A New Approach to Practical Active-Secure Two-Party Computation

Nielsen, Jesper Buus; Nordholt, Peter Sebastian; Orlandi, Claudio; Burra, Sai Sheshank

doi:10.1007/978-3-642-32009-5_40

Cited by 283 publications

(287 citation statements)

References 29 publications

Supporting

Mentioning

287

Contrasting

Order By: Relevance

“…This approach asymptotically improves the solutions in [20,17], and only requires inexpensive operations in contrast to the solution of [26]. Second, we observe that the solution of [17] to the evaluator's input consistency issue can be improved by combining it with the OT extension of [21] and the Free-XOR technique of [14]. The resulting protocol requires only O(t · max(4n 2 , 8t)) inexpensive operations.…”

Section: Our Contributionsmentioning

confidence: 80%

“…In Table 1, we compare the protocol's complexity with previous constructions. We stress that the efficiency of our protocol relies on the efficient OT extension of [21], which allows one to efficiently extend a small number of OTs to n OTs with the price of only O(n) invocations of a hash function. The protocol of [21] is in the Random Oracle Model (ROM) and our construction inherits the same weakness.…”

Section: Our Contributionsmentioning

confidence: 99%

“…We stress that the efficiency of our protocol relies on the efficient OT extension of [21], which allows one to efficiently extend a small number of OTs to n OTs with the price of only O(n) invocations of a hash function. The protocol of [21] is in the Random Oracle Model (ROM) and our construction inherits the same weakness. (Besides using ROM for the OT-extension of [21], in some of our techniques we show two alternatives: A more efficient instantiation in the ROM, and one without the ROM requirement, which still is more efficient than current techniques.…”

Section: Our Contributionsmentioning

confidence: 99%

“…The protocol of [21] is in the Random Oracle Model (ROM) and our construction inherits the same weakness. (Besides using ROM for the OT-extension of [21], in some of our techniques we show two alternatives: A more efficient instantiation in the ROM, and one without the ROM requirement, which still is more efficient than current techniques. )…”

Section: Our Contributionsmentioning

confidence: 99%

“…[26] shows an implementation of BCOT with a cost of O(mn) expensive operations. Using their construction to implement the seed OTs in the OT-extension of [21] in the Random Oracle Model results in an alternative protocol that requires only O(s) expensive operations and O(nm) inexpensive ones. However, in the latter construction, the commitments on the sender's inputs cannot be opened separately and one needs to decommit all the inputs at once.…”

Section: Preliminariesmentioning

confidence: 99%

See 4 more Smart Citations

Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation

Mohassel

Riva

2013

Advances in Cryptology – CRYPTO 2013

View full text Add to dashboard Cite

Applying cut-and-choose techniques to Yao's garbled circuit protocol has been a promising approach for designing efficient Two-Party Computation (2PC) with malicious and covert security, as is evident from various optimizations and software implementations in the recent years. We revisit the security and efficiency properties of this popular approach and propose alternative constructions and a new definition that are more suitable for use in practice.• We design an efficient fully-secure 2PC protocol for two-output functions that only requires O(t|C|) symmetric-key operations (with small constant factors, and ignoring factors that are independent of the circuit in use) in the Random Oracle Model, where |C| is the circuit size and t is a statistical security parameter. This is essentially the optimal complexity for protocols based on cut-and-choose, resolving a main question left open by the previous work on the subject. Our protocol utilizes novel techniques for enforcing garbler's input consistency and handling twooutput functions that are more efficient than all prior solutions.• Motivated by the goal of eliminating the all-or-nothing nature of 2PC with covert security (that privacy and correctness are fully compromised if the adversary is not caught in the challenge phase), we propose a new security definition for 2PC that strengthens the guarantees provided by the standard covert model, and offers a smoother security vs. efficiency tradeoff to protocol designers in choosing the right deterrence factor. In our new notion, correctness is always guaranteed, privacy is fully guaranteed with probability (1 − ), and with probability (i.e. the event of undetected cheating), privacy is only "partially compromised" with at most a single bit of information leaked, in case of an abort. We present two efficient 2PC constructions achieving our new notion. Both protocols are competitive with the previous covert 2PC protocols based on cut-and-choose.A distinct feature of the techniques we use in all our constructions is to check consistency of inputs and outputs using new gadgets that are themselves garbled circuits, and to verify validity of these gadgets using multi-stage cut-and-choose openings.

show abstract

Section: Our Contributionsmentioning

confidence: 80%

Section: Our Contributionsmentioning

confidence: 99%

Section: Our Contributionsmentioning

confidence: 99%

Section: Our Contributionsmentioning

confidence: 99%

Section: Preliminariesmentioning

confidence: 99%

See 3 more Smart Citations

Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation

Mohassel

Riva

2013

Advances in Cryptology – CRYPTO 2013

View full text Add to dashboard Cite

show abstract

Secure Multiparty Computation

Lindell¹

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Outsourcing secure two‐party computation as a black box

Carter

Mood

Traynor

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Secure multiparty computation (SMC) offers a technique to preserve functionality and data privacy in mobile applications. Current protocols that make this costly cryptographic construction feasible on mobile devices securely outsource the bulk of the computation to a cloud provider. However, these outsourcing techniques are built on specific secure computation assumptions and tools, and applying new SMC ideas to the outsourced setting requires the protocols to be completely rebuilt and proven secure. In this work, we develop a generic technique for lifting any secure two‐party computation protocol into an outsourced two‐party SMC protocol. By augmenting the function being evaluated with auxiliary consistency checks and input values, we can create an outsourced protocol with low overhead cost. Our implementation and evaluation show that in the best case our outsourcing additions execute within the confidence intervals of two servers running the same computation and consume approximately the same bandwidth. In addition, the mobile device itself uses minimal bandwidth over a single round of communication. This work demonstrates that efficient outsourcing is possible with any underlying SMC scheme and provides an outsourcing protocol that is efficient and directly applicable to current and future SMC techniques. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

A New Approach to Practical Active-Secure Two-Party Computation

Cited by 283 publications

References 29 publications

Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation

Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation

Secure Multiparty Computation

Outsourcing secure two‐party computation as a black box

Contact Info

Product

Resources

About