Abstract
We revisit the problem of reusable non-interactive secure computation (NISC). A standard NISC protocol for a sender-receiver functionality f enables the receiver to encrypt its input x such that any sender, on input y, can send back a message revealing only f(x, y). Security should hold even when either party can be malicious. A reusable NISC protocol has the additional feature that the receiver’s message can be safely reused for computing multiple outputs \(f(x,y_i)\). Here security should hold even when a malicious sender can learn partial information about the honest receiver’s outputs in each session.
We present the first reusable NISC protocol for general functions f that only makes a black-box use of any two-message oblivious transfer protocol, along with a random oracle. All previous reusable NISC protocols either made a non-black-box use of cryptographic primitives (Cachin et al. ICALP 2002) or alternatively required a stronger arithmetic variant of oblivious transfer and were restricted to f in \(\textsf{NC}^1\) or similar classes (Chase et al. Crypto 2019). Our result is obtained via a general compiler from standard NISC to reusable NISC that makes use of special type of honest-majority protocols for secure multiparty computation.
Finally, we extend the above main result to reusable two-sided NISC, in which two parties can encrypt their inputs in the first round and then reveal different functions of their inputs in multiple sessions. This extension either requires an additional (black-box) use of additively homomorphic commitment or alternatively requires the parties to maintain a state between sessions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Since a pseudorandom generator can be constructed from an OT protocol in a black-box way, OT alone suffices.
- 2.
In fact, our result applies to a more general notion of two-sided NISC that strictly generalizes both the above notion and standard (one-sided) NISC.
- 3.
In the actual definition, we consider a more general situation where the adversary can learn some partial information about the output, such as whether the receiver aborts. This makes reusable security nontrivial even for functionalities such as OLE, where the receiver’s output reveals its input. However, for the sake of this overview, we make the simplifying assumption that the entire receiver output is given to the adversary.
- 4.
OLE is the arithmetic analogue of OT which takes in a field element x from the receiver, and two field elements (a, b) from the sender and outputs \(ax + b\) to the receiver.
- 5.
In reusable receiver security game, we fix the first round message from the honest receiver and the corrupted sender could generate multiple second round messages. We require the joint distribution of the view of the sender and the receiver’s output in each of the sender executions to be indistinguishable to an ideal world where the parties have access to the ideal OLE functionality.
- 6.
We restrict ourselves to the case of a two-message OT protocol as this gives a two-message NISC protocol.
- 7.
The standard Shamir secret sharing using bivariate polynomials satisfies this property.
- 8.
We note that the servers have to additionally re-randomize these shares but we ignore this step to keep the exposition simple.
- 9.
As our main results are in the random oracle model, we can avoid an explicit setup phase that samples the CRS uniformly and instead use the random oracle’s output on some default input as the CRS.
- 10.
We are little imprecise here and this global predicate acts only on a part of the sender’s message and not on the whole message. To be more specific, the sender’s message consists of two parts. We want the first part to satisfy local consistency and the second part to satisfy global consistency.
- 11.
We implicitly assume that all the algorithms take in the unary encoding of the security parameter \(1^\lambda \) as part of their inputs.
- 12.
We implicitly assume that all these algorithms have access to a random oracle and hence, do not include an explicit setup phase. We also assume that all the algorithms take \(1^\lambda \) as an additional input.
