Secure Two-Party Computation with Reusable Bit-Commitments, via a Cut-and-Choose with Forge-and-Lose Technique

A secure two-party computation (S2PC) protocol allows two parties to compute over their combined private inputs, as if intermediated by a trusted third party. In the malicious model, this can be achieved with a cut-and-choose of garbled circuits (C&C-GCs), where some GCs are verified for correctness and the remaining are evaluated to determine the circuit output. This paper presents a new C&C-GCs-based S2PC protocol, with significant advantages in efficiency and applicability. First, in contrast with prior protocols that require a majority of evaluated GCs to be correct, the new protocol only requires that at least one evaluated GC is correct. In practice this reduces the total number of GCs to approximately one third, for the same statistical security goal. This is accomplished by augmenting the C&C with a new forge-and-lose technique based on bit commitments with trapdoor. Second, the output of the new protocol includes reusable XOR-homomorphic bit commitments of all circuit input and output bits, thereby enabling efficient linkage of several S2PCs in a reactive manner. The protocol has additional interesting characteristics (which may allow new comparison tradeoffs), such as needing a low number of exponentiations, using a 2-out-of-1 type of oblivious transfer, and using the C&C structure to statistically verify the consistency of input wire keys.

[1]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[2]  Ivan Niven An introduction to the theory of numbers / Ivan Niven, Herbert S. Zuckermann, Hugh L. Montgomery , 1962 .

[3]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[4]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[5]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[6]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[7]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[8]  Vladimir Kolesnikov Advances and impact of secure function evaluation , 2009, Bell Labs Technical Journal.

[9]  Yehuda Lindell Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries , 2015, Journal of Cryptology.

[10]  Abhi Shelat,et al.  Efficient Secure Computation with Garbled Circuits , 2011, ICISS.

[11]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[12]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[13]  Berry Schoenmakers,et al.  A protocol issue for the malicious case of Yao's garbled circuit construction , 2006 .

[14]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[15]  Chunming Tang,et al.  The Statistical Zero-knowledge Proof for Blum Integer Based on Discrete Logarithm , 2003, IACR Cryptol. ePrint Arch..

[16]  Matthew K. Franklin,et al.  Efficiency Tradeoffs for Malicious Two-Party Computation , 2006, Public Key Cryptography.

[17]  Yehuda Lindell,et al.  Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries , 2008, SCN.

[18]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[19]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[20]  Berry Schoenmakers,et al.  An Efficient Protocol for Fair Secure Two-Party Computation , 2008, CT-RSA.

[21]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[22]  J. Nielsen,et al.  Fast and Maliciously Secure Two-Party Computation Using the GPU , 2013, ACNS.

[23]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[24]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[25]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[26]  Yehuda Lindell,et al.  Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries , 2008, Journal of Cryptology.

[27]  Arjen K. Lenstra,et al.  Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[28]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[29]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[30]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[31]  Adam D. Smith,et al.  Efficient Two Party and Multi Party Computation Against Covert Adversaries , 2008, EUROCRYPT.

[32]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[33]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[34]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[35]  Jeroen van de Graaf,et al.  A Simple and Secure Way to Show the Validity of Your Public Key , 1987, CRYPTO.

[36]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[37]  H.C.A. van Tilborg,et al.  Secure and fair two-party computation , 2007 .

[38]  E. Wright,et al.  An Introduction to the Theory of Numbers , 1939 .

[39]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[40]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.

[41]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[42]  Claudio Orlandi,et al.  LEGO for Two-Party Secure Computation , 2009, TCC.

[43]  E. T. An Introduction to the Theory of Numbers , 1946, Nature.

[44]  David P. Woodruff Revisiting the Efficiency of Malicious Two-Party Computation , 2007, EUROCRYPT.

[45]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[46]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[47]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[48]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[49]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[50]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[51]  Ivan Damgård,et al.  Short Non-Interactive Cryptographic Proofs , 2015, Journal of Cryptology.

[52]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[53]  Jonathan Katz,et al.  Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose , 2013, CRYPTO.

[54]  Vladimir Kolesnikov,et al.  Improved Secure Two-Party Computation via Information-Theoretic Garbled Circuits , 2012, SCN.

[55]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[56]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[57]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[58]  I. Damgård The Application of Claw Free Functions in Cryptography: - Unconditional Protection in Cryptographic Protocols , 1988 .

[59]  Claudio Orlandi,et al.  MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions , 2013, EUROCRYPT.

[60]  Jonathan Katz,et al.  Quid-Pro-Quo-tocols: Strengthening Semi-honest Protocols with Dual Execution , 2012, 2012 IEEE Symposium on Security and Privacy.

[61]  Luís Teixeira d'Aguiar Norton Brandao,et al.  A Framework for Interactive Argument Systems using Quasigroupic Homorphic Commitment , 2006, IACR Cryptol. ePrint Arch..

[62]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[63]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[64]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[65]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.