Jonathan Katz,Radhika Garg,Xiao Wang,Kang Yang

DOI: https://doi.org/10.1109/SP54263.2024.00106

2024-05-19

Abstract:Protocols for secure multi-party computation (MPC) supporting mixed-mode computation have found a lot of applications in recent years due to their flexibility in representing the function to be evaluated. However, existing mixed-mode MPC protocols are only practical for a small number of parties: they are either tailored to the case of two/three parties, or scale poorly for a large number of parties.In this paper, we design and implement a new system for highly efficient and scalable mixed-mode MPC tolerating an arbitrary number of semi-honest corruptions. Our protocols allow secret data to be represented in Encrypted, Boolean, Arithmetic, or Yao form, and support efficient conversions between these representations.1)We design a multi-party table-lookup protocol, where both the index and the table can be kept private. The protocol is scalable even with hundreds of parties.2)Using the above protocol, we design efficient conversions between additive arithmetic secret sharings and Boolean secret sharings for a large number of parties. For 32 parties, our conversion protocols require 1184× to 8141× less communication compared to the state-of-the-art protocols MOTION and MP-SPDZ; this leads to up to 1275× improvement in running time under 1 Gbps network. The improvements are even larger with more parties.3)We also use new protocols to design an efficient multi-party distributed garbling protocol. The protocol could achieve asymptotically constant communication per party.Our implementation will be made public.

Computer Science

Sven Laur,Jan Willemson,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-24861-0_18

2011-01-01

Abstract:Most of the multi-party computation frameworks can be viewed as oblivious databases where data is stored and processed in a secret-shared form. However, data manipulation in such databases can be slow and cumbersome without dedicated protocols for certain database operations. In this paper, we provide efficient protocols for oblivious selection, filtering and shuffle essential tools in privacy-preserving data analysis. As the first contribution, we present a 1-out-of-n oblivious transfer protocol with 0(log log n) rounds, which achieves optimal communication and time complexity and works over any ring Z(N). Secondly, we show how to construct round-efficient shuffle protocols with optimal asymptotic computation complexity and provide several optimizations.

Hongqing Liu,Chaoping Xing,Yanjiang Yang,Chen Yuan

DOI: https://doi.org/10.1007/978-981-99-8721-4_7

2023-01-01

Abstract:Beerliova-Trubiniova and Hirt introduced hyper-invertible matrix technique to construct the first perfectly secure MPC protocol in the presence of maximal malicious corruptions left perpendicular n-1/3 right perpendicular with linear communication complexity per multiplication gate [5]. This matrix allows MPC protocol to generate correct shares of uniformly random secrets in the presence of malicious adversary. Moreover, the amortized communication complexity of generating each sharing is linear. Due to this prominent feature, the hyper-invertible matrix plays an important role in the construction of MPC protocol and zero-knowledge proof protocol where the randomness needs to be jointly generated. However, the downside of this matrix is that the size of its base field is linear in the size of its matrix. This means if we construct an n-party MPC protocol over F-q via hyper-invertible matrix, q is at least 2n. In this paper, we propose the ramp hyper-invertible matrix which can be seen as the generalization of hyper-invertible matrix. Our ramp hyper-invertible matrix can be defined over constant-size field regardless of the size of this matrix. Similar to the arithmetic secret sharing scheme, to apply our ramp hyper-invertible matrix to perfectly secure MPC protocol, the maximum number of corruptions has to be compromised to (1-epsilon)n/3. As a consequence, we present the first perfectly secure MPC protocol in the presence of (1-epsilon)n/3 malicious corruptions with constant communication complexity. Besides presenting the variant of hyper-invertible matrix, we overcome several obstacles in the construction of this MPC protocol. Our arithmetic secret sharing scheme over constant-size field is compatible with the player elimination technique, i.e., it supports the dynamic changes of party number and corrupted party number. Moreover, we rewrite the public reconstruction protocol to support the sharings over constant-size field. Putting these together leads to the constant-size field variant of celebrated MPC protocol in [5]. We note that although it was widely acknowledged that there exists an MPC protocol with constant communication complexity by replacing Shamir secret sharing scheme with arithmetic secret sharing scheme, there is no reference seriously describing such protocol in detail. Our work fills the missing detail by providing MPC primitive for any applications relying on MPC protocol of constant communication complexity. As an application of our perfectly secure MPC protocol which implies perfect robustness in the MPC-in-the-Head framework, we present the constant-rate zero-knowledge proof with 3 communication rounds. The previous work achieves constant-rate with 5 communication rounds [32] due to the statistical robustness of their MPC protocol. Another application of our ramp hyper-invertible matrix is the information-theoretic multi-verifier zero-knowledge for circuit satisfiability [44]. We manage to remove the dependence of the size of circuit and security parameter from the share size.

