Secure Arithmetic Computation with No Honest Majority

We study the complexity of securely evaluating arithmetic circuits over finite rings. This question is motivated by natural secure computation tasks. Focusing mainly on the case of two-party protocols with security against malicious parties, our main goals are to: (1) only make black-box calls to the ring operations and standard cryptographic primitives, and (2) minimize the number of such black-box calls as well as the communication overhead. We present several solutions which differ in their efficiency, generality, and underlying intractability assumptions. These include: An unconditionally secure protocol in the OT-hybrid model which makes a black-box use of an arbitrary ring R ,but where the number of ring operations grows linearly with (an upper bound on) log|R |. Computationally secure protocols in the OT-hybrid model which make a black-box use of an underlying ring, and in which the number of ring operations does not grow with the ring size. The protocols rely on variants of previous intractability assumptions related to linear codes. In the most efficient instance of these protocols, applied to a suitable class of fields, the (amortized) communication cost is a constant number of field elements per multiplication gate and the computational cost is dominated by O (logk ) field operations per gate, where k is a security parameter. These results extend a previous approach of Naor and Pinkas for secure polynomial evaluation (SIAM J. Comput. , 2006). A protocol for the rings *** m = ***/m *** which only makes a black-box use of a homomorphic encryption scheme. When m is prime, the (amortized) number of calls to the encryption scheme for each gate of the circuit is constant. All of our protocols are in fact UC-secure in the OT-hybrid model and can be generalized to multiparty computation with an arbitrary number of malicious parties.

[1]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[2]  Aggelos Kiayias,et al.  Decoding interleaved Reed-Solomon codes over noisy channels , 2007, Theor. Comput. Sci..

[3]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[4]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[5]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[6]  Yehuda Lindell,et al.  Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries , 2007, Journal of Cryptology.

[7]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[8]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[9]  Carles Padró,et al.  A Note on Secure Computation of the Moore-Penrose Pseudoinverse and Its Application to Secure Linear Algebra , 2007, CRYPTO.

[10]  Cryptography with constant input locality , 2007, CRYPTO 2007.

[11]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[12]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[13]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[14]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[15]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[16]  Ivan Damgård,et al.  Secure Distributed Linear Algebra in a Constant Number of Rounds , 2001, CRYPTO.

[17]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[18]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[19]  Yuval Ishai,et al.  Efficient Multi-party Computation over Rings , 2003, EUROCRYPT.

[20]  Marc Fischlin,et al.  On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function , 2002, CT-RSA.

[21]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[22]  Jeffrey C. Lagarias,et al.  Solving low density subset sum problems , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[23]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[24]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[25]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[26]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[27]  Jonathan Katz,et al.  Universally-Composable Two-Party Computation in Two Rounds , 2007, CRYPTO.

[28]  Jacques Stern,et al.  Generation of Shared RSA Keys by Two Parties , 1998, ASIACRYPT.

[29]  Rafail Ostrovsky,et al.  Cryptography from Anonymity , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[30]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[31]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[32]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[33]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[34]  Ronald Cramer,et al.  Optimal Black-Box Secret Sharing over Arbitrary Abelian Groups , 2002, CRYPTO.

[35]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[36]  Ivan Damgård,et al.  Multiparty Computation Goes Live , 2008, IACR Cryptol. ePrint Arch..

[37]  Ivan Damgård,et al.  Essentially Optimal Universally Composable Oblivious Transfer , 2009, ICISC.

[38]  Alexander Vardy,et al.  Correcting errors beyond the Guruswami-Sudan radius in polynomial time , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[39]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[40]  Enav Weinreb,et al.  Efficient Secure Linear Algebra in the Presence of Covert or Computationally Unbounded Adversaries , 2008, CRYPTO.

[41]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[42]  Yuval Ishai,et al.  Selective private function evaluation with applications to private statistics , 2001, PODC '01.

[43]  Yuval Ishai,et al.  OT-Combiners via Secure Computation , 2008, TCC.

[44]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[45]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[46]  Enav Weinreb,et al.  Communication Efficient Secure Linear Algebra , 2006, TCC.

[47]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[48]  Moni Naor,et al.  Small-bias probability spaces: efficient constructions and applications , 1990, STOC '90.

[49]  Aggelos Kiayias,et al.  Cryptographic Hardness Based on the Decoding of Reed-Solomon Codes , 2008, IEEE Trans. Inf. Theory.

[50]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[51]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[52]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[53]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[54]  Richard J. Lipton,et al.  Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[55]  Ueli Maurer,et al.  Black-Box Extension Fields and the Inexistence of Field-Homomorphic One-Way Permutations , 2007, ASIACRYPT.

[56]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[57]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[58]  Yehuda Lindell,et al.  Black-box constructions for secure computation , 2006, STOC '06.

[59]  Martín Abadi,et al.  Secure circuit evaluation , 1990, Journal of Cryptology.

[60]  R. Gregory Taylor,et al.  Modern computer algebra , 2002, SIGA.

[61]  Moni Naor,et al.  Efficient cryptographic schemes provably as secure as subset sum , 2004, Journal of Cryptology.

[62]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[63]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[64]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[65]  Jens Groth,et al.  Linear Algebra with Sub-linear Zero-Knowledge Arguments , 2009, CRYPTO.

[66]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[67]  Yehuda Lindell,et al.  Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries , 2008, Journal of Cryptology.

[68]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[69]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[70]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[71]  Aggelos Kiayias,et al.  Cryptographic Hardness Based on the Decoding of Reed–Solomon Codes , 2002, IEEE Transactions on Information Theory.

[72]  Eike Kiltz,et al.  Secure Linear Algebra Using Linearly Recurrent Sequences , 2007, Complexity of Boolean Functions.

[73]  Matthew K. Franklin,et al.  Joint encryption and message-efficient secure computation , 1993, Journal of Cryptology.

[74]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[75]  Richard J. Lipton,et al.  Cryptographic Primitives Based on Hard Learning Problems , 1993, CRYPTO.

[76]  Madhu Sudan,et al.  Reconstructing curves in three (and higher) dimensional space from noisy data , 2003, STOC '03.