Round Optimal Secure Multiparty Computation from Minimal Assumptions

Choudhuri, Arka Rai; Ciampi, Michele; Goyal, Vipul; Jain, Abhishek; Ostrovsky, Rafail

doi:10.1007/978-3-030-64378-2_11

Cited by 28 publications

(17 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To state our main theorem, we argue that the four-round MPC protocol proposed in [10] is perfectly correct and that the final bounded-rewind MPC protocol we obtain from Theorem 1 preserves the perfect correctness of the input protocol. Given that the protocol of Choudhuri et al [10] is based on OT, which in turn can be based on TDPs, we can state the following.…”

Section: Our Resultsmentioning

confidence: 98%

“…We realize this notion using a compiler that turns, in a round-preserving manner, any four-round MPC protocol into a bounded-rewind secure MPC protocol. Our compiler relies on a bounded-rewind secure oblivious transfer (OT) protocol (similar to the one proposed by Choudhuri et al [10]), on Yao's Garbled Circuits (GC) and public-key encryption. Unfortunately, we cannot directly use the OT protocol of Choudhuri et al [10], since we need the OT to be simulation-based secure against malicious receivers.…”

Section: Our Resultsmentioning

confidence: 99%

“…Our compiler relies on a bounded-rewind secure oblivious transfer (OT) protocol (similar to the one proposed by Choudhuri et al [10]), on Yao's Garbled Circuits (GC) and public-key encryption. Unfortunately, we cannot directly use the OT protocol of Choudhuri et al [10], since we need the OT to be simulation-based secure against malicious receivers. 9 Hence, we also need to prove that such a bounded-rewind secure OT protocol is indeed simulatable.…”

Section: Our Resultsmentioning

confidence: 99%

“…These tools guarantee a mild form of nonmalleability (which is sufficient for our purposes) that is achieved by requiring rewinds only from the third to the second round in the security proof. The way we achieve non-malleability has become quite standard recently and has been used in [4,10,11,22]. For this reason, we do not give more details on these aspects and refer the interested reader to the technical section.…”

Section: Technical Overviewmentioning

confidence: 99%

“…This notion guarantees that either all the honest parties receive the output, or none of them does. Another recent line of works has established that four rounds are both necessary [22] and sufficient [2,4,7,10,29] for MPC with unanimous abort (with respect to black-box simulation) while relying on broadcast. 6 However, none of these works study the notion of MPC with identifiable abort.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Round-Optimal Multi-party Computation with Identifiable Abort

Ciampi

Ravi²,

Siniscalchi³

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Secure multi-party computation (MPC) protocols that are resilient to a dishonest majority allow the adversary to get the output of the computation while, at the same time, forcing the honest parties to abort. Aumann and Lindell introduced the enhanced notion of security with identifiable abort, which still allows the adversary to trigger an abort but, at the same time, it enables the honest parties to agree on the identity of the party that led to the abort. More recently, in Eurocrypt 2016, Garg et al. showed that, assuming access to a simultaneous message exchange channel for all the parties, at least four rounds of communication are required to securely realize non-trivial functionalities in the plain model. Following Garg et al., a sequence of works has matched this lower bound, but none of them achieved security with identifiable abort. In this work, we close this gap and show that four rounds of communication are also sufficient to securely realize any functionality with identifiable abort using standard and generic polynomial-time assumptions. To achieve this result we introduce the new notion of bounded-rewind secure MPC that guarantees security even against an adversary that performs a mild form of reset attacks. We show how to instantiate this primitive starting from any MPC protocol and by assuming trapdoor-permutations. The notion of bounded-rewind secure MPC allows for easier parallel composition of MPC protocols with other (interactive) cryptographic primitives. Therefore, we believe that this primitive can be useful in other contexts in which it is crucial to combine multiple primitives with MPC protocols while keeping the round complexity of the final protocol low.

show abstract

Section: Our Resultsmentioning

confidence: 98%

Section: Our Resultsmentioning

confidence: 99%

Section: Our Resultsmentioning

confidence: 99%

Section: Technical Overviewmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Round-Optimal Multi-party Computation with Identifiable Abort

Ciampi

Ravi²,

Siniscalchi³

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

On the Round Complexity of Secure Quantum Computation

Bartusek

Coladangelo

Khurana³

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Can a sender non-interactively transmit one of two strings to a receiver without knowing which string was received? Does there exist minimally-interactive secure multiparty computation that only makes (black-box) use of symmetric-key primitives? We provide affirmative answers to these questions in a model where parties have access to shared EPR pairs, thus demonstrating the cryptographic power of this resource.• First, we construct a one-shot (i.e., single message) string oblivious transfer (OT) protocol with random receiver bit in the shared EPR pairs model, assuming the (sub-exponential) hardness of LWE.Building on this, we show that secure teleportation through quantum channels is possible. Specifically, given the description of any quantum operation Q, a sender with (quantum) input ρ can send a single classical message that securely transmits Q(ρ) to a receiver. That is, we realize an ideal quantum channel that takes input ρ from the sender and provably delivers Q(ρ) to the receiver without revealing any other information. This immediately gives a number of applications in the shared EPR pairs model: (1) noninteractive secure computation of unidirectional classical randomized functionalities, (2) NIZK for QMA from standard (sub-exponential) hardness assumptions, and (3) a noninteractive zero-knowledge state synthesis protocol.

show abstract