Efficient Secure Linear Algebra in the Presence of Covert or Computationally Unbounded Adversaries

In this work we study the design of secure protocols for linear algebra problems. All current solutions to the problem are either inefficient in terms of communication complexity or assume that the adversary is honest but curious. We design protocols for two different adversarial settings: First, we achieve security in the presence of a covert adversary, a notion recently introduced by [Aumann and Lindell, TCC 2007]. Roughly speaking, this guarantees that if the adversary deviates from the protocol in a way that allows him to cheat, then he will be caught with good probability. Second, we achieve security against arbitrary malicious behaviour in the presence of a computationally unbounded adversary that controls less than a third of the parties. Our main result is a new upper bound of O(n2 + 1/t) communication for testing singularity of a shared n×nmatrix in constant round, for any constant tin both of these adversarial environments. We use this construction to design secure protocols for computing the rank of a shared matrix and solving a shared linear system of equations with similar efficiency. We use different techniques from computer algebra, together with recent ideas from [Cramer, Kiltz, and Padro, CRYPTO 2007], to reduce the problem of securely deciding singularity to the problem of securely computing matrix product. We then design new and efficient protocols for secure matrix product in both adversarial settings. In the two-party setting, we combine cut-and-choose techniques on random additive decomposition of the input, with a careful use of the random strings of a homomorphic encryption scheme to achieve simulation-based security. Thus, our protocol avoids general zero-knowledge proofs and only makes a black-box use of a homomorphic encryption scheme.

[1]  S. Sitharama Iyengar,et al.  Introduction to parallel algorithms , 1998, Wiley series on parallel and distributed computing.

[2]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[3]  Victor Y. Pan,et al.  Processor efficient parallel solution of linear systems over an abstract field , 1991, SPAA '91.

[4]  David Y. Y. Yun,et al.  Fast Solution of Toeplitz Systems of Equations and Computation of Padé Approximants , 1980, J. Algorithms.

[5]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[6]  Volker Strassen,et al.  Algebraic Complexity Theory , 1991, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.

[7]  Yehuda Lindell Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, CRYPTO.

[8]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[9]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[10]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[11]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[12]  Douglas H. Wiedemann Solving sparse linear equations over finite fields , 1986, IEEE Trans. Inf. Theory.

[13]  L. Ljung,et al.  New inversion formulas for matrices classified in terms of their distance from Toeplitz matrices , 1979 .

[14]  Eike Kiltz,et al.  Unconditionally Secure Constant Round Multi-Party Computation for Equality, Comparison, Bits and Exponentiation , 2006, IACR Cryptol. ePrint Arch..

[15]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[16]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[17]  Erich Kaltofen,et al.  On Wiedemann's Method of Solving Sparse Linear Systems , 1991, AAECC.

[18]  Yehuda Lindell,et al.  Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries , 2007, Journal of Cryptology.

[19]  Don Coppersmith,et al.  Matrix multiplication via arithmetic progressions , 1987, STOC.

[20]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[21]  Yehuda Lindell,et al.  Information-theoretically secure protocols and security under composition , 2006, STOC '06.

[22]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[23]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[24]  Ivan Damgård,et al.  Secure Distributed Linear Algebra in a Constant Number of Rounds , 2001, CRYPTO.

[25]  Carles Padró,et al.  A Note on Secure Computation of the Moore-Penrose Pseudoinverse and Its Application to Secure Linear Algebra , 2007, CRYPTO.

[26]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[27]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[28]  Joseph JáJá,et al.  An Introduction to Parallel Algorithms , 1992 .

[29]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[30]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[31]  Enav Weinreb,et al.  Communication Efficient Secure Linear Algebra , 2006, TCC.

[32]  Michael Clausen,et al.  Algebraic complexity theory , 1997, Grundlehren der mathematischen Wissenschaften.

[33]  Matthew K. Franklin,et al.  Efficient Polynomial Operations in the Shared-Coefficients Setting , 2006, Public Key Cryptography.

[34]  Eike Kiltz,et al.  Secure Linear Algebra Using Linearly Recurrent Sequences , 2007, Complexity of Boolean Functions.