Compact VSS and Efficient Homomorphic UC Commitments

We present a new compact verifiable secret sharing scheme, based on this we present the first construction of a homomorphic UC commitment scheme that requires only cheap symmetric cryptography, except for a small number of seed OTs. To commit to a k-bit string, the amortized communication cost is O(k) bits. Assuming a sufficiently efficient pseudorandom generator, the computational complexity is O(k) for the verifier and O(k 1 + e ) for the committer (where e < 1 is a constant). In an alternative variant of the construction, all complexities are O(k·polylog(k)). Our commitment scheme extends to vectors over any finite field and is additively homomorphic. By sending one extra message, the prover can allow the verifier to also check multiplicative relations on committed strings, as well as verifying that committed vectors a, b satisfy a = φ( b) for a linear function φ. These properties allow us to non-interactively implement any one-sided functionality where only one party has input (this includes UC secure zero-knowledge proofs of knowledge). We also present a perfectly secure implementation of any multiparty functionality, based directly on our VSS. The communication required is proportional to a circuit implementing the functionality, up to a logarithmic factor. For a large natural class of circuits the overhead is even constant. We also improve earlier results by Ranellucci et al. on the amount of correlated randomness required for string commitments with individual opening of bits.

[1]  Rafail Ostrovsky,et al.  Zero-Knowledge Proofs from Secure Multiparty Computation , 2009, SIAM J. Comput..

[2]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[3]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[4]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[5]  Ivan Damgård,et al.  Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing , 2013, TCC.

[6]  David Pointcheval,et al.  Analysis and Improvement of Lindell's UC-Secure Commitment Schemes , 2013, IACR Cryptol. ePrint Arch..

[7]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[8]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[9]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[10]  Severin Winkler,et al.  On the Efficiency of Bit Commitment Reductions , 2011, ASIACRYPT.

[11]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[12]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[13]  Claudio Orlandi,et al.  MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions , 2013, EUROCRYPT.

[14]  Ivan Damgård,et al.  Non-interactive and reusable non-malleable commitment schemes , 2003, STOC '03.

[15]  Ivan Damgård,et al.  On the Necessary and Sufficient Assumptions for UC Computation , 2010, TCC.

[16]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[17]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[18]  Eyal Kushilevitz,et al.  Computing Functions of a Shared Secret , 2000, SIAM J. Discret. Math..

[19]  Martin Hirt,et al.  Efficient Multi-party Computation with Dispute Control , 2006, TCC.

[20]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[21]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[22]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[23]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[24]  Yuval Ishai,et al.  On the Complexity of UC Commitments , 2014, EUROCRYPT.

[25]  Yehuda Lindell,et al.  Highly-Efficient Universally-Composable Commitments based on the DDH Assumption , 2011, IACR Cryptol. ePrint Arch..

[26]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[27]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[28]  Yuval Ishai,et al.  Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications , 2014, ITCS.

[29]  Ivan Damgård,et al.  On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations , 2012, ICITS.

[30]  Salil P. Vadhan,et al.  Characterizing pseudoentropy and simplifying pseudorandom generator constructions , 2012, STOC '12.

[31]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[32]  Benny Applebaum,et al.  Pseudorandom generators with long stretch and low locality from random local one-way functions , 2012, STOC '12.