Josep Domingo-Ferrer,Jesús Manjón

DOI: https://doi.org/10.48550/arXiv.2112.15001

2021-12-30

Abstract:Multiparty computation (MPC) consists in several parties engaging in joint computation in such a way that each party's input and output remain private to that party. Whereas MPC protocols for specific computations have existed since the 1980s, only recently general-purpose compilers have been developed to allow MPC on arbitrary functions. Yet, using today's MPC compilers requires substantial programming effort and skill on the user's side, among other things because nearly all compilers translate the code of the computation into a Boolean or arithmetic circuit. In particular, the circuit representation requires unrolling loops and recursive calls, which forces programmers to (often manually) define loop bounds and hardly use recursion. We present an approach allowing MPC on an arbitrary computation expressed as ordinary code with all functionalities that does not need to be translated into a circuit. Our notion of input and output privacy is predicated on unlinkability. Our method leverages co-utile computation outsourcing using anonymous channels via decentralized reputation, makes a minimalistic use of cryptography and does not require participants to be honest-but-curious: it works as long as participants are rational (self-interested), which may include rationally malicious peers (who become attackers if this is advantageous to them). We present example applications, including e-voting. Our empirical work shows that reputation captures well the behavior of peers and ensures that parties with high reputation obtain correct results.

Cryptography and Security

Ignacio Cascudo,Ronald Cramer,Chaoping Xing,Chen Yuan

DOI: https://doi.org/10.1007/978-3-319-96878-0_14

2018-01-01

Abstract:A fundamental and widely-applied paradigm due to Franklin and Yung (STOC 1992) on Shamir-secret -sharing based general n-player MPC shows how one may trade the adversary threshold t against amortized communication complexity, by using a so-called packed version of Shamir's scheme. For e.g. the BGW-protocol (with active security), this trade-off means that if t 2k 2 < n/3, then k parallel evaluations of the same arithmetic circuit on different inputs can be performed at the overall cost corresponding to a single BGW-execution. In this paper we propose a novel paradigm for amortized MPC that offers a different trade-off, namely with the size of the field of the circuit which is securely computed, instead of the adversary threshold. Thus, unlike the Franklin-Yung paradigm, this leaves the adversary threshold unchanged. Therefore, for instance, this paradigm may yield constructions enjoying the maximal adversary threshold L(n 1)/3] in the BGWmodel (secure channels, perfect security, active adversary, synchronous communication). Our idea is to compile an MPC for a circuit over an extension field to a parallel MPC of the same circuit but with inputs defined over its base field and with the same adversary threshold. Key technical handles are our notion of reverse multiplication-friendly embeddings (RMFE) and our proof, by algebraic -geometric means, that these are constant-rate, as well as efficient auxiliary protocols for creating "subspace-randomness" with good amortized complexity. In the BGW-model, we show that the latter can be constructed by combining our tensored-up linear secret sharing with protocols based on hyper-invertible matrices a la BeerliovaHirt (or variations thereof). Along the way, we suggest alternatives for hyper-invertible matrices with the same functionality but which can be defined over a large enough constant size field, which we believe is of independent interest. As a demonstration of the merits of the novel paradigm, we show that, in the BGW-model and with an optimal adversary threshold L(n 1)/3], it is possible to securely compute a binary circuit with amortized complexity 0(n) of bits per gate per instance. Known results would given log n bits instead. By combining our result with the Franklin-Yung paradigm, and assuming a sub-optimal adversary (i.e., an arbitrarily small > 0 fraction below 1/3), this is improved to 0(1) bits instead of 0(n).

Mark Abspoel,Ronald Cramer,Ivan Damgård,Daniel Escudero,Matthieu Rambaud,Chaoping Xing,Chen Yuan

DOI: https://doi.org/10.1007/978-3-030-64840-4_6

2020-01-01

Abstract:We study information-theoretic multiparty computation (MPC) protocols over rings Z / p k Z that have good asymptotic communication complexity for a large number of players. An important ingredient for such protocols is arithmetic secret sharing, i.e., linear secret-sharing schemes with multiplicative properties. The standard way to obtain these over fields is with a family of linear codes C , such that C , C ⊥ and C 2 are asymptotically good (strongly multiplicative). For our purposes here it suffices if the square code C 2 is not the whole space, i.e., has codimension at least 1 (multiplicative). Our approach is to lift such a family of codes defined over a finite field F to a Galois ring, which is a local ring that has F as its residue field and that contains Z / p k Z as a subring, and thus enables arithmetic that is compatible with both structures. Although arbitrary lifts preserve the distance and dual distance of a code, as we demonstrate with a counterexample, the multiplicative property is not preserved. We work around this issue by showing a dedicated lift that preserves self-orthogonality (as well as distance and dual distance), for p ≥ 3 . Self-orthogonal codes are multiplicative, therefore we can use existing results of asymptotically good self-dual codes over fields to obtain arithmetic secret sharing over Galois rings. For p = 2 we obtain multiplicativity by using existing techniques of secret-sharing using both C and C ⊥ , incurring a constant overhead. As a result, we obtain asymptotically good arithmetic secret-sharing schemes over Galois rings. With these schemes in hand, we extend existing field-based MPC protocols to obtain MPC over Z / p k Z , in the setting of a submaximal adversary corrupting less than a fraction 1 / 2 - ε of the players, where ε > 0 is arbitrarily small. We consider 3 different corruption models. For passive and active security with abort, our protocols communicate O ( n ) bits per multiplication. For full security with guaranteed output delivery we use a preprocessing model and get O ( n ) bits per multiplication in the online phase and O ( n log n ) bits per multiplication in the offline phase. Thus, we obtain true linear bit complexities, without the common assumption that the ring size depends on the number of players.

Yun Luo,Yuling Chen,Tao Li,Yilei Wang

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00080

2022-01-01

Abstract:Many distributed interaction scenarios exist in big data networks, which require joint computation in different environments. In the traditional secure multiparty computation(SMPC), there exist constant rounds or even more rounds of interaction, which greatly increases the communication overhead. In this paper, we address the problem of optimizing the complexity of rounds by constructing a secure computation protocol that achieves semi-honest static security based on a polynomial puzzle assumption. The multiparty interactive computation is performed using multilinear maps operation, and the obtained results are transmitted over the broadcast channel. The security analysis shows that the protocol achieves static security.

Daniel Escudero,Eduardo Soria-Vazquez

DOI: https://doi.org/10.1007/978-3-030-84245-1_12

2021-01-01

Abstract:We construct the first efficient, unconditionally secure MPC protocol that only requires black-box access to a non-commutative ring R. Previous results in the same setting were efficient only either for a constant number of corruptions or when computing branching programs and formulas. Our techniques are based on a generalization of Shamir’s secret sharing to non-commutative rings, which we derive from the work on Reed Solomon codes by Quintin, Barbier and Chabot (IEEE Transactions on Information Theory, 2013). When the center of the ring contains a set A={α0,…,αn}documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$A = {alpha _0, ldots , alpha _n}$$end{document} such that ∀i≠j,αi-αj∈R∗documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$forall i e j, alpha _i ,-, alpha _j in R^*$$end{document}, the resulting secret sharing scheme is strongly multiplicative and we can generalize existing constructions over finite fields without much trouble.Most of our work is devoted to the case where the elements of A do not commute with all of R, but they just commute with each other. For such rings, the secret sharing scheme cannot be linear “on both sides” and furthermore it is not multiplicative. Nevertheless, we are still able to build MPC protocols with a concretely efficient online phase and black-box access to R. As an example we consider the ring Mm×m(Z/2kZ)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathcal {M}_{m imes m}(mathbb {Z}/2^kmathbb {Z})$$end{document}, for which when m&gt;log(n+1)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$m &gt; log (n+1)$$end{document}, we obtain protocols that require around ⌈log(n+1)⌉/2documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$lceil log (n+1) ceil /2$$end{document} less communication and 2⌈log(n+1)⌉documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$2lceil log (n+1) ceil $$end{document} less computation than the state of the art protocol based on Circuit Amortization Friendly Encodings (Dalskov, Lee and Soria-Vazquez, ASIACRYPT 2020).In this setting with a “less commutative” A, our black-box preprocessing phase has a less practical complexity of poly(n)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathsf {poly}(n)$$end{document}. We fix this by additionally providing specialized, concretely efficient preprocessing protocols for Mm×m(Z/2kZ)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathcal {M}_{m imes m}(mathbb {Z}/2^kmathbb {Z})$$end{document} that exploit the structure of the matrix ring.

