The Hidden Graph Model: Communication Locality and Optimal Resiliency with Adaptive Faults

The vast majority of works on secure multi-party computation (MPC) assume a full communication pattern: every party exchanges messages with all the network participants over a complete network of point-to-point channels. This can be problematic in modern large scale networks, where the number of parties can be of the order of millions, as for example when computing on large distributed data. Motivated by the above observation, Boyle, Goldwasser, and Tessaro [TCC 2013] recently put forward the notion of communication locality, namely, the total number of point-to-point channels that each party uses in the protocol, as a quality metric of MPC protocols. They proved that assuming a public-key infrastructure (PKI) and a common reference string (CRS), an MPC protocol can be constructed for computing any n-party function, with communication locality O[logc n] and round complexity O[logć n], for appropriate constants c and ć. Their protocol tolerates a static (i.e., non-adaptive) adversary corrupting up to t<(1/3-ε)n parties for any given constant 0 < ε < 1/3. These results leave open the following questions: Can we achieve low communication locality and round complexity while tolerating adaptive adversaries? Can we achieve low communication locality with optimal resiliency t<n/2? In this work we answer both questions affirmatively. We consider the Boyle et al. model, where we replace the CRS with a symmetric-key infrastructure (SKI). In this model we give a protocol with communication locality and round complexity polylog[n] (similarly to Boyle et al.) which tolerates up to t<n/2 adaptive corruptions, under a standard intractability assumption for adaptively secure protocols, namely, the existence of trapdoor permutations whose domain has invertible sampling. This is done by using the SKI to derive a sequence of random hidden communication graphs among players. A central new technique shows how to use these graphs to emulate a complete network in polylog[n] rounds while preserving polylog[n] locality. We also show how to remove the SKI setup assumption at the cost, however, of increasing the communication locality (but not the round complexity) by a factor of √n.

[1]  Jonathan Katz,et al.  Composability and On-Line Deniability of Authentication , 2009, TCC.

[2]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[3]  Yehuda Lindell,et al.  The IPS Compiler: Optimizations, Variants and Concrete Efficiency , 2011, CRYPTO.

[4]  Ran Canetti,et al.  Security and composition of cryptographic protocols: a tutorial (part I) , 2006, SIGA.

[5]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[6]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[7]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[8]  Eli Upfal,et al.  Fault tolerance in networks of bounded degree , 1986, STOC '86.

[9]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[10]  Rafail Ostrovsky,et al.  Almost-Everywhere Secure Computation , 2008, EUROCRYPT.

[11]  Oded Goldreich Basing Non-Interactive Zero-Knowledge on (Enhanced) Trapdoor Permutations: The State of the Art , 2011, Studies in Complexity and Cryptography.

[12]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[13]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[14]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[15]  Rafail Ostrovsky,et al.  Edge Fault Tolerance on Sparse Networks , 2012, ICALP.

[16]  Marcel Keller,et al.  Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol , 2012, SCN.

[17]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[18]  Erik Vee,et al.  Towards Secure and Scalable Computation in Peer-to-Peer Networks , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[19]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[20]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[21]  Eli Upfal,et al.  Fault Tolerance in Networks of Bounded Degree (Preliminary Version) , 1986, STOC 1986.

[22]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[23]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[24]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[25]  GentryCraig,et al.  Leveled) Fully Homomorphic Encryption without Bootstrapping , 2014 .

[26]  Shafi Goldwasser,et al.  Communication Locality in Secure Multi-party Computation - How to Run Sublinear Algorithms in a Distributed Setting , 2013, TCC.

[27]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[28]  Erik Vee,et al.  Scalable leader election , 2006, SODA '06.

[29]  Jared Saia,et al.  Brief announcement: breaking the O(nm) bit barrier, secure multiparty computation with a static adversary , 2012, PODC '12.

[30]  Masahiro Yagisawa,et al.  Fully Homomorphic Encryption without bootstrapping , 2015, IACR Cryptol. ePrint Arch..

[31]  Ran Canetti,et al.  Security and composition of cryptographic protocols: a tutorial (part I) , 2006, SIGA.

[32]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[33]  Marcel Keller,et al.  An architecture for practical actively secure MPC with dishonest majority , 2013, IACR Cryptol. ePrint Arch..

[34]  Rafail Ostrovsky,et al.  Optimally Resilient and Adaptively Secure Multi-Party Computation with Low Communication Locality , 2014, IACR Cryptol. ePrint Arch..

[35]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[36]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[37]  Eli Upfal Tolerating linear number of faults in networks of bounded degree , 1992, PODC '92.

[38]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[39]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[40]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 1: Basic Techniques , 2001 .

[41]  Jared Saia,et al.  Breaking the O(n2) bit barrier: scalable byzantine agreement with an adaptive adversary , 2010, PODC.

[42]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[43]  Rafail Ostrovsky,et al.  Improved Fault Tolerance and Secure Computation on Sparse Networks , 2010, ICALP.

[44]  Donald Beaver,et al.  Cryptographic Protocols Provably Secure Against Dynamic Adversaries , 1992, EUROCRYPT.

[45]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[46]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[47]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[48]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, CRYPTO.

[49]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[50]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[51]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[52]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[53]  Yehuda Lindell,et al.  On the composition of authenticated byzantine agreement , 2002, STOC '02.

[54]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .