Abstract
A natural solution to increase the efficiency of secure computation will be to non-interactively and securely transform diverse inexpensive-to-generate correlated randomness, like, joint samples from noise sources, into correlations useful for secure computation protocols. Motivated by this general application for secure computation, our work introduces the notion of secure non-interactive simulation (SNIS). Parties receive samples of correlated randomness, and they, without any interaction, securely convert them into samples from another correlated randomness.
Our work presents a simulation-based security definition for SNIS and initiates the study of the feasibility and efficiency of SNIS. We also study SNIS among fundamental correlated randomnesses like random samples from the binary symmetric and binary erasure channels, represented by \(\mathsf {BSS}\) and \(\mathsf {BES}\), respectively. We show the impossibility of interconversion between \(\mathsf {BSS}\) and \(\mathsf {BES}\) samples.
Next, we prove that a SNIS of a \(\mathsf {BES} (\varepsilon ')\) sample (a \(\mathsf {BES}\) with noise characteristic \(\varepsilon '\)) from \(\mathsf {BES} (\varepsilon )\) is feasible if and only if \((1-\varepsilon ') = (1-\varepsilon )^k\), for some \(k\in \mathbb {N}\). In this context, we prove that all SNIS constructions must be linear. Furthermore, if \((1-\varepsilon ') = (1-\varepsilon )^k\), then the rate of simulating multiple independent \(\mathsf {BES} (\varepsilon ')\) samples is at most 1/k, which is also achievable using (block) linear constructions.
Finally, we show that a SNIS of a \(\mathsf {BSS} (\varepsilon ')\) sample from \(\mathsf {BSS} (\varepsilon )\) samples is feasible if and only if \((1-2\varepsilon ')=(1-2\varepsilon )^k\), for some \(k\in \mathbb {N}\). Interestingly, there are linear as well as non-linear SNIS constructions. When \((1-2\varepsilon ')=(1-2\varepsilon )^k\), we prove that the rate of a perfectly secure SNIS is at most 1/k, which is achievable using linear and non-linear constructions.
Our technical approach algebraizes the definition of SNIS and proceeds via Fourier analysis. Our work develops general analysis methodologies for Boolean functions, explicitly incorporating cryptographic security constraints. Our work also proves strong forms of statistical-to-perfect security transformations: one can error-correct a statistically secure SNIS to make it perfectly secure. We show a connection of our research with homogeneous Boolean functions and distance-invariant codes, which may be of independent interest.
H. Amini Khorasgani, H.K. Maji, H.H. Nguyen—The research effort is supported in part by an NSF CRII Award CNS–1566499, NSF SMALL Awards CNS–1618822 and CNS–2055605, the IARPA HECTOR project, MITRE Innovation Program Academic Cybersecurity Research Awards (2019–2020, 2020–2021), a Ross-Lynn Research Scholars Grant, a Purdue Research Foundation (PRF) Award, and The Center for Science of Information, an NSF Science and Technology Center, Cooperative Agreement CCF–0939370.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
As is typical in this line of work in cryptography and information theory, the joint distributions (U, V) and (X, Y) assign probabilities to samples that are either 0 or at least a positive constant.
- 2.
The conditional distribution \((A|B=b)\) is \(\nu \)-close to being independent of b if there exists a distribution \(A^*\) such that \((A|B=b)\) is \(\nu \)-close to \(A^*\) in the statistical distance, for all \(b\in \mathrm {Supp}({B})\).
- 3.
Alice can perform a random walk on an appropriate expander graph using her samples to get one random bit that is statistically secure conditioned on Bob’s samples.
- 4.
A joint distribution (X, Y) is complete if there exists samples \(x_0,x_1\in \mathrm {Supp}({X})\) and \(y_0,y_1\in \mathrm {Supp}({Y})\) such that
-
1.
\(\mathrm {Pr}\left[ {X=x_0,Y=y_0}\right] , \mathrm {Pr}\left[ {X=x_1,Y=y_0}\right] , \mathrm {Pr}\left[ {X=x_1,Y=y_1}\right] > 0\), and
-
2.