Yehuda Lindell

Abstract:. Protocols for secure multiparty computation (MPC) enable a set of parties to interact and compute a joint function of their private inputs while revealing nothing but the output. The potential applications for MPC are huge: privacy-preserving auctions, private DNA comparisons, private machine learning, threshold cryptography, and more. Due to this, MPC has been an intensive topic of research in academia ever since it was introduced in the 1980s by Yao for the two-party case (FOCS 1986), and by Goldreich, Micali and Wigderson for the multiparty case (STOC 1987). Recently, MPC has become efficient enough to be used in practice, and has made the transition from an object of theoretical study to a technology being used in industry. In this article, we will review what MPC is, what problems it solves, and how it is being currently used. We note that the examples and references brought in this review article are far from comprehensive, and due to the lack of space many highly relevant works are not cited.

Computer Science

Danupon Nanongkai,Michele Scquizzato

DOI: https://doi.org/10.1007/s00446-021-00418-2

Abstract:The Massively Parallel Computation (MPC) model serves as a common abstraction of many modern large-scale data processing frameworks, and has been receiving increasingly more attention over the past few years, especially in the context of classical graph problems. So far, the only way to argue lower bounds for this model is to condition on conjectures about the hardness of some specific problems, such as graph connectivity on promise graphs that are either one cycle or two cycles, usually called the one cycle versus two cycles problem. This is unlike the traditional arguments based on conjectures about complexity classes (e.g., P ≠ NP ), which are often more robust in the sense that refuting them would lead to groundbreaking algorithms for a whole bunch of problems. In this paper we present connections between problems and classes of problems that allow the latter type of arguments. These connections concern the class of problems solvable in a sublogarithmic amount of rounds in the MPC model, denoted by MPC ( o ( log N ) ) , and the standard space complexity classes L and NL , and suggest conjectures that are robust in the sense that refuting them would lead to many surprisingly fast new algorithms in the MPC model. We also obtain new conditional lower bounds, and prove new reductions and equivalences between problems in the MPC model. Specifically, our main results are as follows.Lower bounds conditioned on the one cycle versus two cycles conjecture can be instead argued under the L ⊈ MPC ( o ( log N ) ) conjecture: these two assumptions are equivalent, and refuting either of them would lead to o ( log N ) -round MPC algorithms for a large number of challenging problems, including list ranking, minimum cut, and planarity testing. In fact, we show that these problems and many others require asymptotically the same number of rounds as the seemingly much easier problem of distinguishing between a graph being one cycle or two cycles.Many lower bounds previously argued under the one cycle versus two cycles conjecture can be argued under an even more robust (thus harder to refute) conjecture, namely NL ⊈ MPC ( o ( log N ) ) . Refuting this conjecture would lead to o ( log N ) -round MPC algorithms for an even larger set of problems, including all-pairs shortest paths, betweenness centrality, and all aforementioned ones. Lower bounds under this conjecture hold for problems such as perfect matching and network flow.

