Two-Message, Oblivious Evaluation of Cryptographic Functionalities

We study the problem of two round oblivious evaluation of cryptographic functionalities. In this setting, one party $$P_1$$ holds a private key $$\textit{sk}$$ for a provably secure instance of a cryptographic functionality $$\mathcal {F} $$ and the second party $$P_2$$ wishes to evaluate $$\mathcal {F} _\textit{sk}$$ on a value x. Although it has been known for 22 years that general functionalities cannot be computed securely in the presence of malicious adversaries with only two rounds of communication, we show the existence of a round optimal protocol that obliviously evaluates cryptographic functionalities. Our protocol is provably secure against malicious receivers under standard assumptions and does not rely on heuristic setup assumptions. Our main technical contribution is a novel nonblack-box technique, which makes nonblack-box use of the security reduction of $$\mathcal {F} _\textit{sk}$$. Specifically, our proof of malicious receiver security uses the code of the reduction, which reduces the security of $$\mathcal {F} _\textit{sk}$$ to some hard problem, in order to break that problem directly. Instantiating our framework, we obtain the first two-round oblivious pseudorandom function that is secure in the standard model. This question was left open since the invention of OPRFs in 1997.

[1]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2011, Journal of Cryptology.

[2]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[3]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[4]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[5]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[6]  Yehuda Lindell Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, CRYPTO.

[7]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[8]  Nico Döttling,et al.  Efficient Pseudorandom Functions via On-the-Fly Adaptation , 2015, CRYPTO.

[9]  Rafail Ostrovsky,et al.  Security of blind digital signatures , 1997 .

[10]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[11]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[12]  Anat Paskin-Cherniavsky,et al.  Maliciously Circuit-Private FHE , 2014, CRYPTO.

[13]  Amit Sahai,et al.  Round Optimal Blind Signatures , 2011, CRYPTO.

[14]  Yuval Ishai,et al.  The round complexity of verifiable secret sharing and secure multicast , 2001, STOC '01.

[15]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[16]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[17]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[18]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[19]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[20]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[21]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[22]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[23]  B. Applebaum Cryptography in NC0 , 2014 .

[24]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[25]  S. Micali,et al.  How To Construct Randolli Functions , 1984, FOCS 1984.

[26]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[27]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[28]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[29]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[30]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[31]  Rafail Ostrovsky,et al.  Round Efficiency of Multi-party Computation with a Dishonest Majority , 2003, EUROCRYPT.

[32]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[33]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[34]  Yael Tauman Kalai,et al.  Smooth Projective Hashing and Two-Message Oblivious Transfer , 2005, Journal of Cryptology.

[35]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[36]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[37]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[38]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[39]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[40]  Ivan Damgård,et al.  Secure Distributed Linear Algebra in a Constant Number of Rounds , 2001, CRYPTO.

[41]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[42]  Yuval Ishai,et al.  On 2-Round Secure Multiparty Computation , 2002, CRYPTO.

[43]  Sanjam Garg,et al.  Efficient Round Optimal Blind Signatures , 2014, IACR Cryptol. ePrint Arch..

[44]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[45]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[46]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, FOCS.

[47]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[48]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires ~Omega(log n) Rounds , 2001, Electron. Colloquium Comput. Complex..

[49]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[50]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[51]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[52]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[53]  Itay Berman,et al.  From Non-adaptive to Adaptive Pseudorandom Functions , 2012, TCC.

[54]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[55]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[56]  Markus Jakobsson,et al.  Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function , 1997, EUROCRYPT.

[57]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[58]  Practical Round-Optimal Blind Signatures in the Standard Model , 2015, IACR Cryptol. ePrint Arch..

[59]  Rafail Ostrovsky,et al.  Security of Blind Digital Signatures (Extended Abstract) , 1997, CRYPTO.

[60]  Marc Fischlin,et al.  On the Impossibility of Three-Move Blind Signature Schemes , 2010, EUROCRYPT.

[61]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[62]  Rafail Ostrovsky,et al.  Round-Optimal Secure Two-Party Computation , 2004, CRYPTO.

[63]  Larry Carter,et al.  New classes and applications of hash functions , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[64]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[65]  David Chaum,et al.  Blind Signature System , 1983, CRYPTO.

[66]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.