Multiparty Computation from Somewhat Homomorphic Encryption

We propose a general multiparty computation protocol secure against an active adversary corrupting up to $$n-1$$ of the n players. The protocol may be used to compute securely arithmetic circuits over any finite field $$\mathbb {F}_{p^k}$$. Our protocol consists of a preprocessing phase that is both independent of the function to be computed and of the inputs, and a much more efficient online phase where the actual computation takes place. The online phase is unconditionally secure and has total computational and communication complexity linear in n, the number of players, where earlier work was quadratic in n. Moreover, the work done by each player is only a small constant factor larger than what one would need to compute the circuit in the clear. We show this is optimal for computation in large fields. In practice, for 3 players, a secure 64-bit multiplication can be done in 0.05 ms. Our preprocessing is based on a somewhat homomorphic cryptosystem. We extend a scheme by Brakerski et al., so that we can perform distributed decryption and handle many values in parallel in one ciphertext. The computational complexity of our preprocessing phase is dominated by the public-key operations, we need $$On^2/s$$ operations per secure multiplication where s is a parameter that increases with the security parameter of the cryptosystem. Earlier work in this model needed $$\varOmega n^2$$ operations. In practice, the preprocessing prepares a secure 64-bit multiplication for 3 players in about 13 ms.

[1]  Marcel Keller,et al.  Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol , 2012, SCN.

[2]  Sanjeev Arora,et al.  New Algorithms for Learning in Presence of Errors , 2011, ICALP.

[3]  Steven Myers,et al.  Threshold Fully Homomorphic Encryption and Secure Computation , 2011, IACR Cryptol. ePrint Arch..

[4]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[5]  Chris Peikert,et al.  Better Key Sizes (and Attacks) for LWE-Based Encryption , 2011, CT-RSA.

[6]  Ivan Damgård,et al.  Multiparty Computation for Dishonest Majority: from Passive to Active Security at Low Cost , 2010, IACR Cryptol. ePrint Arch..

[7]  Yehuda Lindell,et al.  Highly-Efficient Universally-Composable Commitments based on the DDH Assumption , 2011, IACR Cryptol. ePrint Arch..

[8]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[9]  José M. F. Moura,et al.  Algebraic Signal Processing Theory: Cooley–Tukey Type Algorithms for DCTs and DSTs , 2007, IEEE Transactions on Signal Processing.

[10]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[11]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[12]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[13]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[14]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[15]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[16]  Markus Püschel,et al.  Algebraic Signal Processing Theory: Cooley–Tukey Type Algorithms for Real DFTs , 2008, IEEE Transactions on Signal Processing.

[17]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[18]  Severin Winkler,et al.  On the Efficiency of Classical and Quantum Oblivious Transfer Reductions , 2010, IACR Cryptol. ePrint Arch..

[19]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[20]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[21]  Rafail Ostrovsky,et al.  Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority , 2012, CRYPTO.

[22]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[23]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[24]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[25]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[26]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[27]  Ivan Damgård,et al.  On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations , 2012, ICITS.

[28]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[29]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.