Efficient Non-interactive Secure Computation
- Yuval IshaiAffiliated withDept. of Computer Science, Technion
- , Eyal KushilevitzAffiliated withDept. of Computer Science, Technion
- , Rafail OstrovskyAffiliated withUniversity of California
- , Manoj PrabhakaranAffiliated withUniversity of Illinois
- , Amit SahaiAffiliated withUniversity of California
Suppose that a receiver R wishes to publish an encryption of her secret input x so that every sender S, holding an input y, can reveal f(x,y) to R by sending her a single message. This should be done while simultaneously protecting the secrecy of y against a corrupted R and preventing a corrupted S from having an unfair influence on the output of R beyond what is allowed by f.
When the parties are semi-honest, practical solutions can be based on Yao’s garbled circuit technique. However, for the general problem when the parties, or even S alone, may be malicious, all known polynomial-time solutions are highly inefficient. This is due in part to the fact that known solutions make a non-black-box use of cryptographic primitives, e.g., for providing non-interactive zero-knowledge proofs of statements involving cryptographic computations on secrets.
Motivated by the above question, we consider the problem of secure two-party computation in a model that allows only parallel calls to an ideal oblivious transfer (OT) oracle with no additional interaction. We obtain the following results.
Feasibility. We present the first general protocols in this model which only make a black-box use of a pseudorandom generator (PRG). All previous OT-based protocols either make a non-black-box use of cryptographic primitives or require multiple rounds of interaction.
Efficiency. We also consider the question of minimizing the asymptotic number of PRG calls made by such protocols. We show that polylog(κ) calls are sufficient for each gate in a (large) boolean circuit computing f, where κ is a statistical security parameter guaranteeing at most 2− κ simulation error of a malicious sender. Furthermore, the number of PRG calls per gate can be made constant by settling for a relaxed notion of security which allows a malicious S to arbitrarily correlate the event that R detects cheating with the input of R. This improves over the state of the art also for interactive constant-round black-box protocols, which required Ω(κ) PRG calls per gate, even with similar relaxations of the notion of security.
Combining the above results with 2-message (parallel) OT protocols in the CRS model, we get the first solutions to the initial motivating question which only make a black-box use of standard cryptographic primitives.
- Efficient Non-interactive Secure Computation
- Book Title
- Advances in Cryptology – EUROCRYPT 2011
- Book Subtitle
- 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings
- pp 406-425
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- International Association for Cryptologic Research
- Additional Links
- Industry Sectors
- eBook Packages
- Kenneth G. Paterson (16)
- Editor Affiliations
- 16. Information Security Group (ISG), University of London
- Author Affiliations
- 17. Dept. of Computer Science, Technion, Haifa, Israel
- 18. University of California, Los Angeles, USA
- 19. University of Illinois, Urbana-Champaign, USA
To view the rest of this content please follow the download PDF link above.