References
Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC\(^0\). In: 45th FOCS, pp. 166–175. IEEE Computer Society Press, October 2004
Ananth, P., Jain, A., Jin, Z., Malavolta, G.: Multi-key fully-homomorphic encryption in the plain model. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12550, pp. 28–57. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64375-1_2
Ananth, P., Jain, A., Jin, Z., Malavolta, G.: Unbounded multi-party computation from learning with errors. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 754–781. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_26
Afshar, A., Mohassel, P., Pinkas, B., Riva, B.: Non-interactive secure computation based on cut-and-choose. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 387–404. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_22
Abascal, J., Sereshgi, M.H.F., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Is the classical GMW paradigm practical? The case of non-interactive actively secure 2PC. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) CCS ’20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1591–1605. ACM (2020)
Bartusek, J., Garg, S., Masny, D., Mukherjee, P.: Reusable two-round MPC from DDH. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12551, pp. 320–348. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_12
Bartusek, J., Garg, S., Srinivasan, A., Zhang. Y.: Reusable two-round MPC from LPN. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) KC, vol. 13177, LNCS, pp. 165–193. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-97121-2_72022
Benhamouda, F., Jain, A., Komargodski, I., Lin, H.: Multiparty reusable non-interactive secure computation from LWE. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 724–753. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_25
Benhamouda, F., Jain, A., Komargodski, I., Lin, H.: Multiparty reusable non-interactive secure computation from LWE. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 724–753. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_25
Beaver, D., Micali, S., Rogaway. P.: The round complexity of secure protocols (extended abstract). In: 22nd ACM STOC, pp. 503–513. ACM Press, May 1990
Cachin, C., Camenisch, J., Kilian, J., Müller, J.: One-round secure computation and secure autonomous mobile agents. In: Montanari, U., Rolim, J.D.P., Welzl, E. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 512–523. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45022-X_43
Chase, M., Dodis, Y., Ishai, Y., Kraschewski, D., Liu, T., Ostrovsky, R., Vaikuntanathan, V.: Reusable non-interactive secure computation. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 462–488. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_15
Dittmer, Y.I., Lu, S., Ostrovsky. R.: Authenticated garbling from simple correlations. IACR Cryptol. ePrint Arch., page 836 (2022)
Dittmer, S., Ishai, Y., Ostrovsky. R.: Line-point zero knowledge and its applications. In: Tessaro, S. (ed.) ITC 2021, vol.199 of LIPIcs, pp. 5:1–5:24. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2021)
Haitner, I., Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: Black-box constructions of protocols for secure computation. SIAM J. Comput. 40(2), 225–266 (2011)
Horvitz, O., Katz, J.: Universally-composable two-party computation in two rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_7
Ishai, Y., Kushilevitz. E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: 41st FOCS, pp. 294–304. IEEE Computer Society Press, November 2000
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Prabhakaran, M., Sahai, A.: Efficient non-interactive secure computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 406–425. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_23
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai. A.: Zero-knowledge from secure multiparty computation. In: Johnson, D.S., Feige, U (eds.) 39th ACM STOC, pp. 21–30. ACM Press, June 2007
Ishai, Y., Khurana, D., Sahai, A., Srinivasan, A.: On the round complexity of black-box secure MPC. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 214–243. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_8
Ishai, Y., Khurana, D., Sahai, A., Srinivasan, A.: Round-optimal black-box protocol compilers. In: Dunkelman, O., Dziembowski, S. (eds) EUROCRYPT 2022, Part I, vol. 13275 of LNCS, pp. 210–240. Springer, Heidelberg, May/June 2022. https://doi.org/10.1007/978-3-031-06944-4_8
Ishai, Y., Khurana, D., Sahai, A., Srinivasan, A.: Round-optimal black-box secure computation from two-round malicious OT. In: TCC (2022)
Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_32
Mohassel, P., Rosulek, M.: Non-interactive secure 2PC in the offline/online and batch settings. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 425–455. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_15
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT’99. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Pass, R.: On deniability in the common reference string and random oracle model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 316–337. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_19
Chi-Chih Yao. A.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, October 1986
Acknowledgments
Y. Ishai was supported in part by ERC Project NTSC (742754), BSF grant 2018393, ISF grant 2774/20, and a Google Faculty Research Award. D. Khurana was supported in part by DARPA SIEVE award and a gift from Visa Research. A. Sahai was supported in part from a Simons Investigator Award, DARPA SIEVE award, NTT Research, NSF Frontier Award 1413955, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through Award HR00112020024. A. Srinivasan was supported in part by a SERB startup grant and Google India Research Award.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Ishai, Y., Khurana, D., Sahai, A., Srinivasan, A. (2023). Black-Box Reusable NISC with Random Oracles. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14005. Springer, Cham. https://doi.org/10.1007/978-3-031-30617-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-30617-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30616-7
Online ISBN: 978-3-031-30617-4
eBook Packages: Computer ScienceComputer Science (R0)
