Skip to main content
SpringerLink
Log in

Minimizing Setup in Broadcast-Optimal Two Round MPC

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2023 (EUROCRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14005))

Abstract

In this paper we consider two-round secure computation protocols which use different communication channels in different rounds: namely, protocols where broadcast is available in neither round, both rounds, only the first round, or only the second round. The prior works of Cohen, Garay and Zikas (Eurocrypt 2020) and Damgård, Magri, Ravi, Siniscalchi and Yakoubov (Crypto 2021) give tight characterizations of which security guarantees are achievable for various thresholds in each communication structure .

In this work, we introduce a new security notion, namely, selective identifiable abort, which guarantees that every honest party either obtains the output, or aborts identifying one corrupt party (where honest parties may potentially identify different corrupted parties). We investigate what broadcast patterns in two-round MPC allow achieving this guarantee across various settings (such as with or without PKI, with or without an honest majority).

Further, we determine what is possible in the honest majority setting without a PKI, closing a question left open by Damgård et al. We show that without a PKI, having an honest majority does not make it possible to achieve stronger security guarantees compared to the dishonest majority setting. However, if two-thirds of the parties are guaranteed to be honest, identifiable abort is additionally achievable using broadcast only in the second round.

We use fundamentally different techniques from the previous works to avoid relying on private communication in the first round when a PKI is not available, since assuming such private channels without the availability of public encryption keys is unrealistic. We also show that, somewhat surprisingly, the availability of private channels in the first round does not enable stronger security guarantees unless the corruption threshold is one.

S. Yakoubov—Funded in part by the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 669255 (MPCPRO) and No 803096 (SPEC).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We do assume that the peer-to-peer channels are authenticated.

  2. 2.

    Throughout this paper, we use the term ‘PKI’ to refer to a ‘trusted PKI’, where the PKI keys are assumed to be honestly generated for all parties.

  3. 3.

    Given an additional round of communication instead of a PKI, things look different; Badrinarayanan et al. [2] study broadcast-optimal three-round MPC with GOD given an honest majority and CRS, and show that GOD is achievable in the BC-BC-P2P setting.

  4. 4.

    This strengthens the fairness impossibility result of Gordon et al. [15] which holds for \(n\le 3t\).

  5. 5.

    Note that the full power of our one-or-nothing secret sharing with intermediaries is not necessary here; in our construction, we only require two levels of sharing and intermediaries in order to achieve identifiable abort, while this construction aims only for selective and unanimous abort in the two different settings respectively.

  6. 6.

    Adaptive garbling schemes [3] remain secure against an adversary who obtains the garbled circuit and then selects the input.

  7. 7.

    We note that our security proofs can translate to an appropriate (synchronous) composable setting with minimal changes. We also give the formal definition of the new security notion of selective identifiable abort (\(\mathsf {sl\text {-}idabort}\)).

  8. 8.

    Some of our negative results hold even if private peer-to-peer channels are available in the first round. However, our positive results do not make use of such channels.

  9. 9.

    If we consider the more general case of \(t' \le t\) corruptions, the adversary would learn the secret at an index v only if at least \((n- t- t')\) honest parties vote for v (as these along with the \(t'\) ballots known on behalf of the corrupt parties would allow the secret to be reconstructed). Therefore, for the adversary to learn secrets at two different indices, there must exist two disjoint sets of at least \((n- t- t')\). This could happen only if \(2(n- t- t') \le n- t'\), which implies \(n\le 2t+ t' \le 3t\) (as \(t' \le t\)); which contradicts our assumption of \(n> 3t\).

  10. 10.

    The peer-to-peer channels can be private or “open".

References

  1. Ananth, P., Choudhuri, A.R., Goel, A., Jain, A.: Two round information-theoretic MPC with malicious security. In: Ishai, Y., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2019, Part II. Lecture Notes in Computer Science, vol. 11477, pp. 532–561. Springer, Heidelberg, Germany, Darmstadt, Germany (May 19–23, 2019). https://doi.org/10.1007/978-3-030-17656-3_19

  2. Badrinarayanan, S., Miao, P., Mukherjee, P., Ravi, D.: On the round complexity of fully secure solitary mpc with honest majority. Cryptology ePrint Archive, Report 2021/241 (2021), https://eprint.iacr.org/2021/241

  3. Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) Advances in Cryptology - ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 134–153. Springer, Heidelberg, Germany, Beijing, China (Dec 2–6, 2012). https://doi.org/10.1007/978-3-642-34961-4_10

  4. Benhamouda, F., Lin, H.: k-round multiparty computation from k-round oblivious transfer via garbled interactive circuits. In: Nielsen, J.B., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2018, Part II. Lecture Notes in Computer Science, vol. 10821, pp. 500–532. Springer, Heidelberg, Germany, Tel Aviv, Israel (Apr 29 - May 3, 2018). https://doi.org/10.1007/978-3-319-78375-8_17

  5. Chen, M., Cohen, R., Doerner, J., Kondi, Y., Lee, E., Rosefield, S., shelat, a.: Multiparty generation of an RSA modulus. In: Micciancio, D., Ristenpart, T. (eds.) Advances in Cryptology - CRYPTO 2020, Part III. Lecture Notes in Computer Science, vol. 12172, pp. 64–93. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 17–21, 2020). https://doi.org/10.1007/978-3-030-56877-1_3

  6. Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: 18th Annual ACM Symposium on Theory of Computing. pp. 364–369. ACM Press, Berkeley, CA, USA (May 28–30, 1986). https://doi.org/10.1145/12130.12168

