Secure Multiparty Computation with Minimal Interaction

We revisit the question of secure multiparty computation (MPC) with two rounds of interaction. It was previously shown by Gennaro et al. (Crypto 2002) that 3 or more communication rounds are necessary for general MPC protocols with guaranteed output delivery, assuming that there may be t ≥ 2 corrupted parties. This negative result holds regardless of the total number of parties, even if broadcast is allowed in each round, and even if only fairness is required. We complement this negative result by presenting matching positive results. Our first main result is that if only one party may be corrupted, then n ≥ 5 parties can securely compute any function of their inputs using only two rounds of interaction over secure point-to-point channels (without broadcast or any additional setup). The protocol makes a black-box use of a pseudorandom generator, or alternatively can offer unconditional security for functionalities in NC1. We also prove a similar result in a client-server setting, where there are m ≥ 2 clients who hold inputs and should receive outputs, and n additional servers with no inputs and outputs. For this setting, we obtain a general MPC protocol which requires a single message from each client to each server, followed by a single message from each server to each client. The protocol is secure against a single corrupted client and against coalitions of t < n/3 corrupted servers. The above protocols guarantee output delivery and fairness. Our second main result shows that under a relaxed notion of security, allowing the adversary to selectively decide (after learning its own outputs) which honest parties will receive their (correct) output, there is a general 2-round MPC protocol which tolerates t < n/3 corrupted parties. This protocol relies on the existence of a pseudorandom generator in NC1 (which is implied by standard cryptographic assumptions), or alternatively can offer unconditional security for functionalities in NC1.

[1]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[2]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[3]  Yuval Ishai,et al.  Efficient Multi-party Computation over Rings , 2003, EUROCRYPT.

[4]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[5]  Yehuda Lindell Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, CRYPTO.

[6]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[7]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[8]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[9]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[10]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[11]  Moti Yung,et al.  Secure Multi-party Computation Minimizing Online Rounds , 2009, ASIACRYPT.

[12]  Omer Reingold,et al.  Tight Bounds for Shared Memory Systems Accessed by Byzantine Processes , 2002, DISC.

[13]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[14]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[15]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[16]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[17]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[18]  Jonathan Katz,et al.  Improving the round complexity of VSS in point-to-point networks , 2008, Inf. Comput..

[19]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[20]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[21]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[22]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[23]  Rafail Ostrovsky,et al.  Round Efficiency of Multi-party Computation with a Dishonest Majority , 2003, EUROCRYPT.

[24]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[25]  Moti Yung,et al.  Non-interactive cryptocomputing for NC/sup 1/ , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[26]  Jonathan Katz,et al.  Universally-Composable Two-Party Computation in Two Rounds , 2007, CRYPTO.

[27]  Ronald Cramer,et al.  Efficient Multiparty Computations with Dishonest Minority , 1998 .

[28]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[29]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[30]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[31]  Rafail Ostrovsky,et al.  Round-Optimal Secure Two-Party Computation , 2004, CRYPTO.

[32]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[33]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[34]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[35]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .

[36]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[37]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[38]  C. Pandu Rangan,et al.  The Round Complexity of Verifiable Secret Sharing Revisited , 2009, CRYPTO.

[39]  Yuval Ishai,et al.  Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation , 2005, TCC.

[40]  Ivan Damgård,et al.  Secure Distributed Linear Algebra in a Constant Number of Rounds , 2001, CRYPTO.

[41]  Yuval Ishai,et al.  On 2-Round Secure Multiparty Computation , 2002, CRYPTO.

[42]  Moti Yung,et al.  Two-Party Computing with Encrypted Data , 2007, ASIACRYPT.

[43]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[44]  Nancy A. Lynch,et al.  A Lower Bound for the Time to Assure Interactive Consistency , 1982, Inf. Process. Lett..

[45]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[46]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[47]  K. Srinathan,et al.  Round-Optimal and Efficient Verifiable Secret Sharing , 2006, TCC.

[48]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[49]  Yuval Ishai,et al.  Private simultaneous messages protocols with applications , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[50]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[51]  Donald Beaver Minimal-Latency Secure Function Evaluation , 2000, EUROCRYPT.

[52]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[53]  Jonathan Katz,et al.  Round-Efficient Secure Computation in Point-to-Point Networks , 2007, EUROCRYPT.

[54]  Yuval Ishai,et al.  Computationally Private Randomizing Polynomials and Their Applications , 2005, Computational Complexity Conference.

[55]  Yuval Ishai,et al.  The round complexity of verifiable secret sharing and secure multicast , 2001, STOC '01.

[56]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[57]  Yehuda Lindell,et al.  Secure Multi-Party Computation without Agreement , 2005, Journal of Cryptology.

[58]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[59]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[60]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[61]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[62]  Yehuda Lindell,et al.  Information-theoretically secure protocols and security under composition , 2006, STOC '06.

[63]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[64]  David A. Mix Barrington,et al.  Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1986, STOC '86.

[65]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[66]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.