , 2021 .

[3]  Vipul Goyal,et al.  Guaranteed Output Delivery Comes Free in Honest Majority MPC , 2020, IACR Cryptol. ePrint Arch..

[4]  Ronald Cramer,et al.  Efficient Information-Theoretic Secure Multiparty Computation over ℤ/pk ℤ via Galois Rings , 2019, IACR Cryptol. ePrint Arch..

[5]  Yuval Ishai,et al.  Practical Fully Secure Three-Party Computation via Sublinear Distributed Zero-Knowledge Proofs , 2019, CCS.

[6]  Vipul Goyal,et al.  Communication-Efficient Unconditional MPC with Guaranteed Output Delivery , 2019, IACR Cryptol. ePrint Arch..

[7]  Yuval Ishai,et al.  Zero-Knowledge Proofs on Secret-Shared Data via Fully Linear PCPs , 2019, CRYPTO.

[8]  Ivan Damgård,et al.  Communication Lower Bounds for Statistically Secure MPC, with or without Preprocessing , 2019, IACR Cryptol. ePrint Arch..

[9]  Marcel Keller,et al.  New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[10]  Daniel Escudero,et al.  An Efficient Passive-to-Active Compiler for Honest-Majority MPC over Rings , 2019, IACR Cryptol. ePrint Arch..

[11]  Ronald Cramer,et al.  Asymptotically-Good Arithmetic Secret Sharing over Z/(p^\ell Z) with Strong Multiplication and Its Applications to Efficient MPC , 2019, IACR Cryptol. ePrint Arch..

[12]  Ignacio Cascudo,et al.  Amortized Complexity of Information-Theoretically Secure MPC Revisited , 2018, IACR Cryptol. ePrint Arch..

[13]  Yehuda Lindell,et al.  Fast Large-Scale Honest-Majority MPC for Malicious Adversaries , 2018, Journal of Cryptology.

[14]  Peter Sebastian Nordholt,et al.  Minimising Communication in Honest-Majority MPC by Batchwise Multiplication Verification , 2018, IACR Cryptol. ePrint Arch..

[15]  Daniel E. Escudero,et al.  SPDℤ 2 k : Efficient MPC mod 2 k for Dishonest Majority. , 2018 .

[16]  Yehuda Lindell,et al.  A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority , 2017, IACR Cryptol. ePrint Arch..

[17]  Yuval Ishai,et al.  Circuits resilient to additive attacks with applications to secure computation , 2014, STOC.

[18]  Rafail Ostrovsky,et al.  Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority , 2012, CRYPTO.

[19]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[20]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[21]  Hao Chen,et al.  Secure Computation from Random Error Correcting Codes , 2007, EUROCRYPT.

[22]  Martin Hirt,et al.  Efficient Multi-party Computation with Dispute Control , 2006, TCC.

[23]  H. Stichtenoth Transitive and Self-dual Codes Attaining the Tsfasman-Vladut-Zink Bound , 2005, math/0506264.

[24]  JM Jeroen Doumen,et al.  Some applications of coding theory in cryptography , 2003 .

[25]  Yuval Ishai,et al.  Efficient Multi-party Computation over Rings , 2003, EUROCRYPT.

[26]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[27]  H. Stichtenoth,et al.  A tower of Artin-Schreier extensions of function fields attaining the Drinfeld-Vladut bound , 1995 .

[28]  Henning Stichtenoth,et al.  Algebraic function fields and codes , 1993, Universitext.

[29]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.