TY - GEN
T1 - On the Round Complexity of Black-Box Secure MPC
AU - Ishai, Yuval
AU - Khurana, Dakshita
AU - Sahai, Amit
AU - Srinivasan, Akshayaram
N1 - Acknowledgements. Y. Ishai was supported by ERC Project NTSC (742754), NSF-BSF grant 2015782, BSF grant 2018393, and ISF grant 2774/20. D. Khurana was supported from a DARPA SIEVE award. A. Sahai was supported in part from a DARPA SIEVE award, NTT Research, NSF Frontier Award 1413955, BSF grant2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through Award HR00112020024. Work done in part when A. Srinivasan was at UC Berkeley and supported in part by AFOSR Award FA9550-19-1-0200, AFOSR YIP Award, NSF CNS Award 1936826, DARPA/ARL SAFEWARE Award W911NF15C0210, a Hellman Award and research grants by the Sloan Foundation, Okawa Foundation, Visa Inc., and Center for Long-Term Cybersecurity (CLTC, UC Berkeley). The views expressed are those of the authors and do not reflect the official policy or position of the funding agencies.
PY - 2021
Y1 - 2021
N2 - We consider the question of minimizing the round complexity of secure multiparty computation (MPC) protocols that make a black-box use of simple cryptographic primitives with security against any number of malicious parties. In the plain model, previous black-box protocols required a high constant number of rounds (>15). This is far from the known lower bound of 4 rounds for protocols with black-box simulators. When allowing random oblivious transfer (OT) correlations, 2-round protocols making black-box use of a pseudorandom generator were known. However, such protocols were obtained via a round-collapsing “protocol garbling” technique that has poor concrete efficiency and makes non-black-box use of an underlying maliciously secure protocol. We improve this state of affairs by presenting the following types of black-box protocols. 4-round “pairwise MPC” in the plain model. This round-optimal protocol enables each ordered pair of parties to compute a function of both inputs whose output is delivered to the second party. The protocol makes black-box use of any public-key encryption (PKE ) with pseudorandom public keys. As a special case, we get a black-box round-optimal realization of secure (copies of) OT between every ordered pair of parties.2-round MPC from OT correlations. This round-optimal protocol makes a black-box use of any general 2-round MPC protocol satisfying an augmented notion of semi-honest security. In the two-party case, this yields new kinds of 2-round black-box protocols.5-round MPC in the plain model. This protocol makes a black-box use of PKE with pseudorandom public keys, and 2-round oblivious transfer with “semi-malicious” security. A key technical tool for the first result is a novel combination of split-state non-malleable codes (Dziembowski, Pietrzak, and Wichs, JACM’18) with standalone secure two-party protocols to construct non-malleable two-party protocols. The second result is based on a new round-optimized variant of the “IPS compiler” (Ishai, Prabhakaran and Sahai, Crypto’08). The third result is obtained via a specialized combination of these two techniques.
AB - We consider the question of minimizing the round complexity of secure multiparty computation (MPC) protocols that make a black-box use of simple cryptographic primitives with security against any number of malicious parties. In the plain model, previous black-box protocols required a high constant number of rounds (>15). This is far from the known lower bound of 4 rounds for protocols with black-box simulators. When allowing random oblivious transfer (OT) correlations, 2-round protocols making black-box use of a pseudorandom generator were known. However, such protocols were obtained via a round-collapsing “protocol garbling” technique that has poor concrete efficiency and makes non-black-box use of an underlying maliciously secure protocol. We improve this state of affairs by presenting the following types of black-box protocols. 4-round “pairwise MPC” in the plain model. This round-optimal protocol enables each ordered pair of parties to compute a function of both inputs whose output is delivered to the second party. The protocol makes black-box use of any public-key encryption (PKE ) with pseudorandom public keys. As a special case, we get a black-box round-optimal realization of secure (copies of) OT between every ordered pair of parties.2-round MPC from OT correlations. This round-optimal protocol makes a black-box use of any general 2-round MPC protocol satisfying an augmented notion of semi-honest security. In the two-party case, this yields new kinds of 2-round black-box protocols.5-round MPC in the plain model. This protocol makes a black-box use of PKE with pseudorandom public keys, and 2-round oblivious transfer with “semi-malicious” security. A key technical tool for the first result is a novel combination of split-state non-malleable codes (Dziembowski, Pietrzak, and Wichs, JACM’18) with standalone secure two-party protocols to construct non-malleable two-party protocols. The second result is based on a new round-optimized variant of the “IPS compiler” (Ishai, Prabhakaran and Sahai, Crypto’08). The third result is obtained via a specialized combination of these two techniques.
UR - http://www.scopus.com/inward/record.url?scp=85115301368&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85115301368&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-84245-1_8
DO - 10.1007/978-3-030-84245-1_8
M3 - Conference contribution
AN - SCOPUS:85115301368
SN - 9783030842444
T3 - Lecture Notes in Computer Science
SP - 214
EP - 243
BT - Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings
A2 - Malkin, Tal
A2 - Peikert, Chris
PB - Springer
T2 - 41st Annual International Cryptology Conference, CRYPTO 2021
Y2 - 16 August 2021 through 20 August 2021
ER -