Robust Multiparty Computation with Linear Communication Complexity

Hirt, Martin; Nielsen, Jesper Buus

doi:10.1007/11818175_28

Cited by 43 publications

(27 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the communication needed to obtain robustness is independent of the circuit. We stress that t < n/2 is the optimal resilience for computationally secure MPC against active corruptions (with robustness and fairness) [15,33]. To keep the protocol presentation and its proof simple, we assume a robust SHE.ShareCombine (i.e.…”

Section: Mpc From She -The Active Settingmentioning

confidence: 99%

“…-Randomness Extraction [33,24]: Given a set of n encryptions of random values t of which may be known to the adversary, the randomness extraction algorithm based on superinvertible matrix [33] or Vandermonde matrix [24] allows the parties to (locally) compute encryptions of (n − t) random values unknown to the adversary. -Non-interactive Zero Knowledge Proofs: We require UC-secure instantiation of F Renc ZK , such that a party P i ∈ {P 1 , .…”

Section: An Improved Offline Phase (Sketch)mentioning

confidence: 99%

“…It is easy to see that the output ciphertexts are indeed random as there exists at least (n − t) honest parties corresponding to each batch of ciphertexts. Note that we do not require any powerful (but somewhat complex) tools like player elimination, as used in the MPC protocol of [33] (whose communication complexity is also O(n · ζ)).…”

Section: An Improved Offline Phase (Sketch)mentioning

confidence: 99%

See 2 more Smart Citations

Between a Rock and a Hard Place: Interpolating between MPC and FHE

Choudhury

Loftus

Orsini

et al. 2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

Abstract. We present a computationally secure MPC protocol for threshold adversaries which is parametrized by a value L. When L = 2 we obtain a classical form of MPC protocol in which interaction is required for multiplications, as L increases interaction is reduced, in that one requires interaction only after computing a higher degree function. When L approaches infinity one obtains the FHE based protocol of Gentry, which requires no interaction. Thus one can trade communication for computation in a simple way. Our protocol is based on an interactive protocol for "bootstrapping" a somewhat homomorphic encryption (SHE) scheme. The key contribution is that our presented protocol is highly communication efficient enabling us to obtain reduced communication when compared to traditional MPC protocols for relatively small values of L.

show abstract

Section: Mpc From She -The Active Settingmentioning

confidence: 99%

Section: An Improved Offline Phase (Sketch)mentioning

confidence: 99%

Section: An Improved Offline Phase (Sketch)mentioning

confidence: 99%

See 1 more Smart Citation

Between a Rock and a Hard Place: Interpolating between MPC and FHE

Choudhury

Loftus

Orsini

et al. 2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

show abstract

“…[16] active t < n/2 cryptographic O(cM n 2 κ + n 3 κ) [19] active t < n/2 cryptographic O(cM nκ + n 3 κ) [20] active t < n/2 cryptographic O(cM n log n) + poly(nκ) [16] active t < n/3 unconditional O(cM n 2 κ) + poly(nκ) [18] active t < n/3 unconditional O(cM n log n + dM n 2 log n) + poly(nκ) [16] active t < n/3 perfect O(cM n log n + dM n 2 log n + n 3 log n) [4] active t < n/2 unconditional O(cM n 5 κ + n 4 κ) + O(cM n 5 κ)BC [10] active t < n/2 unconditional O(cM n 2 κ + n 5 κ 2 ) + O(n 3 κ)BC [3] Fig. 1.…”

Section: Adv Resiliencementioning

confidence: 99%

Near-Linear Unconditionally-Secure Multiparty Computation with a Dishonest Minority

Ben–Sasson

Fehr

Ostrovsky

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In the setting of unconditionally-secure MPC, where dishonest players are unbounded and no cryptographic assumptions are used, it was known since the 1980's that an honest majority of players is both necessary and sufficient to achieve privacy and correctness, assuming secure point-to-point and broadcast channels. The main open question that was left is to establish the exact communication complexity. We settle the above question by showing an unconditionally-secure MPC protocol, secure against a dishonest minority of malicious players, that matches the communication complexity of the best known MPC protocol in the honest-but-curious setting. More specifically, we present a new n-player MPC protocol that is secure against a computationally-unbounded malicious adversary that can adaptively corrupt up to t < n/2 of the players. For polynomially-large binary circuits that are not too unshaped, our protocol has an amortized communication complexity of O(n log n + κ/n const ) bits per multiplication (i.e. AND) gate, where κ denotes the security parameter and const ∈ Z is an arbitrary non-negative constant. This improves on the previously most efficient protocol with the same security guarantee, which offers an amortized communication complexity of O(n 2 κ) bits per multiplication gate. For any κ polynomial in n, the amortized communication complexity of our protocol matches the O(n log n) bit communication complexity of the best known MPC protocol with passive security. We introduce several novel techniques that are of independent interest and we believe will have wider applicability. One is a novel idea of computing authentication tags by means of a mini MPC, which allows us to avoid expensive double-sharings; the other is a batch-wise multiplication verification that allows us to speedup Beaver's "multiplication triples".

show abstract

“…[2], [5], [6], [15], [16]. The best known solutions have (an abbreviated) communication complexity of O(αn) where α is the size of the circuit.…”

Section: Efficient Smcmentioning

confidence: 99%