TY - GEN
T1 - Efficient Fully Secure Computation via Distributed Zero-Knowledge Proofs
AU - Boyle, Elette
AU - Gilboa, Niv
AU - Ishai, Yuval
AU - Nof, Ariel
N1 - Publisher Copyright:
© 2020, International Association for Cryptologic Research.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - Secure computation protocols enable mutually distrusting parties to compute a function of their private inputs while revealing nothing but the output. Protocols with full security (also known as guaranteed output delivery) in particular protect against denial-of-service attacks, guaranteeing that honest parties receive a correct output. This feature can be realized in the presence of an honest majority, and significant research effort has gone toward attaining full security with good asymptotic and concrete efficiency. We present an efficient protocol for any constant number of parties n, with full security against t< n/ 2 corrupted parties, that makes a black-box use of a pseudorandom generator. Our protocol evaluates an arithmetic circuit C over a finite ring R (either a finite field or R=Z2k) with communication complexity of 3t2t+1S+o(S) R-elements per party, where S is the number of multiplication gates in C (namely, < 1.5 elements per party per gate). This matches the best known protocols for the semi-honest model up to the sublinear additive term. For a small number of parties n, this improves over a recent protocol of Goyal et al. (Crypto 2020) by a constant factor for circuits over large fields, and by at least an Ω(log n) factor for Boolean circuits or circuits over rings. Our protocol provides new methods for applying the distributed zero-knowledge proofs of Boneh et al. (Crypto 2019), which only require logarithmic communication, for compiling semi-honest protocols into fully secure ones in the more challenging case of t> 1 corrupted parties. Our protocol relies on replicated secret sharing to minimize communication and simplify the mechanism for achieving full security. This results in computational cost that scales exponentially with n. Our main protocol builds on a new honest-majority protocol for verifying the correctness of multiplication triples by making a general use of distributed zero-knowledge proofs. While the protocol only achieves the weaker notion of security with abort, it applies to any linear secret-sharing scheme and provides a conceptually simpler, more general, and more efficient alternative to previous protocols from the literature. In particular, it can be combined with the Fiat-Shamir heuristic to simultaneously achieve logarithmic communication complexity and constant round complexity.
AB - Secure computation protocols enable mutually distrusting parties to compute a function of their private inputs while revealing nothing but the output. Protocols with full security (also known as guaranteed output delivery) in particular protect against denial-of-service attacks, guaranteeing that honest parties receive a correct output. This feature can be realized in the presence of an honest majority, and significant research effort has gone toward attaining full security with good asymptotic and concrete efficiency. We present an efficient protocol for any constant number of parties n, with full security against t< n/ 2 corrupted parties, that makes a black-box use of a pseudorandom generator. Our protocol evaluates an arithmetic circuit C over a finite ring R (either a finite field or R=Z2k) with communication complexity of 3t2t+1S+o(S) R-elements per party, where S is the number of multiplication gates in C (namely, < 1.5 elements per party per gate). This matches the best known protocols for the semi-honest model up to the sublinear additive term. For a small number of parties n, this improves over a recent protocol of Goyal et al. (Crypto 2020) by a constant factor for circuits over large fields, and by at least an Ω(log n) factor for Boolean circuits or circuits over rings. Our protocol provides new methods for applying the distributed zero-knowledge proofs of Boneh et al. (Crypto 2019), which only require logarithmic communication, for compiling semi-honest protocols into fully secure ones in the more challenging case of t> 1 corrupted parties. Our protocol relies on replicated secret sharing to minimize communication and simplify the mechanism for achieving full security. This results in computational cost that scales exponentially with n. Our main protocol builds on a new honest-majority protocol for verifying the correctness of multiplication triples by making a general use of distributed zero-knowledge proofs. While the protocol only achieves the weaker notion of security with abort, it applies to any linear secret-sharing scheme and provides a conceptually simpler, more general, and more efficient alternative to previous protocols from the literature. In particular, it can be combined with the Fiat-Shamir heuristic to simultaneously achieve logarithmic communication complexity and constant round complexity.
UR - http://www.scopus.com/inward/record.url?scp=85097875549&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-64840-4_9
DO - 10.1007/978-3-030-64840-4_9
M3 - Conference contribution
AN - SCOPUS:85097875549
SN - 9783030648398
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 244
EP - 276
BT - Advances in Cryptology – ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, 2020, Proceedings
A2 - Moriai, Shiho
A2 - Wang, Huaxiong
PB - Springer Science and Business Media Deutschland GmbH
T2 - 26th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2020
Y2 - 7 December 2020 through 11 December 2020
ER -