Skip to main content
SpringerLink
Log in

Actively Secure Arithmetic Computation and VOLE with Constant Computational Overhead

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2023 (EUROCRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14005))

  • 915 Accesses

Abstract

We study the complexity of two-party secure arithmetic computation where the goal is to evaluate an arithmetic circuit over a finite field \(\mathbb {F}\) in the presence of an active (aka malicious) adversary. In the passive setting, Applebaum et al. (Crypto 2017) constructed a protocol that only makes a constant (amortized) number of field operations per gate. This protocol uses the underlying field \(\mathbb {F}\) as a black box, makes black-box use of (standard) oblivious transfer, and its security is based on arithmetic analogs of well-studied cryptographic assumptions. We present an actively-secure variant of this protocol that achieves, for the first time, all the above features. The protocol relies on the same assumptions and adds only a minor overhead in computation and communication.

Along the way, we construct a highly-efficient Vector Oblivious Linear Evaluation (VOLE) protocol and present several practical and theoretical optimizations, as well as a prototype implementation. Our most efficient variant can achieve an asymptotic rate of 1/4 (i.e., for vectors of length w we send roughly 4w elements of \(\mathbb {F}\)), which is only slightly worse than the passively-secure protocol whose rate is 1/3. The protocol seems to be practically competitive over fast networks, even for relatively small fields \(\mathbb {F}\) and relatively short vectors. Specifically, our VOLE protocol has 3 rounds, and even for 10K-long vectors, it has an amortized cost per entry of less than 4 OT’s and less than 300 arithmetic operations. Most of these operations (about 200) can be pre-processed locally in an offline non-interactive phase. (Better constants can be obtained for longer vectors.) Some of our optimizations rely on a novel intractability assumption regarding the non-malleability of noisy linear codes, that may be of independent interest.

Our technical approach employs two new ingredients. First, we present a new information-theoretic construction of Conditional Disclosure of Secrets (CDS) and show how to use it in order to immunize the VOLE protocol of Applebaum et al. against active adversaries. Second, by using elementary properties of low-degree polynomials, we show that, for some simple arithmetic functionalities, one can easily upgrade Yao’s garbled-circuit protocol to the active setting with a minor overhead while preserving the round complexity.

Supported by the Israel Science Foundation grant no. 2805/21. The full version of this paper appears in [10].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    More complex numerical computations can typically be efficiently reduced to these simple ones, e.g., by using suitable low-degree approximations.

  2. 2.

    For example, for the case of finite fields with n-bit elements, the size of the best known Boolean multiplication circuits is \(\omega (n \log n)\).

  3. 3.

    The protocol additionally uses standard “bit-operations” whose complexity is dominated by the field operations.

  4. 4.

    We mention that the aforementioned assumptions are not known to imply OT.

  5. 5.

    In fact, even our most conservative protocol (VOLE3) that proves Theorem 1 has an assymptotic rate of 1/5 and its amortized computational complexity is roughly the same. However, VOLE3 achieves this only over significantly longer vectors.

  6. 6.

    The current implementations of the compressed-VOLE-based solution are either restricted to the binary field [18] or achieve passive security [48] and so we cannot compare the actual performance of our implementation against a compressed-VOLE-based implementation. Indeed, to the best of our knowledge, it seems that our work provides the first implementation of actively-secure VOLE over large fields.

  7. 7.

    The exact level of stretch is not important since one can transform a given PRG with a polynomial stretch of \(n=k^c\) for some \(c>1\), to a PRG with a stretch of \(n=k^{c'}\) for an arbitrary constant \(c'>c\) while increasing the depth of the circuit by a constant factor (see, e.g., [3]).

  8. 8.

    This information suffices to recover the plaintext \(x\boldsymbol{a}+\boldsymbol{b}\) since the encryption internally employs a suitable error-correcting code. Indeed, [5] show how to combine a fast pseudorandom matrix with a linear-time error-correcting code and derive a linear-time encodable code that is pseudorandom under random noise but can be decoded in linear-time in the presence of random erasures.

  9. 9.

