k round multiparty computation from k round oblivious
play

k -Round Multiparty Computation from k -Round Oblivious Transfer via - PowerPoint PPT Presentation

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,


  1. k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1, 2018

  2. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation (MPC) x 1 Auction Seller P 1 (no input) Buyer P i bids x i USD x 5 x 2 P 1 P 5 P 2 x 4 x 3 P 4 P 3 Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 2 / 23

  3. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation (MPC) x 1 Auction Seller P 1 (no input) Buyer P i bids x i USD x 5 x 2 y 1 P 1 Seller P 1 gets y 1 = ( max bid, buyer ) Buyer P i gets � y 5 y 2 P 5 P 2 1 if winner y i = x 4 x 3 0 else y 4 y 3 P 4 P 3 Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 2 / 23

  4. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation (MPC) x 1 Auction Seller P 1 (no input) Buyer P i bids x i USD x 5 x 2 y 1 P 1 Seller P 1 gets y 1 = ( max bid, buyer ) Buyer P i gets � y 5 y 2 P 5 P 2 1 if winner y i = x 4 x 3 0 else Question: How many rounds? y 4 y 3 P 4 P 3 Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 2 / 23

  5. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  6. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly malicious: corrupted parties can behave arbitrarily Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  7. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly semi-malicious: corrupted parties behave honestly but adaptively choose input and randomness malicious: corrupted parties can behave arbitrarily Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  8. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly semi-malicious: corrupted parties behave honestly but adaptively choose input and randomness malicious: corrupted parties can behave arbitrarily k -round semi-malicious MPC + NIZK ⇒ k -round malicious MPC Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  9. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  10. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender x b ⊥ Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  11. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender x b ⊥ k -round OT k -round MPC Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  12. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender x b ⊥ k -round OT k -round MPC ? Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  13. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  14. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  15. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . N 2 CRS/... + LWE [AJLTVW12, MW16, CM15, BP16, PS16] [BGI16, BGI17, BGILT18] N 2 PKI + DDH 2 iO or WE [GGHR14, GP15, CGP15, DKR15, GLS15] N Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  16. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . N 2 CRS/... + LWE [AJLTVW12, MW16, CM15, BP16, PS16] [BGI16, BGI17, BGILT18] N 2 PKI + DDH 2 iO or WE [GGHR14, GP15, CGP15, DKR15, GLS15] N [GS17a] N 2 bilinear group Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  17. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . N 2 CRS/... + LWE [AJLTVW12, MW16, CM15, BP16, PS16] [BGI16, BGI17, BGILT18] N 2 PKI + DDH 2 iO or WE [GGHR14, GP15, CGP15, DKR15, GLS15] N [GS17a] N 2 bilinear group N k k -round OT [GS17b] k -round OT ours N k Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  18. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem k -round MPC ‡ k -round OT ⇔ Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  19. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem   semi-honest  semi-honest   k -round MPC ‡  k -round OT ⇔ semi-malicious semi-malicious malicious ∗ malicious † Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  20. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem   semi-honest  semi-honest   k -round MPC ‡  k -round OT ⇔ semi-malicious semi-malicious malicious ∗ malicious † Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  21. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem   semi-honest  semi-honest   k -round MPC ‡  k -round OT ⇔ semi-malicious semi-malicious malicious ∗ malicious † Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  22. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Malicious Setting in the Plain Model N : number of parties; L : number of rounds Blackbox lower-bound: L ≥ 4 N L Assumptions [ACJ17] N 5 DDH N 4 subexp DDH [ACJ17] [BHP17] N 4 subexp LWE + adp. com. 4 ETDP + DDH/LWE or QR [HHPV17] N [BGJKKS17] N 4 DDH or QR or N-th res N k ≥ 5 k -round OT ours Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 7 / 23

  23. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Malicious Setting in the Plain Model N : number of parties; L : number of rounds Blackbox lower-bound: L ≥ 4 N L Assumptions [ACJ17] N 5 DDH N 4 subexp DDH [ACJ17] [BHP17] N 4 subexp LWE + adp. com. 4 ETDP + DDH/LWE or QR [HHPV17] N [BGJKKS17] N 4 DDH or QR or N-th res N k ≥ 5 k -round OT ours Open problem: 4-round MPC from 4-round OT Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 7 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend