TY - GEN
T1 - Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC
AU - Abascal, Jackson
AU - Faghihi Sereshgi, Mohammad Hossein
AU - Hazay, Carmit
AU - Ishai, Yuval
AU - Venkitasubramaniam, Muthuramakrishnan
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/10/30
Y1 - 2020/10/30
N2 - One of the most challenging aspects in secure computation is offering protection against active adversaries, who may arbitrarily alter the behavior of corrupted parties. A powerful paradigm due to Goldreich, Micali, and Wigderson (GMW), is to follow a two-step approach: (1) design a passively secure protocol pfor the task at hand; (2) apply a general compiler to convert pinto an actively secure protocol €' for the same task. In this work, we implement the first two-party actively secure protocol whose design is based on the general GMW paradigm. Our implementation applies to a passively secure pbased on garbled circuits, using a sublinear zero-knowledge proof to ensure correctness of garbling. The main variant of our protocol makes a black-box use of an underlying oblivious transfer primitive by following the "certified oblivious transfer"blueprint of Ishai et al. (Eurocrypt 2011) and Hazay et. al. (TCC 2017). We also analyze a conceptually simpler but less efficient variant that makes a non-black-box use of oblivious transfer. %that designed an efficient parallel OT in which the receiver is additionally assured that the pairs of strings transmitted satisfy a global consistency predicate. Our protocol has several important advantages. It supports non-interactive secure computation (NISC), where a receiver posts an "encryption"of its input and gets back from a sender an "encryption"of the output. The efficiency of this NISC protocol is enhanced by using an offline non-interactive preprocessing, where the sender publishes a single garbled circuit together with a proof of correctness, while the receiver need not even be online. The online work of both the sender and the receiver is lightweight, with a small overhead compared Yao's passively secure protocol depending mostly on the input size rather than the circuit size.
AB - One of the most challenging aspects in secure computation is offering protection against active adversaries, who may arbitrarily alter the behavior of corrupted parties. A powerful paradigm due to Goldreich, Micali, and Wigderson (GMW), is to follow a two-step approach: (1) design a passively secure protocol pfor the task at hand; (2) apply a general compiler to convert pinto an actively secure protocol €' for the same task. In this work, we implement the first two-party actively secure protocol whose design is based on the general GMW paradigm. Our implementation applies to a passively secure pbased on garbled circuits, using a sublinear zero-knowledge proof to ensure correctness of garbling. The main variant of our protocol makes a black-box use of an underlying oblivious transfer primitive by following the "certified oblivious transfer"blueprint of Ishai et al. (Eurocrypt 2011) and Hazay et. al. (TCC 2017). We also analyze a conceptually simpler but less efficient variant that makes a non-black-box use of oblivious transfer. %that designed an efficient parallel OT in which the receiver is additionally assured that the pairs of strings transmitted satisfy a global consistency predicate. Our protocol has several important advantages. It supports non-interactive secure computation (NISC), where a receiver posts an "encryption"of its input and gets back from a sender an "encryption"of the output. The efficiency of this NISC protocol is enhanced by using an offline non-interactive preprocessing, where the sender publishes a single garbled circuit together with a proof of correctness, while the receiver need not even be online. The online work of both the sender and the receiver is lightweight, with a small overhead compared Yao's passively secure protocol depending mostly on the input size rather than the circuit size.
KW - garbled circuits
KW - oblivious-transfer
KW - secure two-party computation
KW - zero-knowledge
UR - http://www.scopus.com/inward/record.url?scp=85096171668&partnerID=8YFLogxK
U2 - 10.1145/3372297.3423366
DO - 10.1145/3372297.3423366
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85096171668
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1591
EP - 1605
BT - CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
T2 - 27th ACM SIGSAC Conference on Computer and Communications Security, CCS 2020
Y2 - 9 November 2020 through 13 November 2020
ER -