Non-interactive secure multiparty computation

Amos Beimel, Ariel Gabizon, Yuval Ishai, Eyal Kushilevitz, Sigurd Meldgaard, Anat Paskin-Cherniavsky

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

44 Scopus citations

Abstract

We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,...,x n) is specified by a joint probability distribution R = (R 1,...,Rn) and local encoding functions Enc i(xi,ri), 1 ≤ i ≤ n. Given correlated randomness (r1,...,rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, r i). The messages m1,...,mn can be used to decode f(x1,...,xn). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enci(xi, ri))i∈T together with the randomness (r i)i∈T gives the same information about (x 1i∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x1,...,x n) = x1x2...xn admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:Xn → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity nO(t). For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity nO(w). On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.

Original languageEnglish GB
Title of host publicationAdvances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings
PublisherSpringer Verlag
Pages387-404
Number of pages18
EditionPART 2
ISBN (Print)9783662443804
DOIs
StatePublished - 1 Jan 2014
Event34rd Annual International Cryptology Conference, CRYPTO 2014 - Santa Barbara, CA, United States
Duration: 17 Aug 201421 Aug 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume8617 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference34rd Annual International Cryptology Conference, CRYPTO 2014
Country/TerritoryUnited States
CitySanta Barbara, CA
Period17/08/1421/08/14

Keywords

  • garbling schemes
  • multi-input functional encryption
  • obfuscation
  • private simultaneous messages protocols
  • randomized encoding of functions
  • secure multiparty computation

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)

Fingerprint

Dive into the research topics of 'Non-interactive secure multiparty computation'. Together they form a unique fingerprint.

Cite this