Abstract
We construct the first efficient, unconditionally secure MPC protocol that only requires black-box access to a non-commutative ring R. Previous results in the same setting were efficient only either for a constant number of corruptions or when computing branching programs and formulas. Our techniques are based on a generalization of Shamir’s secret sharing to non-commutative rings, which we derive from the work on Reed Solomon codes by Quintin, Barbier and Chabot (IEEE Transactions on Information Theory, 2013). When the center of the ring contains a set \(A = \{\alpha _0, \ldots , \alpha _n\}\) such that \(\forall i \ne j, \alpha _i \,-\, \alpha _j \in R^*\), the resulting secret sharing scheme is strongly multiplicative and we can generalize existing constructions over finite fields without much trouble.
Most of our work is devoted to the case where the elements of A do not commute with all of R, but they just commute with each other. For such rings, the secret sharing scheme cannot be linear “on both sides” and furthermore it is not multiplicative. Nevertheless, we are still able to build MPC protocols with a concretely efficient online phase and black-box access to R. As an example we consider the ring \(\mathcal {M}_{m\times m}(\mathbb {Z}/2^k\mathbb {Z})\), for which when \(m > \log (n+1)\), we obtain protocols that require around \(\lceil \log (n+1)\rceil /2\) less communication and \(2\lceil \log (n+1)\rceil \) less computation than the state of the art protocol based on Circuit Amortization Friendly Encodings (Dalskov, Lee and Soria-Vazquez, ASIACRYPT 2020).
In this setting with a “less commutative” A, our black-box preprocessing phase has a less practical complexity of \(\mathsf {poly}(n)\). We fix this by additionally providing specialized, concretely efficient preprocessing protocols for \(\mathcal {M}_{m\times m}(\mathbb {Z}/2^k\mathbb {Z})\) that exploit the structure of the matrix ring.
E. Soria-Vazquez—Work partially done while at Aarhus University, Denmark.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
An exceptional set is a subset of ring elements whose non-zero pairwise differences are invertible. The Lenstra constant of a ring is the size of the largest exceptional set.
- 2.
Here we use the well known inequality \(\left( {\begin{array}{c}a\\ b\end{array}}\right) \ge (a/b)^b\).
- 3.
\(b(\mathtt {X})\) (right-)divides \(a(\mathtt {X})\), if, after dividing a by b using Theorem 3 obtaining \(q(\mathtt {X})\) and \(r(\mathtt {X})\) such that \(a(\mathtt {X}) = q(\mathtt {X})\cdot b(\mathtt {X}) + r(\mathtt {X})\) with \(\deg (r)<\deg (b)\), it holds that \(r(\mathtt {X})=0\). The quotient \(a(\mathtt {X})/b(\mathtt {X})\) is defined as \(q(\mathtt {X})\).
- 4.
It is worth noting that some of the unknowns will have coefficients multiplying from both left and right.
- 5.
More concretely, if we had \([a]_t\), multiplication by e on the right will not result on \([ae]_t\) in general.
- 6.
This functionality, together with some others used in this work, are formalized in the full version.
- 7.
This was described in [ACD+19], but it is also a consequence of Theorem 5. This is why we will use the \(\llbracket \cdot \rrbracket \) notation to refer to the LSSS over the Galois Ring in this section. It should not be confused with \([\cdot ]\) and \(\langle \cdot \rangle \), which work over \(\mathcal {M}_{m \times m}(\mathbb {Z}_{2^k})\).
- 8.
With the notation \({\boldsymbol{x}}_{\bar{A}}\), we refer to viewing \({\boldsymbol{x}}\) as an element of \((N^d)^n\) and taking, among the n “entries” in \(N^d\), the ones indexed by A. These correspond to parties in our protocols.