\( \mathrm {Pr}\left[ {X=x_0,Y=y_0}\right] \cdot \mathrm {Pr}\left[ {X=x_1,Y=y_1}\right] \ne \mathrm {Pr}\left[ {X=x_0,Y=y_1}\right] \cdot \mathrm {Pr}\left[ {X=x_1,Y=y_0}\right] .\)
Multiple samples of a complete distributions can be used to (interactively) implement oblivious transfer [30], the atomic primitive for secure computation. The joint distribution \(\mathsf {BES} (\varepsilon )\), for \(\varepsilon \in (0,1)\), and \(\mathsf {BSS} (\varepsilon )\), for \(\varepsilon \in (0,1/2)\), are complete distributions. However, \(\mathsf {BSS} (0)=\mathsf {BES} (0)\), \(\mathsf {BES} (1)\), and \(\mathsf {BSS} (1/2)\) are not complete distributions.
-
1.
References
Agarwal, P., Narayanan, V., Pathak, S., Prabhakaran, M., Prabhakaran, V., Rehan, M.A.: Secure non-interactive reduction and spectral analysis of correlations. To appear at EUROCRYPT 2022 (2022)
Agrawal, S., et al.: Cryptography from one-way communication: on completeness of finite channels. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part III. LNCS, vol. 12493, pp. 653–685. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_22
Ahlswede, R., Gács, P.: Spreading of sets in product spaces and hypercontraction of the Markov operator. Ann. Probab. 4, 925–939 (1976)
Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_34
Beigi, S., Gohari, A.: On the duality of additivity and tensorization. In: 2015 IEEE International Symposium on Information Theory (ISIT), pp. 2381–2385. IEEE (2015)
Beimel, A., Ishai, Y., Kumaresan, R., Kushilevitz, E.: On the cryptographic complexity of the worst functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 317–342. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_14
Beimel, A., Malkin, T.: A quantitative approach to reductions in secure computation. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 238–257. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_14
Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 2008, pp. 257–266. ACM Press (October 2008)
Bogdanov, A., Mossel, E.: On extracting common random bits from correlated sources. IEEE Trans. Inf. Theory 57(10), 6351–6355 (2011)
Borell, C.: Positivity improving operators and hypercontractivity. Mathematische Zeitschrift 180(3), 225–234 (1982)
Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Efficient pseudorandom correlation generators: silent OT extension and more. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 489–518. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_16
Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Efficient pseudorandom correlation generators from Ring-LPN. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part II. LNCS, vol. 12171, pp. 387–416. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_14
Chan, S.O., Mossel, E., Neeman, J.: On extracting common random bits from correlated sources on large alphabets. IEEE Trans. Inf. Theory 60(3), 1630–1637 (2014)
Crépeau, C.: Equivalence between two flavours of oblivious transfers. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_30
Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: 29th FOCS, pp. 42–52. IEEE Computer Society Press (October 1988)
Crépeau, C., Kilian, J.: Weakening security assumptions and oblivious transfer. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 2–7. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_1
Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38
De, A., Mossel, E., Neeman, J.: Non interactive simulation of correlated distributions is decidable. In: Czumaj, A. (ed.) 29th SODA, pp. 2728–2746. ACM-SIAM (January 2018)
Dinur, I., Filmus, Y., Harsha, P.: Low degree almost Boolean functions are sparse juntas. Electron. Colloquium Comput. Complex. 24, 180 (2017)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Gács, P., Körner, J.: Common information is far less than mutual information. Probl. Control Inf. Theory 2(2), 149–162 (1973)
Garg, S., Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with one-way communication. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part II. LNCS, vol. 9216, pp. 191–208. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_10
Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: 41st FOCS, pp. 325–335. IEEE Computer Society Press (November 2000)
Ghazi, B., Kamath, P., Raghavendra, P.: Dimension reduction for polynomials over Gaussian space and applications. In: Servedio, R.A. (ed.) 33rd Computational Complexity Conference, CCC 2018, June 22–24, 2018, San Diego, CA, USA, volume 102 of LIPIcs, pp. 28: 1–28: 37. Schloss Dagstuhl - Leibniz Center for "u r Computer Science (2018)
