TY - GEN
T1 - Function Secret Sharing for Mixed-Mode and Fixed-Point Secure Computation
AU - Boyle, Elette
AU - Chandran, Nishanth
AU - Gilboa, Niv
AU - Gupta, Divya
AU - Ishai, Yuval
AU - Kumar, Nishant
AU - Rathee, Mayank
N1 - Funding Information:
Acknowledgments. E. Boyle supported by ISF grant 1861/16, AFOSR Award FA9550-17-1-0069, and ERC Project HSS (852952). N. Gilboa supported by ISF grant 2951/20, ERC grant 876110, and a grant by the BGU Cyber Center. Y. Ishai supported by ERC Project NTSC (742754), ISF grant 2774/20, NSF-BSF grant 2015782, and BSF grant 2018393.
Publisher Copyright:
© 2021, International Association for Cryptologic Research.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Boyle et al. (TCC 2019) proposed a new approach for secure computation in the preprocessing model building on function secret sharing (FSS), where a gate g is evaluated using an FSS scheme for the related offset family gr(x) = g(x+ r). They further presented efficient FSS schemes based on any pseudorandom generator (PRG) for the offset families of several useful gates g that arise in “mixed-mode” secure computation. These include gates for zero test, integer comparison, ReLU, and spline functions. The FSS-based approach offers significant savings in online communication and round complexity compared to alternative techniques based on garbled circuits or secret sharing. In this work, we improve and extend the previous results of Boyle et al. by making the following three kinds of contributions: Improved Key Size. The preprocessing and storage costs of the FSS-based approach directly depend on the FSS key size. We improve the key size of previous constructions through two steps. First, we obtain roughly 4 × reduction in key size for Distributed Comparison Function (DCF), i.e., FSS for the family of functions fα,β<(x) that output β if x< α and 0 otherwise. DCF serves as a central building block in the constructions of Boyle et al. Second, we improve the number of DCF instances required for realizing useful gates g. For example, whereas previous FSS schemes for ReLU and m-piece spline required 2 and 2m DCF instances, respectively, ours require only a single instance of DCF in both cases. This improves the FSS key size by 6 - 22 × for commonly used gates such as ReLU and sigmoid.New Gates. We present the first PRG-based FSS schemes for arithmetic and logical shift gates, as well as for bit-decomposition where both the input and outputs are shared over Z2n. These gates are crucial for many applications related to fixed-point arithmetic and machine learning.A Barrier. The above results enable a 2-round PRG-based secure evaluation of “multiply-then-truncate,” a central operation in fixed-point arithmetic, by sequentially invoking FSS schemes for multiplication and shift. We identify a barrier to obtaining a 1-round implementation via a single FSS scheme, showing that this would require settling a major open problem in the area of FSS: namely, a PRG-based FSS for the class of bit-conjunction functions.
AB - Boyle et al. (TCC 2019) proposed a new approach for secure computation in the preprocessing model building on function secret sharing (FSS), where a gate g is evaluated using an FSS scheme for the related offset family gr(x) = g(x+ r). They further presented efficient FSS schemes based on any pseudorandom generator (PRG) for the offset families of several useful gates g that arise in “mixed-mode” secure computation. These include gates for zero test, integer comparison, ReLU, and spline functions. The FSS-based approach offers significant savings in online communication and round complexity compared to alternative techniques based on garbled circuits or secret sharing. In this work, we improve and extend the previous results of Boyle et al. by making the following three kinds of contributions: Improved Key Size. The preprocessing and storage costs of the FSS-based approach directly depend on the FSS key size. We improve the key size of previous constructions through two steps. First, we obtain roughly 4 × reduction in key size for Distributed Comparison Function (DCF), i.e., FSS for the family of functions fα,β<(x) that output β if x< α and 0 otherwise. DCF serves as a central building block in the constructions of Boyle et al. Second, we improve the number of DCF instances required for realizing useful gates g. For example, whereas previous FSS schemes for ReLU and m-piece spline required 2 and 2m DCF instances, respectively, ours require only a single instance of DCF in both cases. This improves the FSS key size by 6 - 22 × for commonly used gates such as ReLU and sigmoid.New Gates. We present the first PRG-based FSS schemes for arithmetic and logical shift gates, as well as for bit-decomposition where both the input and outputs are shared over Z2n. These gates are crucial for many applications related to fixed-point arithmetic and machine learning.A Barrier. The above results enable a 2-round PRG-based secure evaluation of “multiply-then-truncate,” a central operation in fixed-point arithmetic, by sequentially invoking FSS schemes for multiplication and shift. We identify a barrier to obtaining a 1-round implementation via a single FSS scheme, showing that this would require settling a major open problem in the area of FSS: namely, a PRG-based FSS for the class of bit-conjunction functions.
UR - http://www.scopus.com/inward/record.url?scp=85111425730&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-77886-6_30
DO - 10.1007/978-3-030-77886-6_30
M3 - Conference contribution
AN - SCOPUS:85111425730
SN - 9783030778859
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 871
EP - 900
BT - Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Canteaut, Anne
A2 - Standaert, François-Xavier
PB - Springer Science and Business Media Deutschland GmbH
T2 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021
Y2 - 17 October 2021 through 21 October 2021
ER -