Secure Protocol Transformations

Ishai, Yuval; Kushilevitz, Eyal; Prabhakaran, Manoj; Sahai, Amit; Yu, Ching-Hua

doi:10.1007/978-3-662-53008-5_15

Cited by 25 publications

(12 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We remark that this improves over the result of Chida et al [ 9 ] that achieves O ( s ) overhead for binary fields, and generalizes the result of Ishai et al [ 31 ] that achieves the same result, but only for a constant number of parties. We remark that the latter protocol additionally achieve constant-rate, while our protocol only achieves constant-overhead.…”

Section: Corollaries and Applicationssupporting

confidence: 78%

“…In the honest majority regime for , our compiler gives an actively-secure protocol for boolean circuits with constant overhead over a variant of passive-BGW [ 5 ] that is instantiated using AG secret sharing schemes. This result improves over the recent protocol by Chida et al [ 9 ], which only achieves constant overhead for large fields (introducing an extra statistical security parameter s for small fields with an overhead of ), and over Ishai et al [ 31 ] who achieve constant-overhead for arbitrary fields, but only for few parties. We note that [ 11 ] achieves constant-rate secure protocols, but only for suboptimal corruption thresholds.…”

Section: Introductionsupporting

confidence: 59%

See 1 more Smart Citation

The Price of Active Security in Cryptographic Protocols

Hazay

Venkitasubramaniam

Weiss

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We construct the first actively-secure Multi-Party Computation (MPC) protocols with an arbitrary number of parties in the dishonest majority setting, for an arbitrary field with constant communication overhead over the “passive-GMW” protocol (Goldreich, Micali and Wigderson, STOC ‘87). Our protocols rely on passive implementations of Oblivious Transfer (OT) in the boolean setting and Oblivious Linear function Evaluation (OLE) in the arithmetic setting. Previously, such protocols were only known over sufficiently large fields (Genkin et al. STOC ‘14) or a constant number of parties (Ishai et al. CRYPTO ‘08). Conceptually, our protocols are obtained via a new compiler from a passively-secure protocol for a distributed multiplication functionality , to an actively-secure protocol for general functionalities. Roughly, is parameterized by a linear-secret sharing scheme , where it takes -shares of two secrets and returns -shares of their product. We show that our compilation is concretely efficient for sufficiently large fields, resulting in an overhead of 2 when securely computing natural circuits. Our compiler has two additional benefits: (1) it can rely on any passive implementation of , which, besides the standard implementation based on OT (for boolean) and OLE (for arithmetic) allows us to rely on implementations based on threshold cryptosystems (Cramer et al. Eurocrypt ‘01); and (2) it can rely on weaker-than-passive (i.e., imperfect/leaky) implementations, which in some parameter regimes yield actively-secure protocols with overhead less than 2. Instantiating this compiler with an “honest-majority” implementations of , we obtain the first honest-majority protocol with optimal corruption threshold for boolean circuits with constant communication overhead over the best passive protocol (Damgård and Nielsen, CRYPTO ‘07).

show abstract

Section: Corollaries and Applicationssupporting

confidence: 78%

Section: Introductionsupporting

confidence: 59%

The Price of Active Security in Cryptographic Protocols

Hazay

Venkitasubramaniam

Weiss

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…3 and 4] from partially identifiable abort 12 to full security in the honest-majority setting. In [46], the computation of SS n→(t ,n ) in-out (f n ) with partially identifiable abort is carried out iteratively by a committee, initially consisting of all the parties, until the output is obtained. In case of abort, all the identified parties (both honest and corrupted) are removed from the committee.…”

Section: Corollary 15 (Informal)mentioning

confidence: 99%

“…In case of abort, all the identified parties (both honest and corrupted) are removed from the committee. It follows that the number of iterations in [46] is O(n). Corollary 1.7 (informal).…”

Section: Corollary 15 (Informal)mentioning

confidence: 99%

See 1 more Smart Citation

From Fairness to Full Security in Multiparty Computation

Cohen¹,

Haitner

Omri

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In the setting of secure multiparty computation (MPC), a set of mutually distrusting parties wish to jointly compute a function, while guaranteeing the privacy of their inputs and the correctness of the output. An MPC protocol is called fully secure if no adversary can prevent the honest parties from obtaining their outputs. A protocol is called fair if an adversary can prematurely abort the computation, however, only before learning any new information.We present highly efficient transformations from fair computations to fully secure computations, assuming the fraction of honest parties is constant (e.g., 1% of the parties are honest). Compared to previous transformations that require linear invocations (in the number of parties) of the fair computation, our transformations require super-logarithmic, and sometimes even super-constant, such invocations. The main idea is to delegate the computation to chosen random committees that invoke the fair computation. Apart from the benefit of uplifting security, the reduction in the number of parties is also useful, since only committee members are required to work, whereas the remaining parties simply "listen" to the computation over a broadcast channel.One application of these transformations is a new δ-bias coin-flipping protocol, whose round complexity has a super-logarithmic dependency on the number of parties, improving over the protocol of Beimel, Omri, and Orlov (Crypto 2010) that has a linear dependency. A second application is a new fully secure protocol for computing the Boolean OR function, with a superconstant round complexity, improving over the protocol of Gordon and Katz (TCC 2009) whose round complexity is linear in the number of parties.Finally, we show that our positive results are in a sense optimal, by proving that for some functionalities, a super-constant number of (sequential) invocations of the fair computation is necessary for computing the functionality in a fully secure manner.

show abstract

Two‐Server Oblivious Transfer for Quantum Messages

Hayashi,

Song

2024

Adv Quantum Tech

View full text Add to dashboard Cite

Oblivious transfer is considered as a cryptographic primitive task for quantum information processing over a quantum network. It is an essential building block for secure multiparty computation. It is known that one‐server oblivious transfer is impossible. When the task is the transmission of classical messages, protocols for two‐server oblivious transfer exist, i.e., existing protocols work under the assumption that two servers do not communicate with each other. However, when the task is the transmission of a quantum state, no existing method works even under the above two‐server assumption. Two‐server oblivious transfer protocols for quantum messages are proposed for the first time.

show abstract

Secure Protocol Transformations

Cited by 25 publications

References 29 publications

The Price of Active Security in Cryptographic Protocols

The Price of Active Security in Cryptographic Protocols

From Fairness to Full Security in Multiparty Computation

Two‐Server Oblivious Transfer for Quantum Messages

Contact Info

Product

Resources

About