Skip to main content
SpringerLink
Log in

On Communication Models and Best-Achievable Security in Two-Round MPC

  • Conference paper
  • First Online:
Book cover Theory of Cryptography (TCC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13043))

Included in the following conference series:

Abstract

Recently, a sequence of works have made strong advances in two-round (i.e., round-optimal) secure multi-party computation (MPC). In the honest-majority setting – the focus of this work – Ananth et al. [CRYPTO’18, EC’19], Applebaum et al. [TCC’18, EC’19] and Garg et al. [TCC’18] have established the feasibility of general two-round MPC in standard communication models involving broadcast (\(\mathcal {BC}\)) and private point-to-point (\(\mathcal {P}\mathrm {2}\mathcal {P}\)) channels.

In this work, we set out to understand what features of the communication model are necessary for these results, and more broadly the design of two-round MPC. Focusing our study on the plain model – the most natural model for honest-majority MPC – we obtain the following results:

  • Dishonest majority from Honest majority: In the two round setting, honest-majority MPC and dishonest-majority MPC are surprisingly close, and often equivalent. This follows from our results that the former implies 2-message oblivious transfer, in many settings. (i) We show that without private point-to-point (\(\mathcal {P}\mathrm {2}\mathcal {P}\)) channels, i.e., when we use only broadcast (\(\mathcal {BC}\)) channels, honest-majority MPC implies 2-message oblivious transfer. (ii) Furthermore, this implication holds even when we use both \(\mathcal {P}\mathrm {2}\mathcal {P}\) and \(\mathcal {BC}\), provided that the MPC protocol is robust against “fail-stop” adversaries.

  • Best-Achievable Security: While security with guaranteed output delivery (and even fairness) against malicious adversaries is impossible in two rounds, nothing is known with regards to the “next best” security notion, namely, security with identifiable abort (IA). We show that IA is also impossible to achieve with honest-majority even if we use both \(\mathcal {P}\mathrm {2}\mathcal {P}\) and \(\mathcal {BC}\) channels. However, if we replace \(\mathcal {P}\mathrm {2}\mathcal {P}\) channels with a “bare” (i.e., untrusted) public-key infrastructure (\(\mathcal {PKI}\)), then even security with guaranteed output delivery (and hence \(\texttt {IA} \)) is possible to achieve.

These results “explain” that the reliance on \(\mathcal {P}\mathrm {2}\mathcal {P}\) channels (together with \(\mathcal {BC}\)) in the recent two-round protocols in the plain model was in fact necessary, and that these protocols couldn’t have achieved a stronger security guarantee, namely, \(\texttt {IA} \). Overall, our results (put together with prior works) fully determine the best-achievable security for honest-majority MPC in different communication models in two rounds. As a consequence, they yield the following hierarchy of communication models:

$$\begin{aligned} \mathcal {BC}< \mathcal {P}\mathrm {2}\mathcal {P}< \mathcal {BC}+\mathcal {P}\mathrm {2}\mathcal {P}< \mathcal {BC}+\mathcal {PKI}. \end{aligned}$$

This shows that \(\mathcal {BC}\) channel is the weakest communication model, and that \(\mathcal {BC}+\mathcal {PKI}\) model is strictly stronger than \(\mathcal {BC}+\mathcal {P}\mathrm {2}\mathcal {P}\) model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Typically, the honest-majority assumption is viewed as an alternative to trusted setup assumptions such as a common reference string (CRS).

  2. 2.

    In a bare PKI setup, an adversarial party does not need to register its key prior to protocol; specifically, it does not need to prove knowledge of its secret key.

  3. 3.

    The list of notions we discuss here is not exhaustive and some other notions have been studied that lie “in-between” the primary notions. This includes, e.g., semi-malicious security [5], which is a slight strengthening of SH, and fairness, which is a weakening of M-GoD. The lower and upper bounds for these notions tend to be similar to their respective “closest” notions; hence we do not explicitly discuss them.

  4. 4.

    There is a corner case of exactly one corruption (i.e., \(t=1\)) and \(n\ge 4\) where this impossibility result can be circumvented in the plain model [26, 28].

  5. 5.

    These works in fact rely on \(\textsf {mR-OT} \) in the CRS model with universally composable security [10].

  6. 6.

    In the weaker \(\mathcal {P}\mathrm {2}\mathcal {P}\) only model, honest-majority protocols with \(\texttt {IA} \) security are known to be impossible even if we allow for arbitrary rounds [13].

  7. 7.

    Specifically, it can be implemented as OLE over a large field, using a protocol in which each helper party receives degree t Shamir shares of a and x from sender and receiver respectively, and degree 2t shares of b from sender, and sends degree 2t shares of \(ax+b\) to the receiver.

  8. 8.

    If the protocol does not require any P2P message from \(P_2\) to \(P_1\), then the corrupted \(P_2\) is simply behaving honestly since there is no message to be dropped. In this case, the protocol must result in a not-\(\bot \) output. This case is addressed below.

  9. 9.

    We note that this lower bound complements the protocol designed by Ananth et al. in [1].

