Automatic generation of two-party computations

We present the design and implementation of a compiler that automatically generates protocols that perform two-party computations. The input to our protocol is the specification of a computation with secret inputs (e.g., a signature algorithm) expressed using operations in the field Zq of integers modulo a prime q and in the multiplicative subgroup of order q in Z*p for q|p-1 with generator g. The output of our compiler is an implementation of each party in a two-party protocol to perform the same computation securely, i.e., so that both parties can together compute the function but neither can alone. The protocols generated by our compiler are provably secure, in that their strength can be reduced to that of the original cryptographic computation via simulation arguments. Our compiler can be applied to various cryptographic primitives (e.g., signature schemes, encryption schemes, oblivious transfer protocols) and other protocols that employ a trusted party (e.g., key retrieval, key distribution).

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[3]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Applications , 1989, CRYPTO.

[4]  Ravi Ganesan,et al.  Yaksha: augmenting Kerberos with public key cryptography , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[5]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6]  Amir Herzberg,et al.  The proactive security toolkit and applications , 1999, CCS '99.

[7]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[8]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[9]  Moni Naor,et al.  Distributed Oblivious Transfer , 2000, ASIACRYPT.

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[12]  Michael K. Reiter,et al.  Networked cryptographic devices resilient to capture , 2003, International Journal of Information Security.

[13]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[14]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[15]  Dawn Xiaodong Song,et al.  AGVI - Automatic Generation, Verification, and Implementation of Security Protocols , 2001, CAV.

[16]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[17]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[18]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[19]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[20]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[21]  Matthew K. Franklin,et al.  The Ω key management service , 1996, CCS '96.

[22]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[23]  Mihir Bellare,et al.  The Security of Practical Two-Party RSA Signature Schemes , 2001, IACR Cryptol. ePrint Arch..

[24]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[25]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[26]  References , 1971 .

[27]  Michael K. Reiter,et al.  Two-party generation of DSA signatures , 2001, International Journal of Information Security.

[28]  David Mazières,et al.  Proactive Two-Party Signatures for User Authentication , 2003, NDSS.

[29]  Patrick Horster,et al.  Meta-ElGamal signature schemes , 1994, CCS '94.

[30]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[31]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[32]  Dan Boneh,et al.  Building intrusion tolerant applications , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[33]  Jacques Stern,et al.  A New Public-Key Cryptosystem , 1997, EUROCRYPT.

[34]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[35]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[36]  Josh Benaloh,et al.  Dense Probabilistic Encryption , 1999 .