Ronald Cramer,Ivan Damgård,Daniel Escudero,Peter Schöll,Chaoping Xing

DOI: https://doi.org/10.1007/978-3-319-96881-0_26

2018-01-01

Abstract:Most multi-party computation protocols allow secure computation of arithmetic circuits over a finite field, such as the integers modulo a prime. In the more natural setting of integer computations modulo $$2^{k}$$ , which are useful for simplifying implementations and applications, no solutions with active security are known unless the majority of the participants are honest. We present a new scheme for information-theoretic MACs that are homomorphic modulo $$2^k$$ , and are as efficient as the well-known standard solutions that are homomorphic over fields. We apply this to construct an MPC protocol for dishonest majority in the preprocessing model that has efficiency comparable to the well-known SPDZ protocol (Damgård et al., CRYPTO 2012), with operations modulo $$2^k$$ instead of over a field. We also construct a matching preprocessing protocol based on oblivious transfer, which is in the style of the MASCOT protocol (Keller et al., CCS 2016) and almost as efficient.

Ronald Cramer,Ivan Damgård,Daniel Escudero,Peter Scholl,Chaoping Xing

DOI: https://doi.org/10.1007/978-3-319-96881-0_26

2018-01-01

Abstract:Most multi-party computation protocols allow secure computation of arithmetic circuits over a finite field, such as the integers modulo a prime. In the more natural setting of integer computations modulo , which are useful for simplifying implementations and applications, no solutions with active security are known unless the majority of the participants are honest. We present a new scheme for information-theoretic MACs that are homomorphic modulo , and are as efficient as the well-known standard solutions that are homomorphic over fields. We apply this to construct an MPC protocol for dishonest majority in the preprocessing model that has efficiency comparable to the well-known SPDZ protocol (Damgård et al., CRYPTO 2012), with operations modulo instead of over a field. We also construct a matching preprocessing protocol based on oblivious transfer, which is in the style of the MASCOT protocol (Keller et al., CCS 2016) and almost as efficient.

Zengxiang Li,Chutima Kitcharoenpaisan,Phond Phunchongharn,Yechao Yang,Rick Siow Mong Goh,Yusen Li

DOI: https://doi.org/10.1109/ICPADS47876.2019.00154

2019-01-01

Abstract:Secure Multi-Party Computation (MPC) is a promising privacy-preserving technology to enable multiple trustless parties to compute a function jointly without revealing private inputs to each other. With the fast development of MPC protocols, software implementation, and underlying computation infrastructure, MPC has developed from purely theoretical interest to tangible platform implementations for real-world applications. In this paper, we investigate multiple mechanisms to design efficient MPC algorithms by avoiding costly MPC operations and leveraging parallel operations. In order to speed up database table searching, a machine learning-based approach is proposed to completely avoid equality-check operations, playing the trade-off between efficiency and accuracy. According to our experimental results, a well-designed MPC algorithm could improve performance and scalability significantly, and thus make MPC technology practicable.

Lorenzo Grassi

DOI: https://doi.org/10.46586/tosc.v2023.i2.94-131

2023-06-16

IACR Transactions on Symmetric Cryptology

Abstract:Motivated by new applications such as secure Multi-Party Computation (MPC), Fully Homomorphic Encryption (FHE), and Zero-Knowledge proofs (ZK), many MPC-, FHE- and ZK-friendly symmetric-key primitives that minimize the< number of multiplications over Fp for a large prime p have been recently proposed in the literature. These symmetric primitives are usually defined via invertible functions, including (i) Feistel and Lai-Massey schemes and (ii) SPN constructions instantiated with invertible non-linear S-Boxes. However, the “invertibility” property is actually never required in any of the mentioned applications.In this paper, we discuss the possibility to set up MPC-/FHE-/ZK-friendly symmetric primitives instantiated with non-invertible bounded surjective functions. In contrast to one-to-one functions, each output of a l-bounded surjective function admits at most l pre-images. The simplest example is the square map x → x2 over Fp for a prime p ≥ 3, which is (obviously) 2-bounded surjective. When working over Fnp for n ≥ 2, we set up bounded surjective functions by re-considering the recent results proposed by Grassi, Onofri, Pedicini and Sozzi at FSE/ToSC 2022 as starting points. Given a quadratic local map F : Fmp → Fp for m ∈ {1, 2, 3}, they proved that the shift-invariant non-linear function over Fnp defined as SF (x0, x1, . . . , xn−1) = y0∥y1∥ . . . ∥yn−1 where yi := F(xi, xi+1) is never invertible for any n ≥ 2 · m − 1. Here, we prove that • the quadratic function F : Fmp → Fp for m ∈ {1, 2} that minimizes the probability of having a collision for SF over Fnp is of the form F(x0, x1) = x20 + x1 (or equivalent);• the function SF over Fnp defined as before via F(x0, x1) = x20 +x1 (or equivalent) is 2n-bounded surjective.As concrete applications, we propose modified versions of the MPC-friendly schemes MiMC, HadesMiMC, and (partially of) Hydra, and of the FHE-friendly schemes Masta, Pasta, and Rubato. By instantiating them with the bounded surjective quadratic functions proposed in this paper, we are able to improve the security and/or the performances in the target applications/protocols.

