Communication-Efficient (Proactive) Secure Computation for Dynamic General Adversary Structures and Dynamic Groups

In modern distributed systems, an adversary’s limitations when corrupting subsets of servers may not necessarily be based on threshold constraints, but rather based on other technical or organizational characteristics in the systems. For example, it can be based on the operating systems they run, the cost of corrupting insiders in a sub-organization, et cetera. This means that the corruption patterns (and thus protection guarantees) are not based on the adversary being limited by a threshold, but on the adversary being limited by other constraints, in particular by what is known as a General Adversary Structure (GAS). GAS settings may come up in situations like large enterprises, computing and networking infrastructure of Internet Service Providers, data centers and cloud infrastructure, IT infrastructure of government agencies, computerized military systems, and critical infrastructure. We consider efficient secure multiparty computation (MPC) under such dynamically-changing GAS settings. During these changes, one desires to protect against and during corruption profile change, which renders some (secret sharingbased) encoding schemes underlying the MPC protocol more efficient than others when operating with the (currently) considered GAS. One of our contributions is a set of novel protocols to efficiently and securely convert back and forth between different MPC schemes for GAS; this process is often called share conversion. Specifically, we consider two MPC schemes, one based on additive secret sharing and the other based on Monotone Span Programs (MSP). The ability to efficiently convert between the secret sharing representations of these MPC schemes enables us to construct the first communication-efficient structure-adaptive proactive MPC protocol for dynamic GAS settings. By structure-adaptive, we mean that the choice of the MPC protocol to execute in future rounds after the GAS is changed (as specified by an administrative entity) is chosen to ensure communication-efficiency (the typical bottleneck in MPC). Furthermore, since such secure collaborative computing may be long-lived, we consider the mobile adversary setting, often called the proactive security setting. As our second contribution, we construct communication-efficient MPC protocols that can adapt to the proactive security setting. Proactive security assumes that at each (well defined) period of time the adversary corrupts different parties and over time may visit the entire system and corrupt all parties, provided that in each period it controls groups obeying the GAS constraints. In our protocol, the shares can be refreshed, meaning that parties receive new shares reconstructing the same secret, and some parties who lost their shares because of the reboot/resetting can recover their shares. As our third contribution, we consider another aspect of global long-term computations, namely, that of the dynamic groups. It is worth pointing out that such setting with dynamic groups and GAS was not dealt with in existing literature on (proactive) MPC. In dynamic group settings, parties can be added and eliminated from the computation, under different GAS restrictions. We extend our protocols to this additional dynamic group settings defined by different GAS.

[1]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[2]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[3]  Rafail Ostrovsky,et al.  Proactive Secret Sharing with a Dishonest Majority , 2016, SCN.

[4]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[5]  Shlomi Dolev,et al.  Secret Sharing Krohn-Rhodes: Private and Perennial Distributed Computation , 2011, ICS.

[6]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[7]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[8]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[9]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[10]  Rafail Ostrovsky,et al.  Communication-Optimal Proactive Secret Sharing for Dynamic Groups , 2015, ACNS.

[11]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[12]  Martin Hirt,et al.  Efficient Multi-party Computation with Dispute Control , 2006, TCC.

[13]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[14]  Rafail Ostrovsky,et al.  Communication-Efficient MPC for General Adversary Structures , 2014, SCN.

[15]  Ivan Damgård,et al.  Simplified Threshold RSA with Adaptive and Proactive Security , 2006, EUROCRYPT.

[16]  Moses D. Liskov,et al.  Mobile proactive secret sharing , 2008, PODC '08.

[17]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[18]  Ueli Maurer,et al.  Secure multi-party computation made simple , 2002, Discret. Appl. Math..

[19]  Rafail Ostrovsky,et al.  Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority , 2012, CRYPTO.

[20]  Rafail Ostrovsky,et al.  Proactive Secure Multiparty Computation with a Dishonest Majority , 2018, SCN.

[21]  Shlomi Dolev,et al.  Swarming secrets , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[22]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[23]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[24]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[25]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[26]  Michael Backes,et al.  Proactive secure message transmission in asynchronous networks , 2003, PODC '03.

[27]  Ueli Maurer,et al.  A Dynamic Tradeoff Between Active and Passive Corruptions in Secure Multi-Party Computation , 2013, IACR Cryptol. ePrint Arch..

[28]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[29]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[30]  Dawn Xiaodong Song,et al.  CHURP: Dynamic-Committee Proactive Secret Sharing , 2019, IACR Cryptol. ePrint Arch..

[31]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks, revisited , 2014, PODC '14.

[32]  R. Cramer,et al.  Span Programs and General Secure Multi-Party Computation , 1997 .

[33]  Martin Hirt,et al.  Efficient General-Adversary Multi-Party Computation , 2013, ASIACRYPT.

[34]  Shlomi Dolev,et al.  Towards efficient private distributed computation on unbounded input streams , 2012, J. Math. Cryptol..

[35]  Yuval Ishai,et al.  Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography , 2010, IACR Cryptol. ePrint Arch..

[36]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[37]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[38]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[39]  Mike Loukides,et al.  What is DevOps , 2012 .