References
Abspoel, M., Cramer, R., Damgård, I., Escudero, D., Yuan, C.: Efficient information-theoretic secure multiparty computation over \(\mathbb{Z}/p^k\mathbb{Z}\) via Galois rings. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019, Part I. LNCS, vol. 11891, pp. 471–501. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_19
Baccarini, A., Blanton, M., Yuan, C.: Multi-party replicated secret sharing over a ring with applications to privacy-preserving machine learning. Cryptology ePrint Archive, Report 2020/1577 (2020). https://eprint.iacr.org/2020/1577
Ben-Or, M., Cleve, R.: Computing algebraic formulas using a constant number of registers. SIAM J. Comput. 21(1), 54–58 (1992)
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: 20th ACM STOC, pp. 1–10. ACM Press (May 1988)
Ben-Efraim, A., Nielsen, M., Omri, E.: Turbospeedz: double your online SPDZ! improving SPDZ using function dependent preprocessing. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 530–549. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_26
Beerliová-Trubíniová, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 213–230. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_13
Canetti, R., Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001
Cascudo, I., Cramer, R., Xing, C., Yuan, C.: Amortized complexity of information-theoretically secure MPC revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 395–426. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_14
Cohen, G., et al.: Efficient multiparty protocols via log-depth threshold formulae. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 185–202. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_11
Cramer, R., Damgård, I., Maurer, U.M.: General secure multi-party computation from any linear secret-sharing scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 316–334. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_22
Cramer, R., Fehr, S., Ishai, Y., Kushilevitz, E.: Efficient multi-party computation over rings. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 596–613. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_37
Cramer, R., Rambaud, M., Xing, C.: Asymptotically-good arithmetic secret sharing over \(\mathbb{Z}/p^{\ell } \mathbb{Z}\) with strong multiplication and its applications to efficient MPC. Cryptology ePrint Archive, Report 2019/832 (2019). https://eprint.iacr.org/2019/832
Dalskov, A., Escudero, D., Keller, M.: Fantastic four: honest-majority four-party secure computation with malicious security. In: USENIX 2021 (2021)
Dawar, A., Kopczynski, E., Holm, B., Grädel, E., Pakusa, W.: Definability of linear equation systems over groups and rings. arXiv preprint arXiv:1204.3022 (2012)
Dalskov, A.P.K., Lee, E., Soria-Vazquez, E.: Circuit amortization friendly encodings and their application to statistically secure multiparty computation. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part III. LNCS, vol. 12493, pp. 213–243. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_8
Damgård, I., Nielsen, J.B.: Scalable and unconditionally secure multiparty computation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 572–590. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_32
Desmedt, Y., et al.: Graph coloring applied to secure computation in non-abelian groups. J. Cryptol. 25(4), 557–600 (2012)
Escudero, D., Dalskov, A.: Honest majority MPC with abort with minimal online communication. Cryptology ePrint Archive, Report 2020/1556 (2020). https://eprint.iacr.org/2020/1556
Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)
Ore, O.: Linear equations in non-commutative fields. Ann. Math. 32, 463–477 (1931)
Quintin, G., Barbier, M., Chabot, C.: On generalized Reed-Solomon codes over commutative and noncommutative rings. IEEE Trans. Inf. Theory 59(9), 5882–5897 (2013)
Shamir, A.: How to share a secret. Commun. Assoc. Comput. Mach. 22(11), 612–613 (1979)
Sontag, E.D.: On linear systems and noncommutative rings. Math. Syst. Theory 9(4), 327–344 (1975)
Acknowledgements
During his time at Aarhus University, Eduardo Soria-Vazquez was supported by the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM). Daniel Escudero was supported by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 669255 (MPCPRO).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Escudero, D., Soria-Vazquez, E. (2021). Efficient Information-Theoretic Multi-party Computation over Non-commutative Rings. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12826. Springer, Cham. https://doi.org/10.1007/978-3-030-84245-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-84245-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84244-4
Online ISBN: 978-3-030-84245-1
eBook Packages: Computer ScienceComputer Science (R0)