    GOT allows Bob to retrieve a subset of the messages of Alice that are “authorized” according to some predicate P. Previous constructions were either based on decomposable randomized encoding (aka private-simultaneous messages protocols) [35] or on secret-sharing [29, 49, 50]. We generalize these approaches by using CDS which is strictly weaker than both primitives.

  10. 10.

    Interestingly, this detection is performed “silently”: To test a session Bob just plays this session in a “detection mode”. In contrast, in typical cut-and-choose-based solutions, Bob asks Alice to “open” a session. In fact, in our protocol we can even hide from Alice which sessions were tested by Bob.

  11. 11.

    Indeed, here we assume that the field is sufficiently large. In contrast, the VOLE1 and VOLE2 protocols can be realized over small fields as well.

  12. 12.

    The computational complexity and communication complexity of batch-OT are measured as the total bit-length of the sent messages; see the full version [10] for a justification for this convention.

  13. 13.

    In the context of binary codes, LPN-style assumptions with sub-constant \(\mu \) are quite standard.

  14. 14.

    The concrete formulation that is taken here is chosen for the sake of simplicity. More refined and conservative versions (e.g., that assume better speed-ups and consider sub-constant noise regimes) can be adopted as well.

  15. 15.

    Recall that VOLE1 is obtained by combining the RVOLE-to-VOLE transformation with Protocol 4 for RVOLE. Accordingly, the latter protocol achieves provable active security against the Sender, provable passive security against the Receiver, and heuristic active security against the Receiver.

References

  1. Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (May 2001). https://doi.org/10.1007/3-540-44987-6_8

  2. Alekhnovich, M.: More on average case vs approximation complexity. In: 44th FOCS, pp. 298–307. IEEE Computer Society Press (October 2003). https://doi.org/10.1109/SFCS.2003.1238204

  3. Applebaum, B.: Cryptographic hardness of random local functions. Comput. Complex. 25(3), 667–722 (2015). https://doi.org/10.1007/s00037-015-0121-8

    Article  MathSciNet  MATH  Google Scholar 

  4. Applebaum, B., Avron, J., Brzuska, C.: Arithmetic cryptography. J. ACM 64(2), 10:1–10:74 (2017). https://doi.org/10.1145/3046675

  5. Applebaum, B., Damgård, I., Ishai, Y., Nielsen, M., Zichron, L.: Secure arithmetic computation with constant computational overhead. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 223–254. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_8

    Chapter  Google Scholar 

  6. Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in nc\({}^{\text{0 }}\). SIAM J. Comput. 36(4), 845–888 (2006). https://doi.org/10.1137/S0097539705446950

    Article  MathSciNet  MATH  Google Scholar 

  7. Applebaum, B., Ishai, Y., Kushilevitz, E.: On pseudorandom generators with linear stretch in nc\({}^{\text{0 }}\). Comput. Complex. 17(1), 38–69 (2008). https://doi.org/10.1007/s00037-007-0237-6

    Article  MathSciNet  MATH  Google Scholar 

  8. Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. SIAM J. Comput. 43(2), 905–929 (2014). https://doi.org/10.1137/120875193

    Article  MathSciNet  MATH  Google Scholar 

  9. Applebaum, B., Kachlon, E.: Sampling graphs without forbidden subgraphs and unbalanced expanders with negligible error. In: Zuckerman, D. (ed.) 60th FOCS. pp. 171–179. IEEE Computer Society Press (November 2019). https://doi.org/10.1109/FOCS.2019.00020

  10. Applebaum, B., Konstantini, N.: Actively secure arithmetic computation and vole with constant computational overhead. Cryptology ePrint Archive, Paper 2023/270 (2023). https://eprint.iacr.org/2023/270, https://eprint.iacr.org/2023/270

  11. Applebaum, B., Lovett, S.: Algebraic attacks against random local functions and their countermeasures. In: Wichs, D., Mansour, Y. (eds.) 48th ACM STOC. pp. 1087–1100. ACM Press (June 2016). https://doi.org/10.1145/2897518.2897554

  12. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer extensions with security for malicious adversaries. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 673–701. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_26

    Chapter  Google Scholar 

  13. Baum, C., Malozemoff, A.J., Rosen, M.B., Scholl, P.: \(\sf Mac^{\prime }n^{\prime }Cheese\): zero-knowledge proofs for boolean and arithmetic circuits with nested disjunctions. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 92–122. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_4

