On the Communication Required for Unconditionally Secure Multiplication

Many information-theoretic secure protocols are known for general secure multi-party computation, in the honest majority setting, and in the dishonest majority setting with preprocessing. All known protocols that are efficient in the circuit size of the evaluated function follow the same "gate-by-gate" design pattern: we work through an arithmetic boolean circuit on secret-shared inputs, such that after we process a gate, the output of the gate is represented as a random secret sharing among the players. This approach usually allows non-interactive processing of addition gates but requires communication for every multiplication gate. Thus, while information-theoretic secure protocols are very efficient in terms of computational work, they seem to require more communication and more rounds than computationally secure protocols. Whether this is inherent is an open and probably very hard problem. However, in this work we show that it is indeed inherent for protocols that follow the "gate-by-gate" design pattern. We present the following results:In the honest majority setting, as well as for dishonest majority with preprocessing, any gate-by-gate protocol must communicate $$\varOmega n$$ bits for every multiplication gate, where n is the number of players.In the honest majority setting, we show that one cannot obtain a bound that also grows with the field size. Moreover, for a constant number of players, amortizing over several multiplication gates does not allow us to save on the computational work, and --- in a restricted setting --- we show that this also holds for communication. All our lower bounds are met upi¾?to a constant factor by known protocols that follow the typical gate-by-gate paradigm. Our results imply that a fundamentally new approach must be found in order to improve the communication complexity of known protocols, such as BGW, GMW, SPDZ etc.

[1]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[2]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[3]  Yuval Ishai,et al.  Secure Computation of Constant-Depth Circuits with Applications to Database Search Problems , 2005, CRYPTO.

[4]  D SIAMJ. RANDOMNESS IN PRIVATE COMPUTATIONS , 1997 .

[5]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[6]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[7]  Ran Canetti,et al.  Advances in Cryptology – CRYPTO 2012 , 2012, Lecture Notes in Computer Science.

[8]  Eyal Kushilevitz,et al.  A Randomnesss-Rounds Tradeoff in Private Computation , 1994, CRYPTO.

[9]  Anna Gál,et al.  Lower bounds on the amount of randomness in private computation , 2003, STOC '03.

[10]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[11]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[12]  Eyal Kushilevitz,et al.  A Communication-Privacy Tradeoff for Modular Addition , 1993, Inf. Process. Lett..

[13]  Vinod M. Prabhakaran,et al.  On the Communication Complexity of Secure Computation , 2013, IACR Cryptol. ePrint Arch..

[14]  Anat Paskin-Cherniavsky,et al.  On the Power of Correlated Randomness in Secure Computation , 2013, TCC.

[15]  Judee K. Burgoon,et al.  Privacy and Communication , 1982 .

[16]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[17]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[18]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[19]  Moni Naor,et al.  Communication preserving protocols for secure function evaluation , 2001, STOC '01.

[20]  Alfredo De Santis,et al.  Randomness complexity of private computation , 1999, computational complexity.

[21]  Severin Winkler,et al.  On the Efficiency of Classical and Quantum Oblivious Transfer Reductions , 2010, IACR Cryptol. ePrint Arch..

[22]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[23]  Yuval Ishai,et al.  Circuits resilient to additive attacks with applications to secure computation , 2014, STOC.

[24]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[25]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[26]  Rafail Ostrovsky,et al.  Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority , 2012, CRYPTO.

[27]  Eyal Kushilevitz,et al.  A Randomness-Rounds Tradeoff in Private Computation , 1994, SIAM J. Discret. Math..

[28]  Rafail Ostrovsky,et al.  Unconditionally Secure Computation with Reduced Interaction , 2016, EUROCRYPT.

[29]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[30]  Yuval Ishai,et al.  Efficient Multi-party Computation: From Passive to Active Security via Secure SIMD Circuits , 2015, CRYPTO.

[31]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[32]  Ronald Cramer,et al.  Optimal Black-Box Secret Sharing over Arbitrary Abelian Groups , 2002, CRYPTO.

[33]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[34]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.