Article

Automatic generation of two-party computations

Authors:
Philip MacKenzie

Bell Labs, Lucent Technologies, Murray Hill, NJ

Bell Labs, Lucent Technologies, Murray Hill, NJ
View Profile

,
Alina Oprea

Carnegie Mellon University, Pittsburgh, PA

Carnegie Mellon University, Pittsburgh, PA
View Profile

,
Michael K. Reiter

Carnegie Mellon University, Pittsburgh, PA

Carnegie Mellon University, Pittsburgh, PA
View Profile

CCS '03: Proceedings of the 10th ACM conference on Computer and communications securityOctober 2003Pages 210–219https://doi.org/10.1145/948109.948139

Published:27 October 2003Publication History

CCS '03: Proceedings of the 10th ACM conference on Computer and communications security

Pages 210–219

ABSTRACT

We present the design and implementation of a compiler that automatically generates protocols that perform two-party computations. The input to our protocol is the specification of a computation with secret inputs (e.g., a signature algorithm) expressed using operations in the field Z_q of integers modulo a prime q and in the multiplicative subgroup of order q in Z^*_p for q|p-1 with generator g. The output of our compiler is an implementation of each party in a two-party protocol to perform the same computation securely, i.e., so that both parties can together compute the function but neither can alone. The protocols generated by our compiler are provably secure, in that their strength can be reduced to that of the original cryptographic computation via simulation arguments. Our compiler can be applied to various cryptographic primitives (e.g., signature schemes, encryption schemes, oblivious transfer protocols) and other protocols that employ a trusted party (e.g., key retrieval, key distribution).

