Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation

Boyle, Elette; Couteau, Geoffroy; Gilboa, Niv; Ishai, Yuval; Kohl, Lisa; Rindal, Peter; Schöll, Peter

doi:10.1145/3319535.3354255

Cited by 103 publications

(82 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, the LPN assumption has led to a wide variety of applications (see for example, [11,14,22,35,36,63,73,88]). A comprehensive review of known attacks on LPN over large fields, for the parameter settings we are interested in, was given in [35,37].…”

Section: Assumptions In More Detailmentioning

confidence: 99%

See 1 more Smart Citation

Indistinguishability obfuscation from well-founded assumptions

Jain

Lin

Sahai

2021

Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing

154

View full text Add to dashboard Cite

Indistinguishability obfuscation, introduced by [Barak et. al. Crypto 2001], aims to compile programs into unintelligible ones while preserving functionality. It is a fascinating and powerful object that has been shown to enable a host of new cryptographic goals and beyond. However, constructions of indistinguishability obfuscation have remained elusive, with all other proposals relying on heuristics or newly conjectured hardness assumptions.In this work, we show how to construct indistinguishability obfuscation from subexponential hardness of four well-founded assumptions. We prove: Informal Theorem: Let 𝜏 ∈ (0, ∞), 𝛿 ∈ (0, 1), 𝜖 ∈ (0, 1) be arbitrary constants. Assume sub-exponential security of the following assumptions:-the Learning With Errors (LWE) assumption with subexponential modulus-to-noise ratio 2 𝑘 𝜖 and noises of magnitude polynomial in 𝑘, where 𝑘 is the dimension of the LWE secret, -the Learning Parity with Noise (LPN) assumption over general prime fields Z 𝑝 with polynomially many LPN samples and error rate 1/ℓ 𝛿 , where ℓ is the dimension of the LPN secret, -the existence of a Boolean Pseudo-Random Generator (PRG) in NC 0 with stretch 𝑛 1+𝜏 , where 𝑛 is the length of the PRG seed, -the Decision Linear (DLIN) assumption on symmetric bilinear groups of prime order. Then, (subexponentially secure) indistinguishability obfuscation for all polynomial-size circuits exists. Further, assuming only polynomial security of the aforementioned assumptions, there exists collusion resistant public-key functional encryption for all polynomial-size circuits. CCS CONCEPTS• Theory of computation → Cryptographic primitives.

show abstract

Section: Assumptions In More Detailmentioning

confidence: 99%

“…In this work, we use the LPN assumption over a large field. This assumption has been used in a various works (see for example, [11,14,22,35,36,63,73,88]). We adopt the following definition from [35].…”

mentioning

confidence: 99%

Indistinguishability obfuscation from well-founded assumptions

Jain

Lin

Sahai

2021

Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing

154

View full text Add to dashboard Cite

show abstract

“…In recent works, it was shown that the number of rounds can be 2 instead of 3 for an OT extension protocol by executing some of the computations in the offline phase of the protocol [3,4]. In our solution, we don't consider the preprocessing operations and so we don't use these constructions in our protocols.…”

Section: Oblivious Transfermentioning

confidence: 99%

“…The value P 2 learns is always random and indistinguishable; but, this random value is equal to r if and only if y ∈ X. 3 Following this part, the parties run a secure functional equality testing protocol, where at the end of the protocol P 2 learns the function result of the equality relation, which is also the function result of the membership relation. We make use of the PSM protocol of Ciampi-Orlandi [5] for secure functional equality testing by reducing the number of items of the sender set to one.…”

Section: Our Full Psm Protocolmentioning

confidence: 99%

Linear Complexity Private Set Intersection for Secure Two-Party Protocols

Karakoç¹,

Küpçü

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we propose a new private set intersection (PSI) protocol that computes the following functionality. The two parties (P1 and P2) input two sets of items (X and Y , respectively) and one of the parties outputs a function of the intersection (f (X ∩ Y )). This functionality is generally required when the PSI protocol is used as a part of a larger secure two-party secure computation. Pinkas et al. presented a PSI protocol at Eurocrypt 2019 for this functionality, which has linear complexity only in communication. While there are PSI protocols with linear computation and communication complexities in the classical PSI setting where the intersection itself is revealed to one party, to the best of our knowledge, there is no PSI protocol, which outputs a function of the intersection and satisfies linear complexity in both communication and computation. We present the first PSI protocol that outputs only a function of the intersection with linear communication and computation complexities. While creating the protocol, as a side contribution, we provide a one-time oblivious programmable pseudo-random function based on garbled Bloom filters. We also implemented our protocol and provide performance results.

show abstract

“…Because the correlations are input-independent, they can be precomputed without knowledge of the client's query or the server's database. These OT correlations can be generated efficiently using a technique called OT extension in a separate input-independent preprocessing step 30 (this can even be done with low communication using a recent approach called silent OT extension 31 ). Alternatively, they can be generated ahead of time by a trusted dealer or a secure hardware platform (observe that in both of these settings, the party generating the correlations does not need to know anything about the query or the database entries).…”

Section: Oblivious Transfer Correlationsmentioning

confidence: 99%

Innocent until proven guilty: Privacy-preserving search over a central CODIS criminal database from the field

Blindenbach

Jagadeesh

Bejerano

et al. 2020

Preprint

View full text Add to dashboard Cite

The presumption of innocence (i.e., the principle that one is considered innocent until proven guilty) is a cornerstone of the criminal justice system in many countries, including the United States. DNA analysis is an important tool for criminal investigations1. In the U.S. alone, it has already aided in over half a million investigations using the Combined DNA Index System (CODIS) and associated DNA databases2. CODIS includes DNA profiles of crime scene forensic samples, convicted offenders, missing persons and more. The CODIS framework is currently used by over 50 other countries3 including much of Europe, Canada, China and more. During investigations, DNA samples can be collected from multiple individuals who may have had access to, or were found near a crime scene, in the hope of finding a single criminal match4. Controversially, CODIS samples are sometimes retained from adults and juveniles despite not yielding any database match4–6. Here we introduce a cryptographic algorithm that finds any and all matches of a person’s DNA profile against a CODIS database without revealing anything about the person’s profile to the database provider. With our protocol, matches are immediately identified as before; however, individuals who do not match anything in the database retain their full privacy. Our novel algorithm runs in 40 seconds on a CODIS database of 1,000,000 entries, enabling its use to privately screen potentially-innocent suspects even in the field.

show abstract

Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation

Cited by 103 publications

References 56 publications

Indistinguishability obfuscation from well-founded assumptions

Indistinguishability obfuscation from well-founded assumptions

Linear Complexity Private Set Intersection for Secure Two-Party Protocols

Innocent until proven guilty: Privacy-preserving search over a central CODIS criminal database from the field

Contact Info

Product

Resources

About