TY - GEN
T1 - Secure arithmetic computation with no honest majority
AU - Ishai, Yuval
AU - Prabhakaran, Manoj
AU - Sahai, Amit
PY - 2009
Y1 - 2009
N2 - We study the complexity of securely evaluating arithmetic circuits over finite rings. This question is motivated by natural secure computation tasks. Focusing mainly on the case of two-party protocols with security against malicious parties, our main goals are to: (1) only make black-box calls to the ring operations and standard cryptographic primitives, and (2) minimize the number of such black-box calls as well as the communication overhead. We present several solutions which differ in their efficiency, generality, and underlying intractability assumptions. These include: An unconditionally secure protocol in the OT-hybrid model which makes a black-box use of an arbitrary ring R,but where the number of ring operations grows linearly with (an upper bound on) log|R|. Computationally secure protocols in the OT-hybrid model which make a black-box use of an underlying ring, and in which the number of ring operations does not grow with the ring size. The protocols rely on variants of previous intractability assumptions related to linear codes. In the most efficient instance of these protocols, applied to a suitable class of fields, the (amortized) communication cost is a constant number of field elements per multiplication gate and the computational cost is dominated by O(logk) field operations per gate, where k is a security parameter. These results extend a previous approach of Naor and Pinkas for secure polynomial evaluation (SIAM J. Comput., 2006). A protocol for the rings D m =D/mD which only makes a black-box use of a homomorphic encryption scheme. When m is prime, the (amortized) number of calls to the encryption scheme for each gate of the circuit is constant. All of our protocols are in fact UC-secure in the OT-hybrid model and can be generalized to multiparty computation with an arbitrary number of malicious parties.
AB - We study the complexity of securely evaluating arithmetic circuits over finite rings. This question is motivated by natural secure computation tasks. Focusing mainly on the case of two-party protocols with security against malicious parties, our main goals are to: (1) only make black-box calls to the ring operations and standard cryptographic primitives, and (2) minimize the number of such black-box calls as well as the communication overhead. We present several solutions which differ in their efficiency, generality, and underlying intractability assumptions. These include: An unconditionally secure protocol in the OT-hybrid model which makes a black-box use of an arbitrary ring R,but where the number of ring operations grows linearly with (an upper bound on) log|R|. Computationally secure protocols in the OT-hybrid model which make a black-box use of an underlying ring, and in which the number of ring operations does not grow with the ring size. The protocols rely on variants of previous intractability assumptions related to linear codes. In the most efficient instance of these protocols, applied to a suitable class of fields, the (amortized) communication cost is a constant number of field elements per multiplication gate and the computational cost is dominated by O(logk) field operations per gate, where k is a security parameter. These results extend a previous approach of Naor and Pinkas for secure polynomial evaluation (SIAM J. Comput., 2006). A protocol for the rings D m =D/mD which only makes a black-box use of a homomorphic encryption scheme. When m is prime, the (amortized) number of calls to the encryption scheme for each gate of the circuit is constant. All of our protocols are in fact UC-secure in the OT-hybrid model and can be generalized to multiparty computation with an arbitrary number of malicious parties.
UR - http://www.scopus.com/inward/record.url?scp=70350677017&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-00457-5_18
DO - 10.1007/978-3-642-00457-5_18
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:70350677017
SN - 3642004563
SN - 9783642004568
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 294
EP - 314
BT - Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings
T2 - 6th Theory of Cryptography Conference, TCC 2009
Y2 - 15 March 2009 through 17 March 2009
ER -