Multiparty Reusable Non-Interactive Secure Computation from LWE

Motivated by the goal of designing versatile and flexible secure computation protocols that at the same time require as little interaction as possible, we present new multiparty reusable Non-Interactive Secure Computation (mrNISC) protocols. This notion, recently introduced by Benhamouda and Lin (TCC 2020), is essentially two-round Multi-Party Computation (MPC) protocols where the first round of messages serves as a reusable commitment to the private inputs of participating parties. Using these commitments, any subset of parties can later compute any function of their choice on their respective inputs by just sending a single message to a stateless evaluator, conveying the result of the computation but nothing else. Importantly, the input commitments can be computed without knowing anything about other participating parties (neither their identities nor their number) and they are reusable across any number of desired computations. We give a construction of mrNISC that achieves standard simulation security, as classical multi-round MPC protocols achieve. Our construction relies on the Learning With Errors (LWE) assumption with polynomial modulus, and on the existence of a pseudorandom function (PRF) in NC1. We achieve semi-malicious security in the plain model and malicious security by further relying on trusted setup (which is unavoidable for mrNISC). In comparison, the only previously known constructions of mrNISC were either using bilinear maps or using strong primitives such as program obfuscation. We use our mrNISC to obtain new Multi-Key FHE (MKFHE) schemes with threshold decryption: • In the CRS model, we obtain threshold MKFHE for NC1 based on LWE with only polynomial modulus and PRFs in NC1, whereas all previous constructions rely on LWE with super-polynomial modulus-to-noise ratio. • In the plain model, we obtain threshold levelled MKFHE for P based on LWE with polynomial modulus, PRF in NC1, and NTRU, and another scheme for constant number of parties from LWE with sub-exponential modulus-to-noise ratio. The only known prior construction of threshold MKFHE (Ananth et al., TCC 2020) in the plain model restricts the set of parties who can compute together at the onset. ∗Algorand. Email: fabrice.benhamouda@gmail.com. †NTT Research and UCLA. Email: aayushjain@cs.ucla.edu. ‡Hebrew University of Jerusalem and NTT Research. Email: ilank@cs.huji.ac.il. §UW. Email: rachel@cs.washington.edu.

[1]  Rafail Ostrovsky,et al.  Efficient Non-interactive Secure Computation , 2011, EUROCRYPT.

[2]  Yuval Ishai,et al.  Secure Multiparty Computation with General Interaction Patterns , 2016, IACR Cryptol. ePrint Arch..

[3]  Abhishek Banerjee,et al.  New and Improved Key-Homomorphic Pseudorandom Functions , 2014, CRYPTO.

[4]  Fabrice Benhamouda,et al.  k-Round Multiparty Computation from k-Round Oblivious Transfer via Garbled Interactive Circuits , 2018, EUROCRYPT.

[5]  Zhengzhong Jin,et al.  Multiparty Homomorphic Encryption (or: On Removing Setup in Multi-Key FHE) , 2020, IACR Cryptol. ePrint Arch..

[6]  Vinod Vaikuntanathan,et al.  On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption , 2012, STOC '12.

[7]  Daniel Wichs,et al.  Two Round Multiparty Computation via Multi-key FHE , 2016, EUROCRYPT.

[8]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[9]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[10]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[11]  Yuval Ishai,et al.  Two-Message Witness Indistinguishability and Secure Computation in the Plain Model from New Assumptions , 2017, ASIACRYPT.

[12]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[13]  Yuval Ishai,et al.  Two-Round MPC: Information-Theoretic and Black-Box , 2018, IACR Cryptol. ePrint Arch..

[14]  Michael Clear,et al.  Multi-identity and Multi-key Leveled FHE from Learning with Errors , 2015, CRYPTO.

[15]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[16]  Ran Canetti,et al.  Adaptively Secure Two-Party Computation from Indistinguishability Obfuscation , 2015, TCC.

[17]  Daniele Micciancio,et al.  Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions , 2011, CRYPTO.

[18]  Anat Paskin-Cherniavsky,et al.  Non-Interactive Secure Multiparty Computation , 2014, IACR Cryptol. ePrint Arch..