English Else

Ronald Cramer,Ivan Damgård,Daniel Escudero,Peter Scholl,Chaoping Xing

DOI: https://doi.org/10.1007/978-3-319-96881-0_26

2018-01-01

Abstract:Most multi-party computation protocols allow secure computation of arithmetic circuits over a finite field, such as the integers modulo a prime. In the more natural setting of integer computations modulo 2(k), which are useful for simplifying implementations and applications, no solutions with active security are known unless the majority of the participants are honest. We present a new scheme for information-theoretic MACs that are homomorphic modulo 2(k), and are as efficient as the well-known standard solutions that are homomorphic over fields. We apply this to construct an MPC protocol for dishonest majority in the preprocessing model that has efficiency comparable to the well-known SPDZ protocol (Damgard et al., CRYPTO 2012), with operations modulo 2(k) instead of over a field. We also construct a matching preprocessing protocol based on oblivious transfer, which is in the style of the MASCOT protocol (Keller et al., CCS 2016) and almost as efficient.

Sanket Kanjalkar,Ye Zhang,Shreyas Gandlur,Andrew Miller

DOI: https://doi.org/10.48550/arXiv.2107.04248

2021-07-09

Abstract:In recent years, multiparty computation as a service (MPCaaS) has gained popularity as a way to build distributed privacy-preserving systems. We argue that for many such applications, we should also require that the MPC protocol is publicly auditable, meaning that anyone can check the given computation is carried out correctly -- even if the server nodes carrying out the computation are all corrupt. In a nutshell, the way to make an MPC protocol auditable is to combine an underlying MPC protocol with verifiable computing proof (in particular, a SNARK). Building a general-purpose MPCaaS from existing constructions would require us to perform a costly "trusted setup" every time we wish to run a new or modified application. To address this, we provide the first efficient construction for auditable MPC that has a one-time universal setup. Despite improving the trusted setup, we match the state-of-the-art in asymptotic performance: the server nodes incur a linear computation overhead and constant round communication overhead compared to the underlying MPC, and the audit size and verification are logarithmic in the application circuit size. We also provide an implementation and benchmarks that support our asymptotic analysis in example applications. Furthermore, compared with existing auditable MPC protocols, besides offering a universal setup our construction also has a 3x smaller proof, 3x faster verification time and comparable prover time.

Cryptography and Security

Yun Luo,Yuling Chen,Tao Li,Yilei Wang,Yixian Yang

DOI: https://doi.org/10.1109/dasc-picom-cbdcom-cyberscitech52372.2021.00061

2021-01-01

Abstract:Secure multi-party computation(SMPC) is an important research field in cryptography, secure multi-party computation has a wide range of applications in practice. Accordingly, information security issues have arisen. Aiming at security issues in Secure multi-party computation, we consider that semihonest participants have malicious operations such as collusion in the process of information interaction, gaining an information advantage over honest parties through collusion which leads to deviations in the security of the protocol. To solve this problem, we combine information entropy to propose an nround information exchange protocol, in which each participant broadcasts a relevant information value in each round without revealing additional information. Through the change of the uncertainty of the correct result value in each round of interactive information, each participant cannot determine the correct result value before the end of the protocol. Security analysis shows that our protocol guarantees the security of the output obtained by the participants after the completion of the protocol.

