Non-interactive secure multiparty computation

Amos Beimel; Ariel Gabizon; Yuval Ishai; Eyal Kushilevitz; Sigurd Meldgaard; Anat Paskin-Cherniavsky

doi:10.1007/978-3-662-44381-1_22

Non-interactive secure multiparty computation

Amos Beimel, Ariel Gabizon, Yuval Ishai, Eyal Kushilevitz, Sigurd Meldgaard, Anat Paskin-Cherniavsky

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

52 Scopus citations

Abstract

We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x₁,...,x _n) is specified by a joint probability distribution R = (R ₁,...,R_n) and local encoding functions Enc _i(x_i,r_i), 1 ≤ i ≤ n. Given correlated randomness (r₁,...,r_n) ∈_R R, each party P_i, using its input x_i and its randomness r_i, computes the message m_i = Enc_i(x_i, r _i). The messages m₁,...,m_n can be used to decode f(x₁,...,x_n). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enc_i(x_i, r_i))_i∈T together with the randomness (r _i)_i∈T gives the same information about (x _1i∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x₁,...,x _n) = x₁x₂...x_n admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:Xⁿ → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity n^O(t). For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity n^O(w). On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.

Original language	English
Title of host publication	Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings
Pages	387-404
Number of pages	18
Edition	PART 2
DOIs	https://doi.org/10.1007/978-3-662-44381-1_22
State	Published - 2014
Event	34rd Annual International Cryptology Conference, CRYPTO 2014 - Santa Barbara, CA, United States Duration: 17 Aug 2014 → 21 Aug 2014

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 2
Volume	8617 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	34rd Annual International Cryptology Conference, CRYPTO 2014
Country/Territory	United States
City	Santa Barbara, CA
Period	17/08/14 → 21/08/14

Keywords

garbling schemes
multi-input functional encryption
obfuscation
private simultaneous messages protocols
randomized encoding of functions
secure multiparty computation

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-662-44381-1_22

Cite this

Beimel, A., Gabizon, A., Ishai, Y., Kushilevitz, E., Meldgaard, S., & Paskin-Cherniavsky, A. (2014). Non-interactive secure multiparty computation. In Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings (PART 2 ed., pp. 387-404). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8617 LNCS, No. PART 2). https://doi.org/10.1007/978-3-662-44381-1_22

@inproceedings{fdce0e59cdf34bf496185179e3d4e286,

title = "Non-interactive secure multiparty computation",

abstract = "We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,...,x n) is specified by a joint probability distribution R = (R 1,...,Rn) and local encoding functions Enc i(xi,ri), 1 ≤ i ≤ n. Given correlated randomness (r1,...,rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, r i). The messages m1,...,mn can be used to decode f(x1,...,xn). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enci(xi, ri))i∈T together with the randomness (r i)i∈T gives the same information about (x 1i∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x1,...,x n) = x1x2...xn admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:Xn → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity nO(t). For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity nO(w). On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.",

keywords = "garbling schemes, multi-input functional encryption, obfuscation, private simultaneous messages protocols, randomized encoding of functions, secure multiparty computation",

author = "Amos Beimel and Ariel Gabizon and Yuval Ishai and Eyal Kushilevitz and Sigurd Meldgaard and Anat Paskin-Cherniavsky",

note = "Funding Information: Research by the first three authors and the fifth author received funding from the European Union{\textquoteright}s Tenth Framework Programme (FP10/2010-2016) under grant agreement no. 259426 ERC-CaC. The first author was also supported by the Frankel center for computer science. Research by the second author received funding from the European Union{\textquoteright}s Seventh Framework Programme (FP7/2007-2013) under grant agreement no. 257575. The third and fourth authors were supported by ISF grant 1361/10 and BSF grant 2012378.; 34rd Annual International Cryptology Conference, CRYPTO 2014 ; Conference date: 17-08-2014 Through 21-08-2014",

year = "2014",

doi = "10.1007/978-3-662-44381-1_22",

language = "אנגלית",

isbn = "9783662443804",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

number = "PART 2",

pages = "387--404",

booktitle = "Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings",

edition = "PART 2",

}

Beimel, A, Gabizon, A, Ishai, Y, Kushilevitz, E, Meldgaard, S & Paskin-Cherniavsky, A 2014, Non-interactive secure multiparty computation. in Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings. PART 2 edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 2, vol. 8617 LNCS, pp. 387-404, 34rd Annual International Cryptology Conference, CRYPTO 2014, Santa Barbara, CA, United States, 17/08/14. https://doi.org/10.1007/978-3-662-44381-1_22

Non-interactive secure multiparty computation. / Beimel, Amos; Gabizon, Ariel; Ishai, Yuval et al.
Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings. PART 2. ed. 2014. p. 387-404 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8617 LNCS, No. PART 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Non-interactive secure multiparty computation

AU - Beimel, Amos

AU - Gabizon, Ariel

AU - Ishai, Yuval

AU - Kushilevitz, Eyal

AU - Meldgaard, Sigurd

AU - Paskin-Cherniavsky, Anat

N1 - Funding Information: Research by the first three authors and the fifth author received funding from the European Union’s Tenth Framework Programme (FP10/2010-2016) under grant agreement no. 259426 ERC-CaC. The first author was also supported by the Frankel center for computer science. Research by the second author received funding from the European Union’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no. 257575. The third and fourth authors were supported by ISF grant 1361/10 and BSF grant 2012378.

PY - 2014

Y1 - 2014

N2 - We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,...,x n) is specified by a joint probability distribution R = (R 1,...,Rn) and local encoding functions Enc i(xi,ri), 1 ≤ i ≤ n. Given correlated randomness (r1,...,rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, r i). The messages m1,...,mn can be used to decode f(x1,...,xn). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enci(xi, ri))i∈T together with the randomness (r i)i∈T gives the same information about (x 1i∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x1,...,x n) = x1x2...xn admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:Xn → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity nO(t). For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity nO(w). On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.

AB - We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,...,x n) is specified by a joint probability distribution R = (R 1,...,Rn) and local encoding functions Enc i(xi,ri), 1 ≤ i ≤ n. Given correlated randomness (r1,...,rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, r i). The messages m1,...,mn can be used to decode f(x1,...,xn). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enci(xi, ri))i∈T together with the randomness (r i)i∈T gives the same information about (x 1i∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: - Group products. For every (possibly non-abelian) finite group G, the iterated group product function f(x1,...,x n) = x1x2...xn admits an efficient, fully robust NIMPC protocol. - Small functions. Every function f admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). - Symmetric functions. Every symmetric function f:Xn → Y, where X is an input domain of constant size, admits a t-robust NIMPC protocol of complexity nO(t). For the case where f is a w-out-of-n threshold function, we get a fully robust protocol of complexity nO(w). On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.

KW - garbling schemes

KW - multi-input functional encryption

KW - obfuscation

KW - private simultaneous messages protocols

KW - randomized encoding of functions

KW - secure multiparty computation

UR - http://www.scopus.com/inward/record.url?scp=84905370158&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-44381-1_22

DO - 10.1007/978-3-662-44381-1_22

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84905370158

SN - 9783662443804

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 387

EP - 404

BT - Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings

T2 - 34rd Annual International Cryptology Conference, CRYPTO 2014

Y2 - 17 August 2014 through 21 August 2014

ER -

Beimel A, Gabizon A, Ishai Y, Kushilevitz E, Meldgaard S, Paskin-Cherniavsky A. Non-interactive secure multiparty computation. In Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings. PART 2 ed. 2014. p. 387-404. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2). doi: 10.1007/978-3-662-44381-1_22

Non-interactive secure multiparty computation

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this