Abstract
Fully secure multiparty computation (or guaranteed output delivery) among n parties can be achieved with perfect security if the number of corruptions t is less than n/3, or with statistical security with the help of a broadcast channel if \(t<n/2\). In the case of \(t<n/3\), it is known that it is possible to achieve linear communication complexity, but at a cost of having a round count of \(\varOmega (\textsf{depth}(C) + n)\) in the worst case. The number of rounds can be reduced to \(O(\textsf{depth}(C))\) by either increasing communication, or assuming some correlated randomness (a setting also known as the preprocesing model). For \(t<n/2\) it is also known that linear communication complexity is achievable, but at the cost of \(\varOmega (\textsf{depth}(C) + n^2)\) rounds, due to the use of a technique called dispute control. However, in contrast to the \(t<n/3\) setting, it is not known how to reduce this round count for \(t<n/2\) to \(O(\textsf{depth}(C))\), neither allowing for larger communication, or by using correlated randomness.
In this work we make progress in this direction by taking the second route above: we present a fully secure protocol for \(t<n/2\) in the preprocessing model, that achieves linear communication complexity, and whose round complexity is only \(O(\textsf{depth}(C))\), without the additive \(n^2\) term that appears from the use of dispute control. While on the \(t<n/3\) such result requires circuits of width \(\varOmega (n)\), in our case circuits must be of width \(\varOmega (n^2)\), leaving it as an interesting future problem to reduce this gap. Our \(O(\textsf{depth}(C))\) round count is achieved by avoiding the use of dispute control entirely, relying on a different tool for guaranteeing output. In the \(t<n/3\) setting when correlated randomness is available, this is done by using error correction to reconstruct secret-shared values, but in the \(t<n/2\) case the equivalent is robust secret-sharing, which guarantees the reconstruction of a secret in spite of errors. However, we note that a direct use of such tool would lead to quadratic communication, stemming from the fact that each party needs to authenticate their share towards each other party. At the crux of our techniques lies a novel method for reconstructing a batch of robustly secret-shared values while involving only a linear amount of communication per secret, which may also be of independent interest.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
This is not possible in the case of \(n=2t+1\) since one out of the \(t+1\) honest parties may end up being removed, and the t remaining honest parties cannot “keep the state” of the computation (since otherwise the set of t corrupt parties should be able to also determine such state).
- 2.
In fact, the very recent work of [AAPP23] shows how to obtain expected \(O(\textsf{depth}(C))\) rounds while still achieving linear communication complexity, for certain class of circuits. We do not discuss this work further since our interest is on deterministic \(O(\textsf{depth}(C))\) rounds.
- 3.
Here we count the number of field elements, although the only constructions known in the literature require a field whose size grows linearly with the number of parties.
- 4.
Interestingly, here the overhead if n instead of \(n^2\), since the authors do not use dispute control but instead a technique that is closer to player elimination.
- 5.
We note that this is the approach taken in, for example, Bedoza [BDOZ11], which is set in the dishonest majority setting \(t<n\).
- 6.
Even though this approach is quite standard in the literature, we provide a formal description and a security proof in the full version.
- 7.
This is done by reconstructing, using the procedure \(\pi _{\textsf{QuadRec}}\) from Sect. 3.1, a preshared random \(\langle \xi \rangle \) provided by the preprocessing functionality.
References
Abraham, I., Asharov,G., Patil, S., Patra, A.: Asymptotically free broadcast in constant expected time via packed vss. In: Kiltz, E., Vaikuntanathan, V. (eds.) Theory of Cryptography: 20th International Conference, TCC 2022, Chicago, IL, USA, 7–10 November 2022, Proceedings, Part I, pp. 384–414. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22318-1_14
Abraham, I., Asharov,G., Patil, S., Patra, A.: Detect, pack and batch: perfectly-secure mpc with linear communication and constant expected time. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology-EUROCRYPT 2023: 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, 23–27 April 2023, Proceedings, Part II, pp. 251–281. Springer, Heidelberg (2023). https://doi.org/10.1007/978-3-031-30617-4_9
Abraham, I., Asharov, G., Yanai, A.: Efficient perfectly secure computation with optimal resilience. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13043, pp. 66–96. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90453-1_3
Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 169–188. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_11
Boyle, E., Gilboa, N., Ishai, Y., Nof, A.: Efficient fully secure computation via distributed zero-knowledge proofs. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 244–276. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_9
Ben-Or, M., Goldwasser, A., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10 (1988)
Bishop, A., Pastro, V., Rajaraman, R., Wichs, D.: Essentially optimal robust secret sharing with maximal corruptions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 58–86. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_3
Ben-Sasson, E., Fehr, S., Ostrovsky, R.: Near-linear unconditionally-secure multiparty computation with a dishonest minority. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 663–680. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_39
Beerliová-Trubíniová, Z., Hirt, M.: Efficient multi-party computation with dispute control. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 305–328. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_16
Beerliová-Trubíniová, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 213–230. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_13
Cramer, R., Damgård, I.B., Nielsen, J.B.: Secure Multiparty Computation. Cambridge University Press, Cambridge (2015)
Damgård, I., Nielsen, J.B.: Scalable and unconditionally secure multiparty computation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 572–590. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_32
Fehr, S., Yuan, C.: Towards optimal robust secret sharing with security against a rushing adversary. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 472–499. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_16
Gennaro, R., Rabin, M.O., Rabin, T.: Simplified vss and fast-track multiparty computations with applications to threshold cryptography. In: Proceedings of the Seventeenth Annual ACM Symposium on Principles of Distributed Computing, pp. 101–111 (1998)
Goyal, V., Song, Y., Zhu, C.: Guaranteed output delivery comes free in honest majority MPC. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 618–646. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_22
Hirt, M., Maurer, U., Przydatek, B.: Efficient secure multi-party computation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 143–161. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_12
Ishai, Y., Kushilevitz, E., Prabhakaran, M., Sahai, A., Yu, C.-H.: Secure protocol transformations. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 430–458. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_15
Acknowledgments
This paper was prepared in part for information purposes by the Artificial Intelligence Research Group and the AlgoCRYPT CoE of JPMorgan Chase & Co and its affiliates (“JP Morgan”) and is not a product of the Research Department of JP Morgan. JP Morgan makes no representation and warranty whatsoever and disclaims all liability, for the completeness, accuracy, or reliability of the information contained herein. This document is not intended as investment research or investment advice, or a recommendation, offer, or solicitation for the purchase or sale of any security, financial instrument, financial product, or service, or to be used in any way for evaluating the merits of participating in any transaction, and shall not constitute a solicitation under any jurisdiction or to any person, if such solicitation under such jurisdiction or to such person would be unlawful. 2023 JP Morgan Chase & Co. All rights reserved.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Escudero, D., Fehr, S. (2023). On Fully-Secure Honest Majority MPC Without \(n^2\) Round Overhead. In: Aly, A., Tibouchi, M. (eds) Progress in Cryptology – LATINCRYPT 2023. LATINCRYPT 2023. Lecture Notes in Computer Science, vol 14168. Springer, Cham. https://doi.org/10.1007/978-3-031-44469-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-44469-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-44468-5
Online ISBN: 978-3-031-44469-2
eBook Packages: Computer ScienceComputer Science (R0)