    Chapter  Google Scholar 

  14. Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: 28th ACM STOC. pp. 479–488. ACM Press (May 1996). https://doi.org/10.1145/237814.237996

  15. Bootle, J., Cerulli, A., Ghadafi, E., Groth, J., Hajiabadi, M., Jakobsen, S.K.: Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 336–365. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_12

    Chapter  Google Scholar 

  16. Bordewijk, J.L.: Inter-reciprocity applied to electrical networks. Appl. Sci. Res. Sect. A 6(1), 1–74 (1957)

    Article  MathSciNet  MATH  Google Scholar 

  17. Boyle, E., Couteau, G., Gilboa, N., Ishai, Y.: Compressing vector OLE. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 896–912. ACM Press (October 2018). https://doi.org/10.1145/3243734.3243868

  18. Boyle, E.,et al.: Efficient two-round OT extension and silent non-interactive secure computation. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019. pp. 291–308. ACM Press (November 2019). https://doi.org/10.1145/3319535.3354255

  19. Chase, M., et al.: Reusable non-interactive secure computation. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 462–488. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_15

    Chapter  Google Scholar 

  20. Chor, B., Goldreich, O., Håstad, J., Friedman, J., Rudich, S., Smolensky, R.: The bit extraction problem of t-resilient functions (preliminary version). In: 26th FOCS. pp. 396–407. IEEE Computer Society Press (October 1985). https://doi.org/10.1109/SFCS.1985.55

  21. Crépeau, C.: Equivalence between two Flavours of oblivious transfers. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_30

    Chapter  Google Scholar 

  22. Crépeau, C., Kilian, J.: Weakening security assumptions and oblivious transfer. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 2–7. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_1

    Chapter  Google Scholar 

  23. Dittmer, S., Ishai, Y., Ostrovsky, R.: Line-point zero knowledge and its applications. In: Tessaro, S. (ed.) ITC 2021. LIPIcs, vol. 199, pp. 5:1–5:24. Schloss Dagstuhl (2021). https://doi.org/10.4230/LIPIcs.ITC.2021.5

  24. Druk, E.: Linear time encodable codes and cryptography. Master’s thesis, Technion (2013)

    Google Scholar 

  25. Druk, E., Ishai, Y.: Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications. In: Naor, M. (ed.) ITCS 2014. pp. 169–182. ACM (January 2014). https://doi.org/10.1145/2554797.2554815

  26. Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17

    Chapter  Google Scholar 

  27. Genkin, D., Ishai, Y., Prabhakaran, M., Sahai, A., Tromer, E.: Circuits resilient to additive attacks with applications to secure computation. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 495–504. ACM Press (May/June 2014). https://doi.org/10.1145/2591796.2591861

  28. Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: 30th ACM STOC, pp. 151–160. ACM Press (May 1998). https://doi.org/10.1145/276698.276723

  29. Ghosh, S., Nielsen, J.B., Nilges, T.: Maliciously secure oblivious linear function evaluation with constant overhead. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 629–659. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_22

    Chapter  Google Scholar 

  30. Ghosh, S., Nilges, T.: An algebraic approach to maliciously secure private set intersection. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 154–185. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_6

    Chapter  Google Scholar 

  31. Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_8

    Chapter  Google Scholar 

  32. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC. pp. 218–229. ACM Press (May 1987). https://doi.org/10.1145/28395.28420

  33. Guruswami, V., Indyk, P.: Linear-time encodable/decodable codes with near-optimal rate. IEEE Trans. Inf. Theory 51(10), 3393–3400 (2005). https://doi.org/10.1109/TIT.2005.855587

    Article  MathSciNet  MATH  Google Scholar 

  34. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9

    Chapter  Google Scholar 

  35. Ishai, Y., Kushilevitz, E.: Private simultaneous messages protocols with applications. In: Fifth Israel Symposium on Theory of Computing and Systems, ISTCS 1997, Ramat-Gan, Israel, 17–19 June 1997, Proceedings, pp. 174–184. IEEE Computer Society (1997). https://doi.org/10.1109/ISTCS.1997.595170

