Low Cost Constant Round MPC Combining BMR and Oblivious Transfer

In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit. In both approaches, the underlying secret-sharing-based protocol is only used for one actively secureF2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_2$$\end{document}multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant-round MPC for binary circuits is not much more expensive than practical, non-constant-round protocols. We demonstrate the practicality of our second protocol with an implementation and perform experiments with up to 9 parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous protocols in this setting by 60 times. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit.

[1]  Yehuda Lindell,et al.  More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries , 2015, IACR Cryptol. ePrint Arch..

[2]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[3]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[4]  Peter Rindal,et al.  Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution , 2016, USENIX Security Symposium.

[5]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[6]  Ivan Damgård,et al.  Gate-scrambling Revisited - or: The TinyTable protocol for 2-Party Secure Computation , 2016, IACR Cryptol. ePrint Arch..

[7]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[8]  Marcel Keller,et al.  A Unified Approach to MPC with Preprocessing using OT , 2015, IACR Cryptol. ePrint Arch..

[9]  Ivan Damgård,et al.  Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing , 2013, TCC.

[10]  Thomas Schneider,et al.  Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO , 2017, NDSS.

[11]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[12]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[13]  Xiao Wang,et al.  More Efficient MPC from Improved Triple Generation and Authenticated Garbling , 2020, IACR Cryptol. ePrint Arch..

[14]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[15]  Alex J. Malozemoff,et al.  Efficient Three-Party Computation from Cut-and-Choose , 2014, CRYPTO.

[16]  Emmanuela Orsini,et al.  Zaphod: Efficiently Combining LSSS and Garbled Circuits in SCALE , 2019, IACR Cryptol. ePrint Arch..

[17]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[18]  Yuval Ishai,et al.  Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[19]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[20]  Jonathan Katz,et al.  Optimizing Authenticated Garbling for Faster Secure Two-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[21]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[22]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[23]  Yehuda Lindell,et al.  Secure Multi-Party Computation without Agreement , 2005, Journal of Cryptology.

[24]  Yehuda Lindell,et al.  Efficient Constant Round Multi-Party Computation Combining BMR and SPDZ , 2015, IACR Cryptol. ePrint Arch..

[25]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[26]  Yehuda Lindell,et al.  Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries , 2015, IACR Cryptol. ePrint Arch..

[27]  Benny Pinkas,et al.  Committed MPC - Maliciously Secure Multiparty Computation from Homomorphic Commitments , 2017, IACR Cryptol. ePrint Arch..

[28]  Yehuda Lindell,et al.  A Simpler Variant of Universally Composable Security for Standard Multiparty Computation , 2015, CRYPTO.

[29]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, EUROCRYPT.

[30]  Jonathan Katz,et al.  On the Security of the Free-XOR Technique , 2012, IACR Cryptol. ePrint Arch..

[31]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[32]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[33]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[34]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators: Silent OT Extension and More , 2019, IACR Cryptol. ePrint Arch..

[35]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[36]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[37]  Ye Zhang,et al.  Fast and Secure Three-party Computation: The Garbled Circuit Approach , 2015, IACR Cryptol. ePrint Arch..

[38]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[39]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[40]  Eran Omri,et al.  Optimizing Semi-Honest Secure Multiparty Computation for the Internet , 2016, IACR Cryptol. ePrint Arch..

[41]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[42]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[43]  Ignacio Cascudo,et al.  Rate-1, Linear Time and Additively Homomorphic UC Commitments , 2016, CRYPTO.

[44]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[45]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[46]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[47]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[48]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[49]  Yehuda Lindell,et al.  High-Throughput Secure Three-Party Computation for Malicious Adversaries and an Honest Majority , 2017, IACR Cryptol. ePrint Arch..

[50]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[51]  Emmanuela Orsini,et al.  High-Performance Multi-party Computation for Binary Circuits Based on Oblivious Transfer , 2021, IACR Cryptol. ePrint Arch..