  7. Cohen, R., Garay, J.A., Zikas, V.: Broadcast-optimal two-round MPC. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology - EUROCRYPT 2020, Part II. Lecture Notes in Computer Science, vol. 12106, pp. 828–858. Springer, Heidelberg, Germany, Zagreb, Croatia (May 10–14, 2020). https://doi.org/10.1007/978-3-030-45724-2_28

  8. Cohen, R., Lindell, Y.: Fairness versus guaranteed output delivery in secure multiparty computation. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology - ASIACRYPT 2014, Part II. Lecture Notes in Computer Science, vol. 8874, pp. 466–485. Springer, Heidelberg, Germany, Kaoshiung, Taiwan, R.O.C. (Dec 7–11, 2014). https://doi.org/10.1007/978-3-662-45608-8_25

  9. Damgård, I., Magri, B., Ravi, D., Siniscalchi, L., Yakoubov, S.: Broadcast-optimal two round MPC with an honest majority. In: Crypto. pp. 155–184. Lecture Notes in Computer Science, Springer, Heidelberg, Germany (2021). https://doi.org/10.1007/978-3-030-84245-1_6

  10. Damgård, I., Ravi, D., Siniscalchi, L., Yakoubov, S.: Minimizing setup in broadcast-optimal two round MPC. Cryptology ePrint Archive, Report 2021/241 (2022), https://eprint.iacr.org/2022/293

  11. Ganesh, C., Patra, A.: Broadcast extensions with optimal communication and round complexity. In: Giakkoupis, G. (ed.) 35th ACM Symposium Annual on Principles of Distributed Computing. pp. 371–380. Association for Computing Machinery, Chicago, IL, USA (Jul 25–28, 2016). https://doi.org/10.1145/2933057.2933082

  12. Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2018, Part II. Lecture Notes in Computer Science, vol. 10821, pp. 468–499. Springer, Heidelberg, Germany, Tel Aviv, Israel (Apr 29 - May 3, 2018). https://doi.org/10.1007/978-3-319-78375-8_16

  13. Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: On 2-round secure multiparty computation. In: Yung, M. (ed.) Advances in Cryptology - CRYPTO 2002. Lecture Notes in Computer Science, vol. 2442, pp. 178–193. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 18–22, 2002). https://doi.org/10.1007/3-540-45708-9_12

  14. Goel, A., Jain, A., Prabhakaran, M., Raghunath, R.: On communication models and best-achievable security in two-round MPC. TCC p. 690 (2021)

    Google Scholar 

  15. Gordon, S.D., Liu, F.H., Shi, E.: Constant-round MPC with fairness and guarantee of output delivery. In: Gennaro, R., Robshaw, M.J.B. (eds.) Advances in Cryptology - CRYPTO 2015, Part II. Lecture Notes in Computer Science, vol. 9216, pp. 63–82. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 16–20, 2015). https://doi.org/10.1007/978-3-662-48000-7_4

  16. Hirt, M., Raykov, P.: Multi-valued byzantine broadcast: The \(t < n\) case. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology - ASIACRYPT 2014, Part II. Lecture Notes in Computer Science, vol. 8874, pp. 448–465. Springer, Heidelberg, Germany, Kaoshiung, Taiwan, R.O.C. (Dec 7–11, 2014). https://doi.org/10.1007/978-3-662-45608-8_24

  17. Ishai, Y., Kumaresan, R., Kushilevitz, E., Paskin-Cherniavsky, A.: Secure computation with minimal interaction, revisited. In: Gennaro, R., Robshaw, M.J.B. (eds.) Advances in Cryptology - CRYPTO 2015, Part II. Lecture Notes in Computer Science, vol. 9216, pp. 359–378. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 16–20, 2015). https://doi.org/10.1007/978-3-662-48000-7_18

  18. Ishai, Y., Kushilevitz, E., Paskin, A.: Secure multiparty computation with minimal interaction. In: Rabin, T. (ed.) Advances in Cryptology - CRYPTO 2010. Lecture Notes in Computer Science, vol. 6223, pp. 577–594. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 15–19, 2010). https://doi.org/10.1007/978-3-642-14623-7_31

  19. Lamport, L., Shostak, R.E., Pease, M.C.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)

    Article  MATH  Google Scholar 

  20. Patra, A., Ravi, D.: On the exact round complexity of secure three-party computation. In: Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology - CRYPTO 2018, Part II. Lecture Notes in Computer Science, vol. 10992, pp. 425–458. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 19–23, 2018). https://doi.org/10.1007/978-3-319-96881-0_15

Download references

Author information

Authors and Affiliations

  1. Aarhus University, Aarhus, Denmark

    Ivan Damgård, Divya Ravi & Sophia Yakoubov

  2. Technical University of Denmark, Kongens Lyngby, Denmark

    Luisa Siniscalchi

Authors
  1. Ivan Damgård
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Divya Ravi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luisa Siniscalchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sophia Yakoubov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luisa Siniscalchi .

Editor information

Editors and Affiliations

  1. Bar-Ilan University, Ramat Gan, Israel

    Carmit Hazay

  2. Simula UiB, Bergen, Norway

    Martijn Stam

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Damgård, I., Ravi, D., Siniscalchi, L., Yakoubov, S. (2023). Minimizing Setup in Broadcast-Optimal Two Round MPC. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14005. Springer, Cham. https://doi.org/10.1007/978-3-031-30617-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-30617-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-30616-7

  • Online ISBN: 978-3-031-30617-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation