Abstract
In this paper we consider two-round secure computation protocols which use different communication channels in different rounds: namely, protocols where broadcast is available in neither round, both rounds, only the first round, or only the second round. The prior works of Cohen, Garay and Zikas (Eurocrypt 2020) and Damgård, Magri, Ravi, Siniscalchi and Yakoubov (Crypto 2021) give tight characterizations of which security guarantees are achievable for various thresholds in each communication structure .
In this work, we introduce a new security notion, namely, selective identifiable abort, which guarantees that every honest party either obtains the output, or aborts identifying one corrupt party (where honest parties may potentially identify different corrupted parties). We investigate what broadcast patterns in two-round MPC allow achieving this guarantee across various settings (such as with or without PKI, with or without an honest majority).
Further, we determine what is possible in the honest majority setting without a PKI, closing a question left open by Damgård et al. We show that without a PKI, having an honest majority does not make it possible to achieve stronger security guarantees compared to the dishonest majority setting. However, if two-thirds of the parties are guaranteed to be honest, identifiable abort is additionally achievable using broadcast only in the second round.
We use fundamentally different techniques from the previous works to avoid relying on private communication in the first round when a PKI is not available, since assuming such private channels without the availability of public encryption keys is unrealistic. We also show that, somewhat surprisingly, the availability of private channels in the first round does not enable stronger security guarantees unless the corruption threshold is one.
S. Yakoubov—Funded in part by the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 669255 (MPCPRO) and No 803096 (SPEC).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We do assume that the peer-to-peer channels are authenticated.
- 2.
Throughout this paper, we use the term ‘PKI’ to refer to a ‘trusted PKI’, where the PKI keys are assumed to be honestly generated for all parties.
- 3.
Given an additional round of communication instead of a PKI, things look different; Badrinarayanan et al. [2] study broadcast-optimal three-round MPC with GOD given an honest majority and CRS, and show that GOD is achievable in the BC-BC-P2P setting.
- 4.
This strengthens the fairness impossibility result of Gordon et al. [15] which holds for \(n\le 3t\).
- 5.
Note that the full power of our one-or-nothing secret sharing with intermediaries is not necessary here; in our construction, we only require two levels of sharing and intermediaries in order to achieve identifiable abort, while this construction aims only for selective and unanimous abort in the two different settings respectively.
- 6.
Adaptive garbling schemes [3] remain secure against an adversary who obtains the garbled circuit and then selects the input.
- 7.
We note that our security proofs can translate to an appropriate (synchronous) composable setting with minimal changes. We also give the formal definition of the new security notion of selective identifiable abort (\(\mathsf {sl\text {-}idabort}\)).
- 8.
Some of our negative results hold even if private peer-to-peer channels are available in the first round. However, our positive results do not make use of such channels.
- 9.
If we consider the more general case of \(t' \le t\) corruptions, the adversary would learn the secret at an index v only if at least \((n- t- t')\) honest parties vote for v (as these along with the \(t'\) ballots known on behalf of the corrupt parties would allow the secret to be reconstructed). Therefore, for the adversary to learn secrets at two different indices, there must exist two disjoint sets of at least \((n- t- t')\). This could happen only if \(2(n- t- t') \le n- t'\), which implies \(n\le 2t+ t' \le 3t\) (as \(t' \le t\)); which contradicts our assumption of \(n> 3t\).
- 10.
The peer-to-peer channels can be private or “open".
References
Ananth, P., Choudhuri, A.R., Goel, A., Jain, A.: Two round information-theoretic MPC with malicious security. In: Ishai, Y., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2019, Part II. Lecture Notes in Computer Science, vol. 11477, pp. 532–561. Springer, Heidelberg, Germany, Darmstadt, Germany (May 19–23, 2019). https://doi.org/10.1007/978-3-030-17656-3_19
Badrinarayanan, S., Miao, P., Mukherjee, P., Ravi, D.: On the round complexity of fully secure solitary mpc with honest majority. Cryptology ePrint Archive, Report 2021/241 (2021), https://eprint.iacr.org/2021/241
Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) Advances in Cryptology - ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 134–153. Springer, Heidelberg, Germany, Beijing, China (Dec 2–6, 2012). https://doi.org/10.1007/978-3-642-34961-4_10
Benhamouda, F., Lin, H.: k-round multiparty computation from k-round oblivious transfer via garbled interactive circuits. In: Nielsen, J.B., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2018, Part II. Lecture Notes in Computer Science, vol. 10821, pp. 500–532. Springer, Heidelberg, Germany, Tel Aviv, Israel (Apr 29 - May 3, 2018). https://doi.org/10.1007/978-3-319-78375-8_17
Chen, M., Cohen, R., Doerner, J., Kondi, Y., Lee, E., Rosefield, S., shelat, a.: Multiparty generation of an RSA modulus. In: Micciancio, D., Ristenpart, T. (eds.) Advances in Cryptology - CRYPTO 2020, Part III. Lecture Notes in Computer Science, vol. 12172, pp. 64–93. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 17–21, 2020). https://doi.org/10.1007/978-3-030-56877-1_3
Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: 18th Annual ACM Symposium on Theory of Computing. pp. 364–369. ACM Press, Berkeley, CA, USA (May 28–30, 1986). https://doi.org/10.1145/12130.12168
Cohen, R., Garay, J.A., Zikas, V.: Broadcast-optimal two-round MPC. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology - EUROCRYPT 2020, Part II. Lecture Notes in Computer Science, vol. 12106, pp. 828–858. Springer, Heidelberg, Germany, Zagreb, Croatia (May 10–14, 2020). https://doi.org/10.1007/978-3-030-45724-2_28
Cohen, R., Lindell, Y.: Fairness versus guaranteed output delivery in secure multiparty computation. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology - ASIACRYPT 2014, Part II. Lecture Notes in Computer Science, vol. 8874, pp. 466–485. Springer, Heidelberg, Germany, Kaoshiung, Taiwan, R.O.C. (Dec 7–11, 2014). https://doi.org/10.1007/978-3-662-45608-8_25
Damgård, I., Magri, B., Ravi, D., Siniscalchi, L., Yakoubov, S.: Broadcast-optimal two round MPC with an honest majority. In: Crypto. pp. 155–184. Lecture Notes in Computer Science, Springer, Heidelberg, Germany (2021). https://doi.org/10.1007/978-3-030-84245-1_6
Damgård, I., Ravi, D., Siniscalchi, L., Yakoubov, S.: Minimizing setup in broadcast-optimal two round MPC. Cryptology ePrint Archive, Report 2021/241 (2022), https://eprint.iacr.org/2022/293
Ganesh, C., Patra, A.: Broadcast extensions with optimal communication and round complexity. In: Giakkoupis, G. (ed.) 35th ACM Symposium Annual on Principles of Distributed Computing. pp. 371–380. Association for Computing Machinery, Chicago, IL, USA (Jul 25–28, 2016). https://doi.org/10.1145/2933057.2933082
Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2018, Part II. Lecture Notes in Computer Science, vol. 10821, pp. 468–499. Springer, Heidelberg, Germany, Tel Aviv, Israel (Apr 29 - May 3, 2018). https://doi.org/10.1007/978-3-319-78375-8_16
Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: On 2-round secure multiparty computation. In: Yung, M. (ed.) Advances in Cryptology - CRYPTO 2002. Lecture Notes in Computer Science, vol. 2442, pp. 178–193. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 18–22, 2002). https://doi.org/10.1007/3-540-45708-9_12
Goel, A., Jain, A., Prabhakaran, M., Raghunath, R.: On communication models and best-achievable security in two-round MPC. TCC p. 690 (2021)
Gordon, S.D., Liu, F.H., Shi, E.: Constant-round MPC with fairness and guarantee of output delivery. In: Gennaro, R., Robshaw, M.J.B. (eds.) Advances in Cryptology - CRYPTO 2015, Part II. Lecture Notes in Computer Science, vol. 9216, pp. 63–82. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 16–20, 2015). https://doi.org/10.1007/978-3-662-48000-7_4
Hirt, M., Raykov, P.: Multi-valued byzantine broadcast: The \(t < n\) case. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology - ASIACRYPT 2014, Part II. Lecture Notes in Computer Science, vol. 8874, pp. 448–465. Springer, Heidelberg, Germany, Kaoshiung, Taiwan, R.O.C. (Dec 7–11, 2014). https://doi.org/10.1007/978-3-662-45608-8_24
Ishai, Y., Kumaresan, R., Kushilevitz, E., Paskin-Cherniavsky, A.: Secure computation with minimal interaction, revisited. In: Gennaro, R., Robshaw, M.J.B. (eds.) Advances in Cryptology - CRYPTO 2015, Part II. Lecture Notes in Computer Science, vol. 9216, pp. 359–378. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 16–20, 2015). https://doi.org/10.1007/978-3-662-48000-7_18
Ishai, Y., Kushilevitz, E., Paskin, A.: Secure multiparty computation with minimal interaction. In: Rabin, T. (ed.) Advances in Cryptology - CRYPTO 2010. Lecture Notes in Computer Science, vol. 6223, pp. 577–594. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 15–19, 2010). https://doi.org/10.1007/978-3-642-14623-7_31
Lamport, L., Shostak, R.E., Pease, M.C.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)
Patra, A., Ravi, D.: On the exact round complexity of secure three-party computation. In: Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology - CRYPTO 2018, Part II. Lecture Notes in Computer Science, vol. 10992, pp. 425–458. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 19–23, 2018). https://doi.org/10.1007/978-3-319-96881-0_15
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Damgård, I., Ravi, D., Siniscalchi, L., Yakoubov, S. (2023). Minimizing Setup in Broadcast-Optimal Two Round MPC. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14005. Springer, Cham. https://doi.org/10.1007/978-3-031-30617-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-30617-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30616-7
Online ISBN: 978-3-031-30617-4
eBook Packages: Computer ScienceComputer Science (R0)