Multi-party computation with conversion of secret sharing

Classical results in unconditionally secure multi-party computation (MPC) protocols with a passive adversary indicate that every n-variate function can be computed by n participants, such that no set of size t < n/2 participants learns any additional information other than what they could derive from their private inputs and the output of the protocol. We study unconditionally secure MPC protocols in the presence of a passive adversary in the trusted setup (‘semi-ideal’) model, in which the participants are supplied with some auxiliary information (which is random and independent from the participant inputs) ahead of the protocol execution (such information can be purchased as a “commodity” well before a run of the protocol). We present a new MPC protocol in the trusted setup model, which allows the adversary to corrupt an arbitrary number t < n of participants. Our protocol makes use of a novel subprotocol for converting an additive secret sharing over a field to a multiplicative secret sharing, and can be used to securely evaluate any n-variate polynomial G over a field F, with inputs restricted to non-zero elements of F. The communication complexity of our protocol is O(ℓ · n2) field elements, where ℓ is the number of non-linear monomials in G. Previous protocols in the trusted setup model require communication proportional to the number of multiplications in an arithmetic circuit for G; thus, our protocol may offer savings over previous protocols for functions with a small number of monomials but a large number of multiplications.

[1]  Eyal Kushilevitz,et al.  A Randomness-Rounds Tradeoff in Private Computation , 1994, SIAM J. Discret. Math..

[2]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation (Extended Abstract) , 1998, CRYPTO.

[3]  Ueli Maurer,et al.  Robustness for Free in Unconditional Multi-party Computation , 2001, CRYPTO.

[4]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[5]  Donald Beaver,et al.  Commodity-based cryptography (extended abstract) , 1997, STOC '97.

[6]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[7]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[8]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[9]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[10]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[11]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[12]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[13]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[14]  Yuval Ishai,et al.  Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation , 2005, TCC.

[15]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[16]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[17]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[18]  Ueli Maurer,et al.  Efficient Secure Multi-party Computation , 2000, ASIACRYPT.

[19]  Eyal Kushilevitz,et al.  A Randomnesss-Rounds Tradeoff in Private Computation , 1994, CRYPTO.

[20]  Rafail Ostrovsky,et al.  Round Efficiency of Multi-party Computation with a Dishonest Majority , 2003, EUROCRYPT.

[21]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[22]  Donald Beaver,et al.  Quorum-Based Secure Multi-party Computation , 1998, EUROCRYPT.

[23]  Rafail Ostrovsky,et al.  Minimal Complete Primitives for Secure Multi-party Computation , 2001, CRYPTO.

[24]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[25]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[26]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[27]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[28]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[29]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[30]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[31]  Matthias Fitzi,et al.  Trading Correctness for Privacy in Unconditional Multi-Party Computation ? Corrected Version ?? , 1998 .

[32]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[33]  Matthias Fitzi,et al.  Multi-party Computation with Hybrid Security , 2004, EUROCRYPT.

[34]  Douglas R. Stinson,et al.  An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..

[35]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[36]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[37]  Ueli Maurer,et al.  Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract) , 1997, PODC '97.

[38]  Donald Beaver,et al.  Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority , 2004, Journal of Cryptology.

[39]  Martin Hirt,et al.  Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation , 2005, ASIACRYPT.