References

B. Barak, A. Herzberg, D. Naor, and E. Shai. The proactive security toolkit and applications. In Proc. 6th ACM Conf. Computer and Communications Security, pp. 18--27, Nov. 1999.]] Google ScholarDigital Library
M. Bellare, S. Micali. Non-interactive oblivious transfer and applications. In Proc. CRYPTO '89, 1989.]] Google ScholarDigital Library
M. Bellare, R. Sandhu. The security of practical two-party RSA signature schemes. 2001.]]Google Scholar
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proc. 1st ACM Conf. Computer and Communications Security, pp. 62--73, Nov. 1993.]] Google ScholarDigital Library
J. Benaloh. Dense probabilistic encryption. In Workshop on Selected Areas of Cryptography, pp. 120--128, 1994.]]Google Scholar
M. Blum, A. DeSantis, S. Micali, and G. Persiano. Noninteractive zero-knowledge. SIAM Journal of Computing 20(6):1084--1118, 1991.]] Google ScholarDigital Library
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption systems. In Proc. CRYPTO '98 (LNCS 1462), 1998.]] Google ScholarDigital Library
D. Boneh, X. Ding, G. Tsudik, and M. Wong. A method for fast revocation of public key certificates and security capabilities. In Proc. 10th USENIX Security Symposium, Aug. 2001.]] Google ScholarDigital Library
C. Boyd. Digital multisignatures. In H. J. Beker and F. C. Piper, editors, Cryptography and Coding, pp. 241--246. Clarendon Press, 1986.]]Google Scholar
R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In CRYPTO '98, 1998.]] Google ScholarDigital Library
R. Cramer and V. Shoup. Signature schemes based on the strong RSA assumption. ACM Transactions on Information and System Security 3(3):161--185, 2000.]] Google ScholarDigital Library
A. De Santis, G. Di Crescenzo, R. Ostrovsky, G. Persiano, and A. Sahai. Robust non-interactive zero knowledge. In Proc. CRYPTO~2001 (LNCS 2139), pp. 566--598, 2001.]] Google ScholarDigital Library
Y. Desmedt. Society and group oriented cryptography: a new concept. In Proc. CRYPTO '87 (LNCS 293), pp. 120--127, 1987.]] Google ScholarDigital Library
Y. Desmedt and Y. Frankel. Threshold cryptosystems. In Proc. CRYPTO '89 (LNCS 435), pp. 307--315, 1989.]] Google ScholarDigital Library
W. Ford, B. Kaliski. Server-assisted generation of a strong secret from a password. In Proc. 5th International Workshop on Enterprise Security, 2000.]]Google ScholarCross Ref
R. Ganesan. Yaksha: Augmenting Kerberos with public key cryptography. In Proc. 1995 ISOC Network and Distributed System Security Symposium, Feb. 1995.]] Google ScholarDigital Library
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold DSS signatures. In Proc. EUROCRYPT '96 (LNCS 1070), pp. 354--371, 1996.]]Google ScholarCross Ref
S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences 28:270--299, 1984.]]Google ScholarCross Ref
S. Goldwasser, S. Micali and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing 17(2):281-308, Apr. 1988.]] Google ScholarDigital Library
P. Horster, H. Petersen, and M. Michels. Meta-ElGamal signature schemes. In Proc. 2nd ACM Conf. Computer and Communications Security, pp. 96--107, Nov. 1994.]] Google ScholarDigital Library
P. MacKenzie and M. K. Reiter. Networked cryptographic devices resilient to capture. DIMACS Technical Report 2001-19, May 2001. Extended abstract in 2001 IEEE Symposium on Security and Privacy, May 2001.]] Google ScholarDigital Library
P. MacKenzie and M. K. Reiter. Two-party generation of DSA Signatures. In Proc. CRYPTO 2001 (LNCS 2139), Aug. 2001.]] Google ScholarDigital Library
A. Menezes, P. van Oorschot, S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.]] Google ScholarDigital Library
D. Naccache and J. Stern. A new public-key cryptosystem. In Proc. EUROCRYPT '97 (LNCS 1233), pp. 27--36, 1997.]]Google ScholarCross Ref
A. Nicolosi, M. Krohn, Y. Dodis, D. Mazieres. Proactive two-party signatures for user authentication. In Proc. 10th ISOC Network and Distributed System Security Symposium, Feb. 2003.]]Google Scholar
M. Naor, B. Pinkas. Distributed oblivious transfer. In Proc. ASIACRYPT 2000, Dec. 2000.]] Google ScholarDigital Library
M. Naor, B. Pinkas. Efficient oblivious transfer protocols. In Proc. SODA 2001, Jan. 2001.]] Google ScholarDigital Library
T. Okamoto and S. Uchiyama. A new public-key cryptosystem, as secure as factoring. In Proc. EUROCRYPT '98 (LNCS 1403), pp. 308--318, 1998.]]Google ScholarCross Ref
P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proc. EUROCRYPT '99 (LNCS 1592), pp. 223--238, 1999.]]Google ScholarCross Ref
M. Reiter, M. Franklin, J. Lacy, R. Wright. The Omega key management service. Journal of Computer Security 4(4):267--297, 1996.]] Google ScholarDigital Library
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2):120--126, Feb. 1978.]] Google ScholarDigital Library
A. Shamir. How to share a secret. Communications of the ACM 22, 1979.]] Google ScholarDigital Library
D. Song, A. Perrig and D. Phan. AGVI --- Automatic generation, verification, and implementation of security protocols. In Proc. 13th Conference on Computer Aided Verification, July 2001.]] Google ScholarDigital Library
T. Wu, M. Malkin, D. Boneh. Building intrusion tolerant applications. In Proc. 8th USENIX Security Symposium, pp. 79-91, Aug. 1999.]] Google ScholarDigital Library
A. Yao. Protocols for secure computation. In Proc. 23 IEEE Symposium on Foundations of Computer Science, pp. 160--164, 1982.]]Google ScholarCross Ref
L. Zhou, F. Schneider, R. van Renesse. COCA: A secure distributed on-line certification authority. In ACM Transactions on Computer Systems 20(4), Nov. 2002.]] Google ScholarDigital Library

Index Terms

Automatic generation of two-party computations
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption

Recommendations

Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting

The problem of generating an RSA composite in a distributed manner without leaking its factorization is particularly challenging and useful in many cryptographic protocols. Our first contribution is the first non-generic fully simulatable protocol for ...
Read More
An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries

We show an efficient secure two-party protocol, based on Yao's construction, which provides security against malicious adversaries. Yao's original protocol is only secure in the presence of semi-honest adversaries, and can be transformed into a protocol ...
Read More
On the Power of Secure Two-Party Computation
Proceedings, Part II, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 9815

Ishai, Kushilevitz, Ostrovsky and Sahai STOC 2007, SIAM JoC 2009 introduced the powerful "MPC-in-the-head" technique that provided a general transformation of information-theoretic MPC protocols secure against passive adversaries to a ZK proof in a "...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '03: Proceedings of the 10th ACM conference on Computer and communications security
October 2003
374 pages
ISBN:1581137389
DOI:10.1145/948109
General Chair:
Sushil Jajodia
George Mason University
,
Program Chairs:
Vijay Atluri
Rutgers University
,
Trent Jaeger
IBM Watson
Copyright © 2003 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 27 October 2003
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
automatic generation of protocols
secure two-party computation
threshold cryptography
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate1,261of6,999submissions,18%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 27
  Total Citations
  View Citations
- 986
  Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Automatic generation of two-party computations

CCS '03: Proceedings of the 10th ACM conference on Computer and communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting

An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries

On the Power of Secure Two-Party Computation