Adaptive Security with Quasi-Optimal Rate

A multiparty computation protocol is said to be adaptively secure if it retains its security in the presence of an adversary who can adaptively corrupt participants as the protocol proceeds. This is in contrast to a static corruption model where the adversary is forced to choose which participants to corrupt before the protocol begins. A central tool for constructing adaptively secure protocols is non-committing encryption Canetti, Feige, Goldreich and Naor, STOC '96. The original protocol of Canetti et al. had ciphertext expansion $$\mathcal {O}k^2$$ where $$k$$ is the security parameter, and prior to this work, the best known constructions had ciphertext expansion that was either $$\mathcal {O}k$$ under general assumptions, or alternatively $$\mathcal {O}\log n$$ , where n is the length of the message, based on a specific factoring-based hardness assumption. In this work, we build a new non-committing encryption scheme from lattice problems, and specifically based on the hardness of Ring Learning With Errors LWE. Our scheme achieves ciphertext expansion as small as $$\mathrm{polylog}k$$ . Moreover when instantiated with Ring-LWE, the public-key is of size $$\mathcal {O}n\mathrm{polylog}k$$ . All previously proposed schemes had public-keys of size $$\varOmega n^2\mathrm{polylog}k$$ .

[1]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[2]  Silvio Micali,et al.  Optimal Error Correction Against Computationally Bounded Noise , 2005, TCC.

[3]  Tal Malkin,et al.  Improved Non-committing Encryption with Applications to Adaptively Secure Protocols , 2009, ASIACRYPT.

[4]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[5]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[6]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[7]  Donald Beaver,et al.  Plug and Play Encryption , 1997, CRYPTO.

[8]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[9]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[10]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[11]  Rafail Ostrovsky,et al.  Non-committing Encryption from Φ-hiding , 2015, TCC.

[12]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, Annual International Cryptology Conference.

[13]  Kousha Etessami,et al.  Recursive Markov chains, stochastic grammars, and monotone systems of nonlinear equations , 2005, JACM.

[14]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[15]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[16]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.