TY - GEN
T1 - Perfectly secure multiparty computation and the computational overhead of cryptography
AU - Damgård, Ivan
AU - Ishai, Yuval
AU - Krøigaard, Mikkel
PY - 2010
Y1 - 2010
N2 - We study the following two related questions: What are the minimal computational resources required for general secure multiparty computation in the presence of an honest majority? What are the minimal resources required for two-party primitives such as zero-knowledge proofs and general secure two-party computation? We obtain a nearly tight answer to the first question by presenting a perfectly secure protocol which allows n players to evaluate an arithmetic circuit of size s by performing a total of arithmetic operations, plus an additive term which depends (polynomially) on n and the circuit depth, but only logarithmically on s. Thus, for typical large-scale computations whose circuit width is much bigger than their depth and the number of players, the amortized overhead is just polylogarithmic in n and s. The protocol provides perfect security with guaranteed output delivery in the presence of an active, adaptive adversary corrupting a (1/3 - ε) fraction of the players, for an arbitrary constant ε > 0 and sufficiently large n. The best previous protocols in this setting could only offer computational security with a computational overhead of poly(k,logn,logs), where k is a computational security parameter, or perfect security with a computational overhead of . We then apply the above result towards making progress on the second question. Concretely, under standard cryptographic assumptions, we obtain zero-knowledge proofs for circuit satisfiability with 2-k soundness error in which the amortized computational overhead per gate is only polylogarithmic in k, improving over the ω(k) overhead of the best previous protocols. Under stronger cryptographic assumptions, we obtain similar results for general secure two-party computation.
AB - We study the following two related questions: What are the minimal computational resources required for general secure multiparty computation in the presence of an honest majority? What are the minimal resources required for two-party primitives such as zero-knowledge proofs and general secure two-party computation? We obtain a nearly tight answer to the first question by presenting a perfectly secure protocol which allows n players to evaluate an arithmetic circuit of size s by performing a total of arithmetic operations, plus an additive term which depends (polynomially) on n and the circuit depth, but only logarithmically on s. Thus, for typical large-scale computations whose circuit width is much bigger than their depth and the number of players, the amortized overhead is just polylogarithmic in n and s. The protocol provides perfect security with guaranteed output delivery in the presence of an active, adaptive adversary corrupting a (1/3 - ε) fraction of the players, for an arbitrary constant ε > 0 and sufficiently large n. The best previous protocols in this setting could only offer computational security with a computational overhead of poly(k,logn,logs), where k is a computational security parameter, or perfect security with a computational overhead of . We then apply the above result towards making progress on the second question. Concretely, under standard cryptographic assumptions, we obtain zero-knowledge proofs for circuit satisfiability with 2-k soundness error in which the amortized computational overhead per gate is only polylogarithmic in k, improving over the ω(k) overhead of the best previous protocols. Under stronger cryptographic assumptions, we obtain similar results for general secure two-party computation.
UR - http://www.scopus.com/inward/record.url?scp=77954633629&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-13190-5_23
DO - 10.1007/978-3-642-13190-5_23
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:77954633629
SN - 3642131891
SN - 9783642131899
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 445
EP - 465
BT - Advances in Cryptology - Eurocrypt 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
T2 - 29th in the Series of EuropeanConferences on the Theory and Application of Cryptographic Techniques, Eurocrypt 2010
Y2 - 30 May 2010 through 3 June 2010
ER -