Broadcast-Optimal Two-Round MPC

Cohen, Ran; Garay, Juan A.; Zikas, Vassilis

doi:10.1007/978-3-030-45724-2_28

Cited by 19 publications

(6 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The paper by Damgård et al [48] described an interesting approach to work on two-round broadcast MPC with minimal setup. It would be interesting to observe how we can modify the designed V-zkHawk broadcast two-round MPC method with said method [48] as well as other two-round broadcast optimal methods [49,50]. We can further improve the security of our protocol by extending it to work for adaptive adversaries [51].…”

Section: Discussionmentioning

confidence: 99%

Multiverse of HawkNess: A Universally-Composable MPC-Based Hawk Variant

Banerjee

Tewari

2022

Cryptography

View full text Add to dashboard Cite

The evolution of smart contracts in recent years inspired a crucial question: do smart contract evaluation protocols provide the required level of privacy when executing contracts on the blockchain? The Hawk (IEEE S&P ’16) paper introduces a way to solve the problem of privacy in smart contracts by evaluating the contracts off-chain, albeit with the trust assumption of a manager. To avoid the partially trusted manager altogether, a novel approach named zkHawk (IEEE BRAINS ’21) explains how we can evaluate the contracts privately off-chain using a multi-party computation (MPC) protocol instead of trusting said manager. This paper dives deeper into the detailed construction of a variant of the zkHawk protocol titled V-zkHawk using formal proofs to construct the said protocol and model its security in the universal composability (UC) framework (FOCS ’01). The V-zkHawk protocol discussed here does not support immediate closure, i.e., all the parties (n) have to send a message to inform the blockchain that the contract has been executed with corruption allowed for up to t parties, where t<n. In the most quintessential sense, the V-zkHawk is a variant because the outcome of the protocol is similar (i.e., execution of smart contract via an MPC function evaluation) to zkHawk, but we modify key aspects of the protocol, essentially creating a small trade-off (removing immediate closure) to provide UC (stronger) security. The V-zkHawk protocol leverages joint Schnorr signature schemes, encryption schemes, Non-Interactive Zero-Knowledge Proofs (NIZKs), and commitment schemes with Common Reference String (CRS) assumptions, MPC function evaluations, and assumes the existence of asynchronous, authenticated broadcast channels. We achieve malicious security in a dishonest majority setting in the UC framework.

show abstract

Section: Discussionmentioning

confidence: 99%

Multiverse of HawkNess: A Universally-Composable MPC-Based Hawk Variant

Banerjee

Tewari

2022

Cryptography

View full text Add to dashboard Cite

show abstract

“…To prevent the adversary from gaining an advantage, using its rewinds, we adopt a strategy to hide the third round message of Π and only reveal it in the fourth round. To do that we follow an approach similar to [1,14,18], by embedding the next-message function of Π inside a garbled circuit (GC). More precisely, each party (e.g., P 1 ) upon receiving the second round message of Π creates a GC that contains all the messages of Π generated so far, its input and randomness.…”

Section: Technical Overviewmentioning

confidence: 99%

Round-Optimal Multi-party Computation with Identifiable Abort

Ciampi

Ravi²,

Siniscalchi³

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Secure multi-party computation (MPC) protocols that are resilient to a dishonest majority allow the adversary to get the output of the computation while, at the same time, forcing the honest parties to abort. Aumann and Lindell introduced the enhanced notion of security with identifiable abort, which still allows the adversary to trigger an abort but, at the same time, it enables the honest parties to agree on the identity of the party that led to the abort. More recently, in Eurocrypt 2016, Garg et al. showed that, assuming access to a simultaneous message exchange channel for all the parties, at least four rounds of communication are required to securely realize non-trivial functionalities in the plain model. Following Garg et al., a sequence of works has matched this lower bound, but none of them achieved security with identifiable abort. In this work, we close this gap and show that four rounds of communication are also sufficient to securely realize any functionality with identifiable abort using standard and generic polynomial-time assumptions. To achieve this result we introduce the new notion of bounded-rewind secure MPC that guarantees security even against an adversary that performs a mild form of reset attacks. We show how to instantiate this primitive starting from any MPC protocol and by assuming trapdoor-permutations. The notion of bounded-rewind secure MPC allows for easier parallel composition of MPC protocols with other (interactive) cryptographic primitives. Therefore, we believe that this primitive can be useful in other contexts in which it is crucial to combine multiple primitives with MPC protocols while keeping the round complexity of the final protocol low.

show abstract

“…. , C , 26 is due, P 0 sends separate messages, one for each committee, each containing a uniformly distributed bit.…”

Section: The Modelmentioning

confidence: 99%

“…2 Throughout the paper, unless explicitly stated otherwise, by security with abort we mean unanimous abort where all honest parties reach agreement on whether to abort or not. We note that since we consider a broadcast model, the weaker notion of non-unanimous abort [34,26] in which some honest parties may abort while other receive their output, can be uplifted to unanimous abort in a single broadcast round.…”

Section: Introductionmentioning

confidence: 99%

“…Throughout the paper, unless explicitly stated otherwise, by security with abort we mean unanimous abort where all honest parties reach agreement on whether to abort or not. We note that since we consider a broadcast model, the weaker notion of non-unanimous abort[34,26] in which some honest parties may abort while other receive their output, can be uplifted to unanimous abort in a single broadcast round.3 A (t + 1)-out-of-n secret-sharing scheme is error correcting, if the reconstruction algorithm outputs the correct secret even when up to t shares are arbitrarily modified. ECSS schemes are also known as robust secret sharing 4.…”

mentioning

confidence: 99%

See 1 more Smart Citation

From Fairness to Full Security in Multiparty Computation

Cohen¹,

Haitner

Omri

et al. 2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

In the setting of secure multiparty computation (MPC), a set of mutually distrusting parties wish to jointly compute a function, while guaranteeing the privacy of their inputs and the correctness of the output. An MPC protocol is called fully secure if no adversary can prevent the honest parties from obtaining their outputs. A protocol is called fair if an adversary can prematurely abort the computation, however, only before learning any new information.We present highly efficient transformations from fair computations to fully secure computations, assuming the fraction of honest parties is constant (e.g., 1% of the parties are honest). Compared to previous transformations that require linear invocations (in the number of parties) of the fair computation, our transformations require super-logarithmic, and sometimes even super-constant, such invocations. The main idea is to delegate the computation to chosen random committees that invoke the fair computation. Apart from the benefit of uplifting security, the reduction in the number of parties is also useful, since only committee members are required to work, whereas the remaining parties simply "listen" to the computation over a broadcast channel.One application of these transformations is a new δ-bias coin-flipping protocol, whose round complexity has a super-logarithmic dependency on the number of parties, improving over the protocol of Beimel, Omri, and Orlov (Crypto 2010) that has a linear dependency. A second application is a new fully secure protocol for computing the Boolean OR function, with a superconstant round complexity, improving over the protocol of Gordon and Katz (TCC 2009) whose round complexity is linear in the number of parties.Finally, we show that our positive results are in a sense optimal, by proving that for some functionalities, a super-constant number of (sequential) invocations of the fair computation is necessary for computing the functionality in a fully secure manner.

show abstract

Broadcast-Optimal Two-Round MPC

Cited by 19 publications

References 65 publications

Multiverse of HawkNess: A Universally-Composable MPC-Based Hawk Variant

Multiverse of HawkNess: A Universally-Composable MPC-Based Hawk Variant

Round-Optimal Multi-party Computation with Identifiable Abort

From Fairness to Full Security in Multiparty Computation

Contact Info

Product

Resources

About