International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2009: Advances in Cryptology – ASIACRYPT 2009 pp 268-286

Secure Multi-party Computation Minimizing Online Rounds

  • Seung Geol Choi
  • Ariel Elbaz
  • Tal Malkin
  • Moti Yung
Conference paper

DOI: 10.1007/978-3-642-10366-7_16

Volume 5912 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Choi S.G., Elbaz A., Malkin T., Yung M. (2009) Secure Multi-party Computation Minimizing Online Rounds. In: Matsui M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg

Abstract

Multi-party secure computations are general important procedures to compute any function while keeping the security of private inputs. In this work we ask whether preprocessing can allow low latency (that is, small round) secure multi-party protocols that are universally-composable (UC). In particular, we allow any polynomial time preprocessing as long as it is independent of the exact circuit and actual inputs of the specific instance problem to solve, with only a bound k on the number of gates in the circuits known.

To address the question, we first define the model of “Multi-Party Computation on Encrypted Data” (mp-ced), implicitly described in [FH96],[JJ00],[CDN01],[DN03]. In this model, computing parties establish a threshold public key in a preprocessing stage, and only then private data, encrypted under the shared public key, is revealed. The computing parties then get the computational circuit they agree upon and evaluate the circuit on the encrypted data. The \(\textsc{mp-ced}\) model is interesting since it is well suited for modern computing environments, where many repeated computations on overlapping data are performed.

We present two different round-efficient protocols in this model:
  • The first protocol generates k garbled gates in the preprocessing stage and requires only two (online) rounds.

  • The second protocol generates a garbled universal circuit of size O(k logk) in the preprocessing stage, and requires only one (online) round (i.e., an obvious lower bound), and therefore it can run asynchronously.

Both protocols are secure against an active, static adversary controlling any number of parties. When the fraction of parties the adversary can corrupt is less than half, the adversary cannot force the protocols to abort.

The \(\textsc{mp-ced}\) model is closely related to the general Multi-Party Computation (mpc) model and, in fact, both can be reduced to each other. The first (resp. second) protocol above naturally gives protocols for three-round (resp. two-round) universally composable \(\textsc{mpc}\) secure against active, static adversary controlling any number of parties (with preprocessing).

Keywords

Computing with Encrypted DataMulti-Party ComputationPublic key CryptographyCryptographic ProtocolsUniversal Composition
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Seung Geol Choi
    • 1
  • Ariel Elbaz
    • 1
  • Tal Malkin
    • 1
  • Moti Yung
    • 2
  1. 1.Columbia University 
  2. 2.Google Inc. & Columbia University