Jeff Giliberti,Zahra Parsaeian

2024-10-21

Abstract:We study the deterministic complexity of the $2$-Ruling Set problem in the model of Massively Parallel Computation (MPC) with linear and strongly sublinear local memory. Linear MPC: We present a constant-round deterministic algorithm for the $2$-Ruling Set problem that matches the randomized round complexity recently settled by Cambus, Kuhn, Pai, and Uitto [DISC'23], and improves upon the deterministic $O(\log \log n)$-round algorithm by Pai and Pemmaraju [PODC'22]. Our main ingredient is a simpler analysis of CKPU's algorithm based solely on bounded independence, which makes its efficient derandomization possible. Sublinear MPC: We present a deterministic algorithm that computes a $2$-Ruling Set in $\tilde O(\sqrt{\log n})$ rounds deterministically. Notably, this is the first deterministic ruling set algorithm with sublogarithmic round complexity, improving on the $O(\log \Delta + \log \log^* n)$-round complexity that stems from the deterministic MIS algorithm of Czumaj, Davies, and Parter [TALG'21]. Our result is based on a simple and fast randomness-efficient construction that achieves the same sparsification as that of the randomized $\tilde O(\sqrt{\log n})$-round LOCAL algorithm by Kothapalli and Pemmaraju [FSTTCS'12].

Data Structures and Algorithms,Distributed, Parallel, and Cluster Computing

Mariya Georgieva Belorgey,Sergiu Carpov,Kevin Deforth,Dimitar Jetchev,Abson Sae-Tang,Marius Vuille,Nicolas Gama,Jon Katz,Iraklis Leontiadis,Mohsen Mohammadi

DOI: https://doi.org/10.1007/s00145-023-09464-4

2023-07-12

Journal of Cryptology

Abstract:We propose a novel framework, , for multiparty computations, with full threshold and semi-honest security model, supporting a combination of real number arithmetic (arithmetic shares), Boolean arithmetic (Boolean shares) and garbled circuits (Yao shares). In contrast to prior work (Mohassel and Zhang, in 2017 IEEE symposium on security and privacy (SP), 2017; Mohassel and Rindal, in Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, 2018), mitigates overflows, which is of paramount importance for machine learning applications, without compromising efficiency or security. Compared to other overflow-free recent techniques such as MP-SPDZ (Escudero et al., in 40th annual international cryptology conference, CRYPTO. Lecture notes in computer science, 2020) that convert arithmetic to Boolean shares, uses an efficient modular lifting/truncation method that allows for scalable high numerical precision computations with optimal numerical windows and hence, highly efficient online phases. We adapt basic MPC operations such as real-valued polynomial evaluation, division, logarithms, exponentials, Fourier series evaluations and oblivious comparisons to by employing our modular lift in combination with existing efficient conversions between arithmetic, Boolean and Yao shares. We also describe a highly scalable computations of logistic regression models with real-world training data sizes and high numerical precision through PCA and blockwise variants (for memory and runtime optimizations) based on second-order optimization techniques. On a dataset of 50 M samples and 50 features distributed among two players, the online phase completes in 14.5 h with at least 10 decimal digits of precision compared to plaintext training. The setup phase of is supported in both the trusted dealer and the interactive models allowing for tradeoffs between efficiency and stronger security. The highly efficient online phase makes the framework particularly suitable for MPC applications where the output of the setup phase is part of the input of the protocol (such as MPC-in-the-head or Prio ).

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Yun Luo,Yuling Chen,Tao Li,Yilei Wang,Yixian Yang,Xiaomei Yu

DOI: https://doi.org/10.4018/joeuc.306752

2022-01-01

Journal of Organizational and End User Computing

Abstract:Data interaction scenarios involving multiple parties in network communities have problems of trust, data security, and reliability of the parties, and secure multiparty computation(SMPC) can effectively solve these problems. To address the security and fairness issues of SMPC, this study considers that semi-honest participants can lead to deviations in the security and fairness of the protocol, and combines information entropy and mutual information to present an n-round information exchange protocol in which each participant broadcasts a relevant information value in each round without revealing other information. The uncertainty of the correct outcome value is blurred by the interaction information in each round, and each participant is not sure of the correct outcome value until the end of the protocol, which effectively prevents malicious behavior and ensures the correct execution of the protocol. Security and fairness analysis shows that our protocol guarantees the security and relative fairness of the output obtained by the participants after completing the protocol.