TY - GEN
T1 - Group-based secure computation
T2 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017
AU - Boyle, Elette
AU - Gilboa, Niv
AU - Ishai, Yuval
N1 - Funding Information:
First author supported by ISF grant 1861/16, AFOSR Award FA9550-17-1-0069, and ERC starting grant 307952. Second author supported by ISF grant 1638/15, a grant by the BGU Cyber Center, the Israeli Ministry Of Science and Technology Cyber Program and by the European Union’s Horizon 2020 ICT program (Mikelangelo project). Third author supported by a DARPA/ARL SAFEWARE award, DARPA Brandeis program under Contract N66001-15-C-4065, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, NSF-BSF grant 2015782, ISF grant 1709/14, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government.
Publisher Copyright:
© International Association for Cryptologic Research 2017.
PY - 2017/1/1
Y1 - 2017/1/1
N2 - A recent work of Boyle et al. (Crypto 2016) suggests that “group-based” cryptographic protocols, namely ones that only rely on a cryptographically hard (Abelian) group, can be surprisingly powerful. In particular, they present succinct two-party protocols for securely computing branching programs and NC1 circuits under the DDH assumption, providing the first alternative to fully homomorphic encryption. In this work we further explore the power of group-based secure computation protocols, improving both their asymptotic and concrete efficiency. We obtain the following results. – Black-box use of group. We modify the succinct protocols of Boyle et al. so that they only make a black-box use of the underlying group, eliminating an expensive non-black-box setup phase. – Round complexity. For any constant number of parties, we obtain 2-round MPC protocols based on a PKI setup under the DDH assumption. Prior to our work, such protocols were only known using fully homomorphic encryption or indistinguishability obfuscation. – Communication complexity. Under DDH, we present a secure 2- party protocol for any NC1 or log-space computation with n input bits and m output bits using n + (1 + o(1))m + poly(λ) bits of communication, where λ is a security parameter. In particular, our protocol can generate n instances of bit-oblivious-transfer using (4 + o(1)) · n bits of communication. This gives the first constant-rate OT protocol under DDH. – Computation complexity. We present several techniques for improving the computational cost of the share conversion procedure of Boyle et al., improving the concrete efficiency of group-based protocols by several orders of magnitude.
AB - A recent work of Boyle et al. (Crypto 2016) suggests that “group-based” cryptographic protocols, namely ones that only rely on a cryptographically hard (Abelian) group, can be surprisingly powerful. In particular, they present succinct two-party protocols for securely computing branching programs and NC1 circuits under the DDH assumption, providing the first alternative to fully homomorphic encryption. In this work we further explore the power of group-based secure computation protocols, improving both their asymptotic and concrete efficiency. We obtain the following results. – Black-box use of group. We modify the succinct protocols of Boyle et al. so that they only make a black-box use of the underlying group, eliminating an expensive non-black-box setup phase. – Round complexity. For any constant number of parties, we obtain 2-round MPC protocols based on a PKI setup under the DDH assumption. Prior to our work, such protocols were only known using fully homomorphic encryption or indistinguishability obfuscation. – Communication complexity. Under DDH, we present a secure 2- party protocol for any NC1 or log-space computation with n input bits and m output bits using n + (1 + o(1))m + poly(λ) bits of communication, where λ is a security parameter. In particular, our protocol can generate n instances of bit-oblivious-transfer using (4 + o(1)) · n bits of communication. This gives the first constant-rate OT protocol under DDH. – Computation complexity. We present several techniques for improving the computational cost of the share conversion procedure of Boyle et al., improving the concrete efficiency of group-based protocols by several orders of magnitude.
UR - http://www.scopus.com/inward/record.url?scp=85018673998&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-56614-6_6
DO - 10.1007/978-3-319-56614-6_6
M3 - Conference contribution
AN - SCOPUS:85018673998
SN - 9783319566139
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 163
EP - 193
BT - Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Coron, Jean-Sebastien
A2 - Nielsen, Jesper Buus
PB - Springer Verlag
Y2 - 30 April 2017 through 4 May 2017
ER -