Secure Computation with Constant Communication Overhead Using Multiplication Embeddings

“…The notion of reverse multiplication friendly embedding was first explicitly defined and studied in the context of secure computation by Cascudo et al in [8] and independently by Block et al in [5]. The former work is in the context of information-theoretically secure protocols, while the latter studied 2-party protocols over small fields where the assumed resource is OLE over an extension field.…”

“…For any r ≤ 16, there exists a (2r, 8r) 2 -RMFE. 5 For our numerical comparisons we will mainly consider the constructions with better rate in Theorem 1 and point out that, should one want to use Theorem 2 instead, then some small overhead in communication is introduced.…”

“…In our case, we will again encounter problems caused by these limitations as we explain next, but can solve them in a different way. 5 Specifically the result is obtained by noticing that the proof of Lemma 4 in [8] can also be used to show the existence of (k, 2k)q-RMFE for any q ≤ k + 1, and then composing (2, 4)2 and (r, 2r)16-RMFEs in the manner of Lemma 5 in the same paper.…”

“…The point is that we can embed the ring F k q in some extension field of F q in such a way that we can make the operations of both algebraic structures, and in particular the products (in one case the coordinatewise product, in the other the product in the extension field), "somewhat compatible": i.e., we map F k q into a slightly larger field F q m with some dedicated linear "embedding" map φ, that satisfies that for any two vectors x, y in F k q the field product φ(x) • φ(y) contains all information about x * y, in fact there exists a "recovery" linear map ψ such that x * y = ψ(φ(x) • φ(y)). The pair (φ, ψ) is called a (k, m)-reverse multiplication friendly embedding (RMFE) and was introduced in [5,8]. With such tool, [8] embeds k evaluations of a circuit over F q (i.e.…”

A Secret-Sharing Based MPC Protocol for Boolean Circuits with Good Amortized Complexity

“…The notion of reverse multiplication friendly embedding was first explicitly defined and studied in the context of secure computation by Cascudo et al in [8] and independently by Block et al in [5]. The former work is in the context of information-theoretically secure protocols, while the latter studied 2-party protocols over small fields where the assumed resource is OLE over an extension field.…”

“…For any r ≤ 16, there exists a (2r, 8r) 2 -RMFE. 5 For our numerical comparisons we will mainly consider the constructions with better rate in Theorem 1 and point out that, should one want to use Theorem 2 instead, then some small overhead in communication is introduced.…”

“…In our case, we will again encounter problems caused by these limitations as we explain next, but can solve them in a different way. 5 Specifically the result is obtained by noticing that the proof of Lemma 4 in [8] can also be used to show the existence of (k, 2k)q-RMFE for any q ≤ k + 1, and then composing (2, 4)2 and (r, 2r)16-RMFEs in the manner of Lemma 5 in the same paper.…”

“…The point is that we can embed the ring F k q in some extension field of F q in such a way that we can make the operations of both algebraic structures, and in particular the products (in one case the coordinatewise product, in the other the product in the extension field), "somewhat compatible": i.e., we map F k q into a slightly larger field F q m with some dedicated linear "embedding" map φ, that satisfies that for any two vectors x, y in F k q the field product φ(x) • φ(y) contains all information about x * y, in fact there exists a "recovery" linear map ψ such that x * y = ψ(φ(x) • φ(y)). The pair (φ, ψ) is called a (k, m)-reverse multiplication friendly embedding (RMFE) and was introduced in [5,8]. With such tool, [8] embeds k evaluations of a circuit over F q (i.e.…”

A Secret-Sharing Based MPC Protocol for Boolean Circuits with Good Amortized Complexity

Secure Computation with Constant Communication Overhead Using Multiplication Embeddings

Trapdoor Hash Functions and Their Applications