Compressing Vector OLE

Oblivious linear-function evaluation (OLE) is a secure two-party protocol allowing a receiver to learn any linear combination of a pair of field elements held by a sender. OLE serves as a common building block for secure computation of arithmetic circuits, analogously to the role of oblivious transfer (OT) for boolean circuits. A useful extension of OLE is vector OLE (VOLE), allowing the receiver to learn any linear combination of two vectors held by the sender. In several applications of OLE, one can replace a large number of instances of OLE by a smaller number of instances of VOLE. This motivates the goal of amortizing the cost of generating long instances of VOLE. We suggest a new approach for fast generation of pseudo-random instances of VOLE via a deterministic local expansion of a pair of short correlated seeds and no interaction. This provides the first example of compressing a non-trivial and cryptographically useful correlation with good concrete efficiency. Our VOLE generators can be used to enhance the efficiency of a host of cryptographic applications. These include secure arithmetic computation and non-interactive zero-knowledge proofs with reusable preprocessing. Our VOLE generators are based on a novel combination of function secret sharing (FSS) for multi-point functions and linear codes in which decoding is intractable. Their security can be based on variants of the learning parity with noise (LPN) assumption over large fields that resist known attacks. We provide several constructions that offer tradeoffs between different efficiency measures and the underlying intractability assumptions.

[1]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[2]  Daniel Augot,et al.  A Fast Provably Secure Cryptographic Hash Function , 2003, IACR Cryptol. ePrint Arch..

[3]  Benny Applebaum,et al.  Pseudorandom generators with long stretch and low locality from random local one-way functions , 2012, STOC '12.

[4]  Tobias Nilges,et al.  Maliciously Secure Oblivious Linear Function Evaluation with Constant Overhead , 2017, ASIACRYPT.

[5]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[6]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[7]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[8]  Rafail Ostrovsky,et al.  Minimum resource zero-knowledge proofs (extended abstracts) , 1989, CRYPTO 1989.

[9]  Geoffroy Couteau,et al.  Efficient Designated-Verifier Non-Interactive Zero-Knowledge Proofs of Knowledge , 2018, IACR Cryptol. ePrint Arch..

[10]  Yuval Ishai,et al.  Distributed Point Functions and Their Applications , 2014, EUROCRYPT.

[11]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[12]  Rafail Ostrovsky,et al.  Zero-Knowledge Proofs from Secure Multiparty Computation , 2009, SIAM J. Comput..

[13]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[14]  Daniel E. Escudero,et al.  SPDℤ 2 k : Efficient MPC mod 2 k for Dishonest Majority. , 2018 .

[15]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2011, Studies in Complexity and Cryptography.

[16]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[17]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[18]  Peter Scholl,et al.  Extending Oblivious Transfer with Low Communication via Key-Homomorphic PRFs , 2018, Public Key Cryptography.

[19]  Abhi Shelat,et al.  Scaling ORAM for Secure Computation , 2017, IACR Cryptol. ePrint Arch..

[20]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[21]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[22]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[23]  Ron Rothblum,et al.  Spooky Encryption and Its Applications , 2016, CRYPTO.

[24]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[25]  Alexander Meurer,et al.  Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$ , 2011, ASIACRYPT.

[26]  Tanja Lange,et al.  Smaller decoding exponents: ball-collision decoding , 2011, IACR Cryptol. ePrint Arch..

[27]  Niv Gilboa,et al.  Two Party RSA Key Generation , 1999, CRYPTO.

[28]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[29]  Emmanuela Orsini,et al.  TinyKeys: A New Approach to Efficient Multi-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[30]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[31]  Nicolas Sendrier,et al.  Analysis of Information Set Decoding for a Sub-linear Error Weight , 2016, PQCrypto.

[32]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[33]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[34]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[35]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[36]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[37]  Yuval Ishai,et al.  Sufficient Conditions for Collision-Resistant Hashing , 2005, TCC.

