Fast large-scale honest-majority MPC for malicious adversaries. (English) Zbl 1517.94080
Summary: Protocols for secure multiparty computation enable a set of parties to compute a function of their inputs without revealing anything but the output. The security properties of the protocol must be preserved in the presence of adversarial behavior. The two classic adversary models considered are semi-honest (where the adversary follows the protocol specification but tries to learn more than allowed by examining the protocol transcript) and malicious (where the adversary may follow any arbitrary attack strategy). Protocols for semi-honest adversaries are often far more efficient, but in many cases the security guarantees are not strong enough. In this paper, we present new protocols for securely computing any functionality represented by an arithmetic circuit, assuming an honest majority exists. We utilize a new method for verifying that the adversary does not cheat, that yields a cost of just twice that of semi-honest protocols in some settings. Our protocols are information-theoretically secure in the presence of malicious adversaries. We present protocol variants for small and large fields, and show how to efficiently instantiate them based on replicated secret sharing and Shamir secret sharing. In particular, for large fields, our protocol requires each party to send just 2 field elements per multiplication gate in the three-party setting, and just 12 field elements per multiplication gate for any number of parties. As with previous works in this area aiming to achieve high efficiency, our protocol is secure with abort and does not achieve fairness, meaning that the adversary may receive output while the honest parties do not. We implemented our protocol and ran experiments for different numbers of parties, different network configurations and different circuit depths. Our protocol significantly outperforms the previous best for this setting [Y. Lindell and A. Nof, in: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, CCS ’17, Dallas, TX, USA, October 30 – November 3, 2017. New York, NY: Association for Computing Machinery (ACM). 259–276 (2017; doi.org/10.1145/3133956.3133999)] for a large number of parties (e.g., 100 parties), our implementation runs almost an order of magnitude faster than theirs.
Software:
VIFFReferences:
| [1] | T. Araki, A. Barak, J. Furukawa, T. Lichter, Y. Lindell, A. Nof, K. Ohara, A. Watzman, O. Weinstein. Optimized honest-majority MPC for malicious adversaries - breaking the 1 billion-gate per second barrier. In the 38th IEEE Symposium on Security and Privacy, pp. 843-862, (2017) |
| [2] | T. Araki, J. Furukawa, Y. Lindell, A. Nof, K. Ohara. High-throughput semi-honest secure three-party computation with an honest majority. In the 23rd ACM CCS, pp. 805-817, (2016) |
| [3] | D. Beaver. Foundations of secure interactive computing. In the 11th CRYPTO, pp 377-391, (1991) · Zbl 0789.68044 |
| [4] | E. Ben-Sasson, S. Fehr, R. Ostrovsky. Near-linear unconditionally-secure multiparty computation with a dishonest minority. In the 32nd CRYPTO, pp 663-680, (2012) · Zbl 1296.94082 |
| [5] | Z. Beerliová-Trubíniová, M. Hirt. Perfectly-secure MPC with linear communication complexity. In the 5th TCC, pp 213-230, (2008) · Zbl 1162.94336 |
| [6] | M. Ben-Or, S. Goldwasser, A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In the 20th STOC, pp 1-10, (1988) |
| [7] | S.S. Burra, E. Larraia, J.B. Nielsen, P.S. Nordholt, C. Orlandi, E. Orsini, P. Scholl, N.P. Smart. High performance multi-party computation for binary circuits based on oblivious transfer. ePrint Cryptology Archive, 2015/472. · Zbl 1470.94080 |
| [8] | Canetti, R., Security and composition of multiparty cryptographic protocols, J. Cryptol., 13, 1, 143-202 (2000) · Zbl 0957.68040 · doi:10.1007/s001459910006 |
| [9] | R. Canetti. Universally composable security: a new paradigm for cryptographic protocols. In the 42nd FOCS, pp 136-145, (2001) |
| [10] | D. Chaum, C. Crépeau, I. Damgård. Multi-party unconditionally secure protocols. In the 20th STOC, pp 11-19, (1988) |
| [11] | K. Chida, D. Genkin, K. Hamada, D. Ikarashi, R. Kikuchi, Y. Lindell, A. Nof. Fast large-scale honest-majority mpc for malicious adversaries. In the 38th CRYPTO, pp 34-64, (2018) · Zbl 1446.94118 |