[19]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, EUROCRYPT.

[20]  Zhengzhong Jin,et al.  Multi-key Fully-Homomorphic Encryption in the Plain Model , 2020, TCC.

[21]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[22]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[23]  Shai Halevi,et al.  Four Round Secure Computation Without Setup , 2017, TCC.

[24]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[25]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[26]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[27]  Sanjam Garg,et al.  Garbled Protocols and Two-Round MPC from Bilinear Maps , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[28]  Dana Dachman-Soled,et al.  Adaptively Secure, Universally Composable, Multiparty Computation in Constant Rounds , 2015, TCC.

[29]  Chris Peikert,et al.  Generating Shorter Bases for Hard Random Lattices , 2009, Theory of Computing Systems.

[30]  Chris Peikert,et al.  Multi-key FHE from LWE, Revisited , 2016, TCC.

[31]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[32]  Yuval Ishai,et al.  Non-Interactive Multiparty Computation Without Correlated Randomness , 2017, ASIACRYPT.

[33]  Yehuda Lindell,et al.  Secure Computation on the Web: Computing without Simultaneous Interaction , 2011, IACR Cryptol. ePrint Arch..

[34]  Amit Sahai,et al.  Secure MPC: Laziness Leads to GOD , 2018, IACR Cryptol. ePrint Arch..

[35]  Rafail Ostrovsky,et al.  Non-Interactive Secure Computation from One-Way Functions , 2018, IACR Cryptol. ePrint Arch..

[36]  Dan Boneh,et al.  Key Homomorphic PRFs and Their Applications , 2013, CRYPTO.

[37]  Sanjam Garg,et al.  Two-Round Multiparty Secure Computation Minimizing Public Key Operations , 2018, IACR Cryptol. ePrint Arch..

[38]  Sanjam Garg,et al.  Reusable Two-Round MPC from DDH , 2020, IACR Cryptol. ePrint Arch..

[39]  Benny Pinkas,et al.  Non-Interactive Secure Computation Based on Cut-and-Choose , 2014, IACR Cryptol. ePrint Arch..

[40]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[41]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[42]  Yuval Ishai,et al.  COMPUTATIONALLY PRIVATE RANDOMIZING POLYNOMIALS AND THEIR APPLICATIONS , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[43]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[44]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[45]  Zvika Brakerski,et al.  Two-Message Statistical Sender-Private OT from LWE , 2018, IACR Cryptol. ePrint Arch..

[46]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[47]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[48]  Rafail Ostrovsky,et al.  Reusable Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[49]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[50]  Elaine Shi,et al.  Constant-Round MPC with Fairness and Guarantee of Output Delivery , 2015, CRYPTO.

[51]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[52]  Sanjam Garg,et al.  Two-round Multiparty Secure Computation from Minimal Assumptions , 2018, IACR Cryptol. ePrint Arch..

[53]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[54]  Arka Rai Choudhuri,et al.  Round-Optimal Secure Multiparty Computation with Honest Majority , 2018, IACR Cryptol. ePrint Arch..

[55]  Hoeteck Wee,et al.  Laconic Function Evaluation and Applications , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[56]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[57]  Zvika Brakerski,et al.  Lattice-Based Fully Dynamic Multi-key FHE with Short Ciphertexts , 2016, CRYPTO.

[58]  Sanjam Garg,et al.  Two-Round Adaptively Secure MPC from Indistinguishability Obfuscation , 2015, TCC.

[59]  Fabrice Benhamouda,et al.  Multiparty Reusable Non-Interactive Secure Computation , 2020, IACR Cryptology ePrint Archive.

[60]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[61]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[62]  Craig Gentry,et al.  Two-Round Secure MPC from Indistinguishability Obfuscation , 2014, TCC.

[63]  Amit Sahai,et al.  From FE Combiners to Secure MPC and Back , 2019, IACR Cryptol. ePrint Arch..

[64]  Abhishek Banerjee,et al.  Pseudorandom Functions and Lattices , 2012, EUROCRYPT.

[65]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..