[38]  Yair Be'ery,et al.  Moderate-Density Parity-Check Codes , 2009, ArXiv.

[39]  Peter Rindal,et al.  Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution , 2016, USENIX Security Symposium.

[40]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[41]  Rafail Ostrovsky,et al.  Minimum Resource Zero-Knowledge Proofs (Extended Abstract) , 1989, CRYPTO.

[42]  Rosario Gennaro,et al.  Homomorphic Secret Sharing from Paillier Encryption , 2017, ProvSec.

[43]  Yuval Ishai,et al.  Homomorphic Secret Sharing: Optimizations and Applications , 2017, CCS.

[44]  T. Richardson,et al.  Linear Time Encoding of LDPC Codes , 1999 .

[45]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[46]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[47]  Yuval Ishai,et al.  Efficient Multi-party Computation over Rings , 2003, EUROCRYPT.

[48]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[49]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[50]  Yuval Ishai,et al.  Secure Multiparty Computation with General Interaction Patterns , 2016, IACR Cryptol. ePrint Arch..

[51]  Tobias Nilges,et al.  An Algebraic Approach to Maliciously Secure Private Set Intersection , 2019, IACR Cryptol. ePrint Arch..

[52]  Enrico Thomae,et al.  Decoding Random Linear Codes in Õ(20.054n) , 2012 .

[53]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[54]  Yuval Ishai,et al.  Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications , 2014, ITCS.

[55]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[56]  Yuval Ishai,et al.  Compressing Cryptographic Resources , 1999, CRYPTO.

[57]  Douglas R. Stinson,et al.  Combinatorial batch codes , 2009, Adv. Math. Commun..

[58]  Alexander May,et al.  On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes , 2015, EUROCRYPT.

[59]  Yuval Ishai,et al.  Secure Arithmetic Computation with Constant Computational Overhead , 2017, CRYPTO.

[60]  Olivier Blazy,et al.  Efficient Encryption From Random Quasi-Cyclic Codes , 2016, IEEE Transactions on Information Theory.

[61]  Michael Alekhnovich More on Average Case vs Approximation Complexity , 2011, computational complexity.

[62]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[63]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[64]  Rafail Ostrovsky,et al.  Reusable Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[65]  Yuval Ishai,et al.  Group-Based Secure Computation: Optimizing Rounds, Communication, and Computation , 2017, EUROCRYPT.

[66]  Nico Döttling,et al.  TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation , 2017, IACR Cryptol. ePrint Arch..

[67]  Tomoharu Shibuya,et al.  Generalization of Lu's linear time encoding algorithm for LDPC codes , 2012, 2012 International Symposium on Information Theory and its Applications.

[68]  Vadim Lyubashevsky,et al.  The Parity Problem in the Presence of Noise, Decoding Random Linear Codes, and the Subset Sum Problem , 2005, APPROX-RANDOM.

[69]  Yuval Ishai,et al.  Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation , 2005, TCC.

[70]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[71]  Daniel A. Spielman,et al.  Linear-time encodable and decodable error-correcting codes , 1995, STOC '95.

[72]  Justin Luitjens,et al.  Optimizing Modular Multiplication for NVIDIA's Maxwell GPUs , 2016, 2016 IEEE 23nd Symposium on Computer Arithmetic (ARITH).

[73]  Shachar Lovett,et al.  Algebraic Attacks against Random Local Functions and Their Countermeasures , 2015, SIAM J. Comput..

[74]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[75]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[76]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[77]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[78]  Sanjeev Arora,et al.  Learning Parities with Structured Noise , 2010, Electron. Colloquium Comput. Complex..

[79]  Yuval Ishai,et al.  How to Garble Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[80]  Anantha Chandrakasan,et al.  Gazelle: A Low Latency Framework for Secure Neural Network Inference , 2018, IACR Cryptol. ePrint Arch..

[81]  Rafail Ostrovsky,et al.  Batch codes and their applications , 2004, STOC '04.