| [12] | R. Cleve. Limits on the security of coin flips when half the processors are faulty. In the 18th STOC, pp 364-369, (1986) |
| [13] | R. Cramer, I. Damgård, Y. Ishai, Share conversion, pseudorandom secret-sharing and applications to secure computation. In TCC 2005, pp 342-362, (2005) · Zbl 1079.94541 |
| [14] | I. Damgård, Y. Ishai. Scalable secure multiparty computation. In the 26th CRYPTO, pp 501-520, (2006) · Zbl 1161.94394 |
| [15] | I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, N.P. Smart. Practical covertly secure MPC for dishonest majority - or: breaking the SPDZ limits. In the 18th ESORICS, pp 1-18, (2013) · Zbl 1406.94041 |
| [16] | I. Damgård, J. Nielsen. Scalable and unconditionally secure multiparty computation. In the 27th CRYPTO, pp 572-590, (2007) · Zbl 1215.94041 |
| [17] | I. Damgård, V. Pastro, N.P. Smart, S. Zakarias. Multiparty computation from somewhat homomorphic encryption. In the 32nd CRYPTO, pp 643-662, (2012) · Zbl 1296.94104 |
| [18] | D. Genkin, Y. Ishai, M. Prabhakaran, A. Sahai, E. Tromer. Circuits resilient to additive attacks with applications to secure computation. In STOC 2014, pp 495-504, (2014) · Zbl 1315.94073 |
| [19] | D. Genkin, Y. Ishai, A. Polychroniadou. Efficient multi-party computation: from passive to active security via secure SIMD circuits. In the 35th CRYPTO, pp 721-741, (2015) · Zbl 1352.94037 |
| [20] | M. Hirt, J.B. Nielsen. Robust multiparty computation with linear communication complexity. In the 26th CRYPTO, pp 463-482, (2006) · Zbl 1129.94307 |
| [21] | O. Goldreich, S. Micali, A. Wigderson. How to play any mental game. In the 19th STOC, pp 218-229, (1987) |
| [22] | S. Goldwasser, L. Levin. Fair computation of general functions in presence of immoral majority. In the 10th CRYPTO, pp 77-93, (1990) · Zbl 0800.68459 |
| [23] | Goldreich, O., Foundations of Cryptography: Basic Applications (2004), Cambridge: Cambridge University Press, Cambridge · Zbl 1068.94011 · doi:10.1017/CBO9780511721656 |
| [24] | Goldwasser, S.; Lindell, Y., Secure computation without agreement, J. Cryptol., 18, 3, 247-287 (2005) · Zbl 1102.68472 · doi:10.1007/s00145-005-0319-z |
| [25] | V. Goyal, Y. Liu, Y. Song. Communication-efficient unconditional MPC with guaranteed output delivery. In the 39th CRYPTO, pp 85-114, (2019) · Zbl 1478.68093 |
| [26] | V. Goyal, Y. Song, C. Zhu, Guaranteed output delivery comes free in honest majority MPC. In the 40th CRYPTO, pp 618-646, (2020) · Zbl 1504.94143 |
| [27] | M. Keller, E. Orsini, P. Scholl, MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In the 23rd ACM CCS, pp 830-842, (2016) |
| [28] | M. Keller, V. Pastro, D. Rotaru, Overdrive: making SPDZ great again. In the 37th EUROCRYPT, pp 158-189, (2018) · Zbl 1415.94446 |
| [29] | Kushilevitz, E.; Lindell, Y.; Rabin, T., Information-theoretically secure protocols and security under composition, SIAM J. Comput., 39, 5, 2090-2112 (2010) · Zbl 1202.94185 · doi:10.1137/090755886 |
| [30] | Y. Lindell, A. Nof. A framework for constructing fast MPC over arithmetic circuits with malicious adversaries and an honest-majority. In the ACM CCS 2017, pp 259-276, (2017) |
| [31] | Y. Lindell, B. Pinkas. Secure two-party computation via cut-and-choose oblivious transfer. In the 8th TCC, pp 329-346, (2011) · Zbl 1281.94037 |
| [32] | P. Mohassel, M. Rosulek, Y. Zhang. Fast and secure three-party computation: the garbled circuit approach. In the 22nd ACM CCS, pp 591-602, (2015) |
| [33] | J.B. Nielsen, P.S. Nordholt, C. Orlandi, S.S. Burra. A new approach to practical active-secure two-party computation. In the 32nd CRYPTO, pp 681-700, (2012) · Zbl 1296.94134 |
| [34] | P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT’ 99, pp 223-238, (1999) · Zbl 0933.94027 |
| [35] | T. Rabin, M. Ben-Or. Verifiable secret sharing and multi-party protocols with honest majority. In the 21st STOC, pp 73-85, (1989) |
| [36] | Shamir, A., How to share a secret, Commun. ACM, 22, 11, 612-613 (1979) · Zbl 0414.94021 · doi:10.1145/359168.359176 |
| [37] | I. Damgård, M. Geisler, M. Krøigaard, J.B.Nielsen. Asynchronous multiparty computation: theory and implementation. In the 12th PKC, pp 160-179, (2009) · Zbl 1227.68014 |
| [38] | A. Yao. How to generate and exchange secrets. In the 27th FOCS, pp 162-167, (1986) |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
