Minimal-Latency Secure Function Evaluation

Sander, Young and Yung recently exhibited a protocol for computing on encrypted inputs, for functions computable in NC1. In their variant of secure function evaluation, Bob (the "CryptoComputer") accepts homomorphically-encrypted inputs (x) from client Alice, and then returns a string from which Alice can extract f(x; y) (where y is Bob's input, or e.g. the function f itself). Alice must not learn more about y than what f(x; y) reveals by itself. We extend their result to encompass NLOGSPACE (nondeterministic log-space functions). In the domain of multiparty computations, constant-round protocols have been known for years [BB89,FKN95]. This paper introduces novel parallelization techniques that, coupled with the [SYY99] methods, reduce the constant to 1 with preprocessing. This resolves the conjecture that NLOGSPACE subcomputations (including log-slices of circuit computation) can be evaluated with latency 1 (as opposed to just O(1)).

[1]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[2]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[3]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[4]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[5]  Bert den Boer Oblivous Transfer Protecting Secrecy , 1991, EUROCRYPT.

[6]  Joe Kilian,et al.  Uses of randomness in algorithms and protocols , 1990 .

[7]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[8]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[9]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[10]  David A. Mix Barrington,et al.  Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1986, STOC '86.

[11]  Carl Pomerance Advances in cryptology -- CRYPTO '87 : proceedings , 1988 .

[12]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[13]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[14]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[15]  Moti Yung,et al.  Non-interactive cryptocomputing for NC/sup 1/ , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[16]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[17]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[19]  Michael Ben-Or,et al.  Computing Algebraic Formulas Using a Constant Number of Registers , 1992, SIAM J. Comput..

[20]  Michael Ben-Or,et al.  Computing algebraic formulas with a constant number of registers , 1988, STOC '88.

[21]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[22]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[23]  J. Feigenbaum Advances in cryptology--CRYPTO '91 : proceedings , 1992 .

[24]  A BarringtonDavid Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1989 .

[25]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[26]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .

[27]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).