Ghazi, B., Kamath, P., Sudan, M.: Decidability of non-interactive simulation of joint distributions. In: Dinur, I. (ed.) 57th FOCS, pp. 545–554. IEEE Computer Society Press (October 2016)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC, pp. 218–229. ACM Press (May 1987)
Kamath, S., Anantharam, V.: Non-interactive simulation of joint distributions: the hirschfeld-gebelein-rényi maximal correlation and the hypercontractivity ribbon. In: 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1057–1064. IEEE (2012)
Kamath, S., Anantharam, V.: On non-interactive simulation of joint distributions. IEEE Trans. Inf. Theory 62(6), 3419–3435 (2016)
Khorasgani, H.A., Maji, H.K., Nguyen, H.H.: Secure non-interactive simulation: feasibility & rate. Cryptology ePrint Archive, Report 2020/252 (2020). https://ia.cr/2020/252
Kilian, J.: More general completeness theorems for secure two-party computation. In: 32nd ACM STOC, pp. 316–324. ACM Press (May 2000)
Kindler, G.: Property Testing PCP. Ph.D. thesis, Tel-Aviv University (2002)
Kindler, G., Safra, S.: Noise-resistant Boolean functions are juntas. preprint (2002)
Kraschewski, D., Maji, H.K., Prabhakaran, M., Sahai, A.: A full characterization of completeness for two-party randomized function evaluation. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 659–676. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_36
MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error Correcting Codes, vol. 16. Elsevier, Amsterdam (1977)
Mahmoody, M., Maji, H.K., Prabhakaran, M.: Limits of random oracles in secure computation. In: Naor, M. (ed.) ITCS 2014, pp. 23–34. ACM (January 2014)
Mahmoody, M., Maji, H.K., Prabhakaran, M.: On the power of public-key encryption in secure computation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 240–264. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_11
Maji, H.K., Prabhakaran, M., Rosulek, M.: Complexity of multi-party computation functionalities. In: Prabhakaran, M., Sahai, A. (eds.) Secure Multi-Party Computation, volume 10 of Cryptology and Information Security Series, pp. 249–283. IOS Press (2013)
Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: Blaze, M. (ed.) USENIX Security 2004, pp. 287–302. USENIX Association (August 2004)
Mossel, E.: Gaussian bounds for noise correlation of functions and tight analysis of long codes. In: 49th FOCS, pp. 156–165. IEEE Computer Society Press (October 2008)
Mossel, E., O’Donnell, R.: Coin flipping from a cosmic source: on error correction of truly random bits. Random Struct. Algorithms 26(4), 418–436 (2005)
Mossel, E., O’Donnell, R., Regev, O., Steif, J.E., Sudakov, B.: Non-interactive correlation distillation, inhomogeneous Markov chains, and the reverse Bonami-Beckner inequality. Israel J. Math. 154(1), 299–336 (2006)
Mossel, E., Oleszkiewicz, K., Sen, A.: On reverse hypercontractivity. Geom. Funct. Anal. 23(3), 1062–1097 (2013)
Nair, C., Wang, Y.N.: Reverse hypercontractivity region for the binary erasure channel. In: 2017 IEEE International Symposium on Information Theory (ISIT), pp. 938–942. IEEE (2017)
Narayanan, V., Prabhakaran, M., Prabhakaran, V.M.: Zero-communication reductions. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part III. LNCS, vol. 12552, pp. 274–304. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_10
Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_40
O’Donnell, R.: Analysis of Boolean Functions. Cambridge University Press, Cambridge (2014)
Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Memo TR-81 (1981)
Rabin, M.O.: How to exchange secrets with oblivious transfer. Cryptology ePrint Archive, Report 2005/187 (2005). https://eprint.iacr.org/2005/187
Witsenhausen, H.S.: On sequences of pairs of dependent random variables. SIAM J. Appl. Math. 28(1), 100–113 (1975)
Wyner, A.: The common information of two dependent random variables. IEEE Trans. Inf. Theory 21(2), 163–179 (1975)
Yang, K.: On the (im)possibility of non-interactive correlation distillation. In: Farach-Colton, M. (ed.) LATIN 2004. LNCS, vol. 2976, pp. 222–231. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24698-5_26
Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd FOCS, pp. 160–164. IEEE Computer Society Press (November 1982)
Yin, Z., Park, Y.: Hypercontractivity, maximal correlation and non-interactive simulation (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Amini Khorasgani, H., Maji, H.K., Nguyen, H.H. (2022). Secure Non-interactive Simulation: Feasibility and Rate. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13277. Springer, Cham. https://doi.org/10.1007/978-3-031-07082-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-031-07082-2_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07081-5
Online ISBN: 978-3-031-07082-2
eBook Packages: Computer ScienceComputer Science (R0)