  36. Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: 41st FOCS, pp. 294–304. IEEE Computer Society Press (November 2000). https://doi.org/10.1109/SFCS.2000.892118

  37. Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., et al. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45465-9_22

    Chapter  Google Scholar 

  38. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with constant computational overhead. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 433–442. ACM Press (May 2008). https://doi.org/10.1145/1374376.1374438

  39. Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_32

    Chapter  Google Scholar 

  40. Ishai, Y., Prabhakaran, M., Sahai, A.: Secure arithmetic computation with no honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 294–314. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_18

    Chapter  Google Scholar 

  41. Kushilevitz, E., Lindell, Y., Rabin, T.: Information-theoretically secure protocols and security under composition. SIAM J. Comput. 39(5), 2090–2112 (2010). https://doi.org/10.1137/090755886, https://doi.org/10.1137/090755886

  42. Lindell, Y.: General composition and universal composability in secure multi-party computation. In: 44th FOCS, pp. 394–403. IEEE Computer Society Press (October 2003). https://doi.org/10.1109/SFCS.2003.1238213

  43. Mohassel, P., Weinreb, E.: Efficient secure linear algebra in the presence of covert or computationally unbounded adversaries. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 481–496. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_27

    Chapter  MATH  Google Scholar 

  44. Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: 31st ACM STOC, pp. 245–254. ACM Press (May 1999). https://doi.org/10.1145/301250.301312

  45. Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Kosaraju, S.R. (ed.) 12th SODA, pp. 448–457. ACM-SIAM (January 2001)

    Google Scholar 

  46. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31

    Chapter  Google Scholar 

  47. Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptol. ePrint Arch. p. 187 (2005), http://eprint.iacr.org/2005/187

  48. Schoppmann, P., Gascón, A., Reichert, L., Raykova, M.: Distributed vector-OLE: Improved constructions and implementation. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 1055–1072. ACM Press (November 2019). https://doi.org/10.1145/3319535.3363228

  49. Shankar, B., Srinathan, K., Rangan, C.P.: Alternative protocols for generalized oblivious transfer. In: Rao, S., Chatterjee, M., Jayanti, P., Murthy, C.S.R., Saha, S.K. (eds.) ICDCN 2008. LNCS, vol. 4904, pp. 304–309. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77444-0_31

    Chapter  Google Scholar 

  50. Tassa, T.: Generalized oblivious transfer by secret sharing. Des. Codes Cryptogr. 58(1), 11–21 (2011). https://doi.org/10.1007/s10623-010-9378-8

    Article  MathSciNet  MATH  Google Scholar 

  51. Weng, C., Yang, K., Katz, J., Wang, X.: Wolverine: Fast, scalable, and communication-efficient zero-knowledge proofs for boolean and arithmetic circuits. In: 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24–27 May 2021, pp. 1074–1091. IEEE (2021). https://doi.org/10.1109/SP40001.2021.00056

  52. Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press (October 1986). https://doi.org/10.1109/SFCS.1986.25

  53. Zichron, L.: Locally computable arithmetic pseudorandom generators. Master’s thesis, Tel Aviv University (2017), available from Applebaum’s home page

    Google Scholar 

Download references

Acknowledgement

We are grateful to Ivan Damgård and Yuval Ishai for early discussions that influenced this work. We also thank YI for explaining various aspects of [17, 18]. We thank the reviewers of Eurocrypt2023 for their comments.

Author information

Authors and Affiliations

  1. Tel Aviv University, Tel Aviv, Israel

    Benny Applebaum & Niv Konstantini

Authors
  1. Benny Applebaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Niv Konstantini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benny Applebaum .

Editor information

Editors and Affiliations

  1. Bar-Ilan University, Ramat Gan, Israel

    Carmit Hazay

  2. Simula UiB, Bergen, Norway

    Martijn Stam

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Applebaum, B., Konstantini, N. (2023). Actively Secure Arithmetic Computation and VOLE with Constant Computational Overhead. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14005. Springer, Cham. https://doi.org/10.1007/978-3-031-30617-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-30617-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-30616-7

  • Online ISBN: 978-3-031-30617-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation