ABSTRACT
A Secure Function Evaluation (SFE) of a two-variable function f(·,·) is a protocol that allows two parties with inputs x and y to evaluate f(x,y) in a manner where neither party learns "more than is necessary". A rich body of work deals with the study of completeness for secure two-party computation. A function f is complete for SFE if a protocol for securely evaluating f allows the secure evaluation of all (efficiently computable) functions. The questions investigated are which functions are complete for SFE, which functions have SFE protocols unconditionally and whether there are functions that are neither complete nor have efficient SFE protocols.The previous study of these questions was mainly conducted from an Information Theoretic point of view and provided strong answers in the form of combinatorial properties. However, we show that there are major differences between the information theoretic and computational settings. In particular, we show functions that are considered as having SFE unconditionally by the combinatorial criteria but are actually complete in the computational setting. We initiate the fully computational study of these fundamental questions. Somewhat surprisingly, we manage to provide an almost full characterization of the complete functions in this model as well. More precisely, we present a computational criterion (called computational row non-transitivity) for a function f to be complete for the asymmetric case. Furthermore, we show a matching criterion called computational row transitivity for f to have a simple SFE (based on no additional assumptions). This criterion is close to the negation of the computational row non-transitivity and thus we essentially characterize all "nice" functions as either complete or having SFE unconditionally.
- A. Beimel, T. Malkin, and S. Micali. The all-or-nothing nature of two-party secure computation. In CRYPTO '99, volume 1666, pages 80--97. Springer, 1999.]] Google ScholarDigital Library
- M. Bellare and S. Micali. Non-interactive oblivious transfer and applications. In CRYPTO '89, volume 435, pages 547--557. Springer, 1989.]] Google ScholarDigital Library
- M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In 20th STOC, pages 1--10, 1988.]] Google ScholarDigital Library
- R. Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143--202, 2000.]]Google ScholarDigital Library
- B. Chor and E. Kushilevitz. A zero-one law for boolean privacy. SIAM Journal on Disc. Math., 4(1):36--47, 1991. preliminary version in STOC 89.]] Google ScholarDigital Library
- C. Crepeau. Equivalence between two flavours of oblivious transfers. In CRYPTO '87, volume 293, pages 350--354. Springer-Verlag, 1987.]] Google ScholarDigital Library
- I. Damgard, J. Kilian, and L. Salvail. On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In Eurocrypt '99, volume 1592, pages 56--73, 1999.]] Google ScholarDigital Library
- S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. Communications of the ACM, 28(6):637--647, 1985.]] Google ScholarDigital Library
- M. Fitzi, J. A. Garay, U. M. Maurer, and R. Ostrovsky:. Minimal complete primitives for secure multi-party computation. In CRYPTO '01, volume 2139, pages 80--100. Springer, 2001.]] Google ScholarDigital Library
- Y. Gertner, S. Kannan, T. Malkin, O. Reingold, and M. Viswanathan. The relationship between public key encryption and oblivious transfer. In 41st FOCS, pages 325--335, 2000.]] Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography. Cambridge University Press, 2001.]] Google ScholarDigital Library
- O. Goldreich. Foundations of cryptography - volume 2. Working Draft, available at www. wisdom. weizmann. ac. il/oded/foc-vol2. html, 2004.]] Google ScholarDigital Library
- O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions. In 21st STOC, pages 25--32, 1989.]] Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game - a completeness theorem for protocols with honest majority. In 19th STOC, pages 218--229, 1987.]] Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity, or all languages in np have zero-knowledge proof systems. Journal of the ACM, 38:691--729, 1 1991.]] Google ScholarDigital Library
- O. Goldreich, N. Nisan, and A. Wigderson. On Yao's XOR-lemma. In ECCC (50), volume 2, 1995.]]Google Scholar
- D. Harnik, M. Naor, O. Reingold, and A. Rosen. Completeness in two-party secure computation - a computational view. ECCC, TR03-060, 2003.]]Google Scholar
- R. Impagliazzo. A personal view of average-case complexity. In 10th Annual Structure in Complexity Theory Conference, pages 134--147. IEEE Computer Society Press, 1995.]] Google ScholarDigital Library
- R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. In 30th FOCS, pages 230--235, 1989.]]Google ScholarDigital Library
- R. Impagliazzo and S. Rudich. Limits on the provable consequences of one-way permutations. In 21st STOC, pages 44--61, 1989.]] Google ScholarDigital Library
- J. Kilian. Founding cryptography on oblivious transfer. In 20th STOC, pages 20--31, 1988.]] Google ScholarDigital Library
- J. Kilian. A general completeness theorem for two-party games. In 23rd STOC, pages 553--560, 1991.]] Google ScholarDigital Library
- J. Kilian. More general completeness theorems for secure two-party computation. In 32nd STOC, pages 316--324, 2000.]] Google ScholarDigital Library
- J. Kilian, E. Kushilevitz, S. Micali, and R. Ostrovsky. Reducibility and completeness in private computations. SIAM Journal of Computing, 28(4):1189--1208, 2000.]] Google ScholarDigital Library
- E. Kushilevitz. Privacy and communication complexity. SIAM Journal on Disc. Math., 5(2):273--284, 1992. preliminary version in FOCS 89.]] Google ScholarDigital Library
- E. Kushilevitz, S. Micali, and R. Ostrovsky. Reducibility and completeness in multi-party private computations. In 35th FOCS, pages 478--489, 1994.]]Google ScholarDigital Library
- M. Naor and B. Pinkas. Efficient oblivious transfer protocols. In SIAM Symposium on Discrete Algorithms (SODA 2001), pages 448--457, 2001.]] Google ScholarDigital Library
- R. Ostrovsky and A. Wigderson. One-way fuctions are essential for non-trivial zero-knowledge. In Second Israel Symposium on Theory of Computing Systems, ISTCS 93, Proceedings. IEEE Computer Society, pages 3--17, 1993.]]Google Scholar
- M. O. Rabin. How to exchange secrets by oblivious transfer. TR-81, Harvard, 1981.]]Google Scholar
- A. C. Yao. Theory and application of trapdoor functions. In 23rd FOCS, pages 80--91, 1982.]]Google ScholarCross Ref
- A. C. Yao. How to generate and exchange secrets. In 27th FOCS, pages 162--167, 1986.]]Google ScholarDigital Library
Index Terms
Completeness in two-party secure computation: a computational view
Recommendations
Complete fairness in secure two-party computation
STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computingIn the setting of secure two-party computation, two mutually distrusting parties wish to compute some function of their inputs while preserving, to the extent possible, various security properties such as privacy, correctness, and more. One desirable ...
Bounded-concurrent secure two-party computation without setup assumptions
STOC '03: Proceedings of the thirty-fifth annual ACM symposium on Theory of computingIn this paper we study the feasibility of obtaining protocols for general two-party computation that remain secure under concurrent composition. (A general protocol can be used for obtaining secure computation of any functionality.) We consider a ...
Complete Fairness in Secure Two-Party Computation
In the setting of secure two-party computation, two mutually distrusting parties wish to compute some function of their inputs while preserving, to the extent possible, various security properties such as privacy, correctness, and more. One desirable ...
Comments