References

  1. Ananth, P., Choudhuri, A.R., Goel, A., Jain, A.: Round-optimal secure multiparty computation with honest majority. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 395–424. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_14

    Chapter  Google Scholar 

  2. Ananth, P., Choudhuri, A.R., Goel, A., Jain, A.: Two round information-theoretic MPC with malicious security. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 532–561. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_19

    Chapter  Google Scholar 

  3. Applebaum, B., Brakerski, Z., Tsabary, R.: Perfect secure computation in two rounds. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11239, pp. 152–174. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_6

    Chapter  Google Scholar 

  4. Applebaum, B., Brakerski, Z., Tsabary, R.: Degree 2 is complete for the round-complexity of malicious MPC. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 504–531. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_18

    Chapter  Google Scholar 

  5. Asharov, G., Jain, A., López-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and interaction via threshold FHE. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 483–501. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_29

    Chapter  Google Scholar 

  6. Badrinarayanan, S., Jain, A., Manohar, N., Sahai, A.: Secure MPC: laziness leads to GOD. Cryptology ePrint Archive, Report 2018/580 (2018). https://eprint.iacr.org/2018/580

  7. Barak, B., et al.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_1

    Chapter  Google Scholar 

  8. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: 20th ACM STOC, pp. 1–10. ACM Press, May 1988

    Google Scholar 

  9. Benhamouda, F., Lin, H.: k-round multiparty computation from k-round oblivious transfer via garbled interactive circuits. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 500–532. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_17

    Chapter  Google Scholar 

  10. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001

    Google Scholar 

  11. Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 462–462. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_43

    Chapter  Google Scholar 

  12. Cohen, R., Garay, J., Zikas, V.: Broadcast-optimal two-round MPC. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 828–858. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_28

    Chapter  Google Scholar 

  13. Cohen, R., Lindell, Y.: Fairness versus guaranteed output delivery in secure multiparty computation. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 466–485. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_25

    Chapter  MATH  Google Scholar 

  14. Damgård, I., Magri, B., Siniscalchi, L., Yakoubov, S.: Broadcast-optimal two round MPC with an honest majority. Cryptology ePrint Archive, Report 2020/1254 (2020). https://eprint.iacr.org/2020/1254

  15. Dwork, C., Naor, M.: Zaps and their applications. In: 41st FOCS, pp. 283–293. IEEE Computer Society Press, November 2000

    Google Scholar 

  16. Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO’82, pp. 205–210. Plenum Press, New York (1982)

    Google Scholar 

  17. Fischer, M.J., Lynch, N.A., Merritt, M.: Easy impossibility proofs for distributed consensus problems. In: Malcolm, M.A., Strong, H.R. (eds.) 4th ACM PODC, pp. 59–70. ACM, August 1985

    Google Scholar 

  18. Garg, S., Ishai, Y., Srinivasan, A.: Two-round MPC: information-theoretic and black-box. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11239, pp. 123–151. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_5

    Chapter  Google Scholar 

  19. Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 468–499. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_16

    Chapter  Google Scholar 

  20. Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: On 2-round secure multiparty computation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 178–193. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_12

    Chapter  Google Scholar 

  21. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC, pp. 218–229. ACM Press, May 1987

    Google Scholar 

  22. Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994). https://doi.org/10.1007/BF00195207

    Article  MathSciNet  MATH  Google Scholar 

  23. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: 17th ACM STOC, pp. 291–304. ACM Press, May 1985

    Google Scholar 

  24. Dov Gordon, S., Liu, F.-H., Shi, E.: Constant-round MPC with fairness and guarantee of output delivery. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 63–82. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_4

    Chapter  Google Scholar 

  25. Groth, J., Ostrovsky, R.: Cryptography in the multi-string model. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 323–341. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_18

    Chapter  MATH  Google Scholar 

  26. Ishai, Y., Kumaresan, R., Kushilevitz, E., Paskin-Cherniavsky, A.: Secure computation with minimal interaction, revisited. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 359–378. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_18

    Chapter  Google Scholar 

  27. Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: 41st FOCS, pp. 294–304. IEEE Computer Society Press, November 2000

    Google Scholar 

  28. Ishai, Y., Kushilevitz, E., Paskin, A.: Secure multiparty computation with minimal interaction. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 577–594. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_31

    Chapter  Google Scholar 

  29. Ishai, Y., Ostrovsky, R., Zikas, V.: Secure multi-party computation with identifiable abort. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 369–386. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_21

    Chapter  Google Scholar 

  30. Patra, A., Ravi, D.: On the exact round complexity of secure three-party computation. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 425–458. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_15

    Chapter  Google Scholar 

  31. Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: 21st ACM STOC, pp. 73–85. ACM Press, May 1989

    Google Scholar 

  32. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

The first and second authors were supported in part by an NSF CNS grant 1814919, NSF CAREER award 1942789 and Johns Hopkins University Catalyst award. The second author was additionally supported in part by an Office of Naval Research grant N00014- 19-1-2294. The third author is supported by the joint Indo-Israel Project DST/INT/ISR/P-16/2017 and Ramanujan Fellowship of Dept. of Science and Technology, India.

Author information

Authors and Affiliations

  1. Johns Hopkins University, Baltimore, USA

    Aarushi Goel & Abhishek Jain

  2. IIT Bombay, Mumbai, India

    Manoj Prabhakaran & Rajeev Raghunath

Authors
  1. Aarushi Goel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhishek Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Manoj Prabhakaran
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rajeev Raghunath
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aarushi Goel .

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, WA, USA

    Kobbi Nissim

  2. The University of Texas at Austin, Austin, TX, USA

    Brent Waters

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Goel, A., Jain, A., Prabhakaran, M., Raghunath, R. (2021). On Communication Models and Best-Achievable Security in Two-Round MPC. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13043. Springer, Cham. https://doi.org/10.1007/978-3-030-90453-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90453-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90452-4

  • Online ISBN: 978-3-030-90453-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation