Abstract
We show, via a non-interactive reduction, that the existence of a secure multi-party computation (MPC) protocol for degree-2 functions implies the existence of a protocol with the same round complexity for general functions. Thus showing that when considering the round complexity of MPC, it is sufficient to consider very simple functions.
Our completeness theorem applies in various settings: information theoretic and computational, fully malicious and malicious with various types of aborts. In fact, we give a master theorem from which all individual settings follow as direct corollaries. Our basic transformation does not require any additional assumptions and incurs communication and computation blow-up which is polynomial in the number of players and in \(S,2^D\), where S, D are the circuit size and depth of the function to be computed. Using one-way functions as an additional assumption, the exponential dependence on the depth can be removed.
As a consequence, we are able to push the envelope on the state of the art in various settings of MPC, including the following cases.
-
3-round perfectly-secure protocol (with guaranteed output delivery) against an active adversary that corrupts less than 1/4 of the parties.
-
2-round statistically-secure protocol that achieves security with “selective abort” against an active adversary that corrupts less than half of the parties.
-
Assuming one-way functions, 2-round computationally-secure protocol that achieves security with (standard) abort against an active adversary that corrupts less than half of the parties. This gives a new and conceptually simpler proof to the recent result of Ananth et al. (Crypto 2018).
Technically, our non-interactive reduction draws from the encoding method of Applebaum, Brakerski and Tsabary (TCC 2018). We extend these methods to ones that can be meaningfully analyzed even in the presence of malicious adversaries.
Full version available at https://eprint.iacr.org/2019/200.
B. Applebaum—Supported by the European Union’s Horizon 2020 Programme (ERC-StG-2014-2020) under grant agreement no. 639813 ERC-CLC, and the Check Point Institute for Information Security.
Z. Brakerski and R. Tsabary—Supported by the Israel Science Foundation (Grant No. 468/14), Binational Science Foundation (Grants No. 2016726, 2014276), and by the European Union Horizon 2020 Research and Innovation Program via ERC Project REACT (Grant 756482) and via Project PROMETHEUS (Grant 780701).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In this work we consider the algebraic degree over the binary field. This is the common setting, but one could consider working over other fields as well.
- 2.
It is known that general functions cannot be represented by degree-2 perfectly-private randomizing polynomials [15]. The existence of statistically-private degree-2 randomizing polynomials has been open for nearly two decades.
- 3.
Security with selective aborts is a notion where in the ideal model the adversary can prevent some of the honest parties of his choice from learning the output.
- 4.
Security with aborts is a notion where in the ideal model the adversary can prevent either all or none of the honest parties from receiving the output (but cannot allow only some of them to receive it). We specify “unanimous aborts” in places where there is a risk of confusion with the aforementioned notion of selective aborts.
- 5.
In fact, the adversary in \(\varPi \) is somewhat weaker than a full malicious adversary. First, the adversarial parties are required to have the same circuit topology as honest parties, since only gate functionality changes and not the interconnection of gates. Second, the adversary cannot adjust the behavior of party i under its control based on a message received by a different party j under its control during the execution of the protocol. We find this property quite interesting and potentially useful, although we do not need to exploit it to derive the consequences in the cases analyzed in this paper.
- 6.
In particular, we use an extension field of \(\mathrm {GF}(2)\), and add a mechanism that forces the adversary to use binary inputs. Implementing this mechanism without increasing the round complexity is somewhat challenging, and for this, we rely on some specific properties of the [11] scheme. See Sect. 6 and full version for details.
- 7.
Intuitively, this means that the correctness of honest parties may be violated, but the adversary is required to “know” the (possibly incorrect) outputs of the honest parties. Formally, in the ideal model, the ideal functionality first delivers the outputs of the corrupted parties to the simulator, and then receives from the simulator an output to deliver to each of the uncorrupted parties.
- 8.
- 9.
In the computational setting, we let the circuit size S play the role of the security parameter, and assume that n is at most polynomial in S.
- 10.
This can be slightly pushed to log-space computation via standard techniques.
- 11.
As usual we assume that every \(i\in [n]\) is associated with some public distinct field element \(\alpha _i\ne 0\) and, by abuse of notation, we denote this element by i.
References
Ananth, P., Choudhuri, A.R., Goel, A., Jain, A.: Round-optimal secure multiparty computation with honest majority. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 395–424. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_14
Ananth, P., Choudhuri, A.R., Goel, A., Jain, A.: Two round information-theoretic MPC with malicious security. Cryptology ePrint Archive, Report 2018/1078 (2018). https://eprint.iacr.org/2018/1078
Applebaum, B., Brakerski, Z., Tsabary, R.: Perfect secure computation in two rounds. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018, Part I. LNCS, vol. 11239, pp. 152–174. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_6. https://eprint.iacr.org/2018/894
Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: Ortiz, H. (ed.) Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, USA, 13–17 May 1990, pp. 503–513. ACM (1990)
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Simon, J. (ed.) Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, Illinois, USA, 2–4 May 1988, pp. 1–10. ACM (1988)
Benhamouda, F., Lin, H.: \(k\)-round multiparty computation from \(k\)-round oblivious transfer via garbled interactive circuits. In: Nielsen and Rijmen [18], pp. 500–532 (2018)
Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: 26th Annual Symposium on Foundations of Computer Science, Portland, Oregon, USA, 21–23 October 1985, pp. 383–395. IEEE Computer Society (1985)
Damgård, I., Ishai, Y.: Constant-round multiparty computation using a black-box pseudorandom generator. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 378–394. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_23
Garg, S., Srinivasan, A.: Garbled protocols and two-round MPC from bilinear maps. In: Umans, C. (ed.) 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2017, Berkeley, CA, USA, 15–17 October 2017, pp. 588–599. IEEE Computer Society (2017)
Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen and Rijmen [18], pp. 468–499 (2018)
Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: The round complexity of verifiable secret sharing and secure multicast. In: Vitter, J.S., Spirakis, P.G., Yannakakis, M. (eds.) Proceedings on 33rd Annual ACM Symposium on Theory of Computing, Heraklion, Crete, Greece, 6–8 July 2001, pp. 580–589. ACM (2001)
Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: On 2-round secure multiparty computation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 178–193. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_12
Goldreich, O.: The Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press, Cambridge (2004)
Goldwasser, S., Lindell, Y.: Secure computation without agreement. In: Malkhi, D. (ed.) DISC 2002. LNCS, vol. 2508, pp. 17–32. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36108-1_2
Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, Redondo Beach, California, USA, 12–14 November 2000, pp. 294–304. IEEE Computer Society (2000)
Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Eidenbenz, S., Triguero, F., Morales, R., Conejo, R., Hennessy, M. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45465-9_22
Ishai, Y., Kushilevitz, E., Paskin, A.: Secure multiparty computation with minimal interaction. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 577–594. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_31
Nielsen, J.B., Rijmen, V. (eds.): EUROCRYPT 2018, Part II. LNCS, vol. 10821. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8
Paskin-Cherniavsky, A.: Secure computation with minimal interaction. Ph.D. thesis, Technion – Israel Institute of Technology (2012)
Patra, A., Ravi, D.: On the exact round complexity of secure three-party computation. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 425–458. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_15
Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, Seattle, Washigton, USA, 14–17 May 1989, pp. 73–85. ACM (1989)
Rogaway, P.: The round-complexity of secure protocols. Ph.D. thesis, MIT (1991)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167 (1986)
Acknowledgements
We thank Yuval Ishai for helpful discussions, for providing us several useful pointers, and for sharing with us the full version of [11].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Association for Cryptologic Research
About this paper
Cite this paper
Applebaum, B., Brakerski, Z., Tsabary, R. (2019). Degree 2 is Complete for the Round-Complexity of Malicious MPC. In: Ishai, Y., Rijmen, V. (eds) Advances in Cryptology – EUROCRYPT 2019. EUROCRYPT 2019. Lecture Notes in Computer Science(), vol 11477. Springer, Cham. https://doi.org/10.1007/978-3-030-17656-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-17656-3_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17655-6
Online ISBN: 978-3-030-17656-3
eBook Packages: Computer ScienceComputer Science (R0)
