Skip to main content
SpringerLink
Log in

Towards Topology-Hiding Computation from Oblivious Transfer

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14369))

Included in the following conference series:

  • 250 Accesses

Abstract

Topology-Hiding Computation (THC) enables parties to securely compute a function on an incomplete network without revealing the network topology. It is known that secure computation on a complete network can be based on oblivious transfer (OT), even if a majority of the participating parties are corrupt. In contrast, THC in the dishonest majority setting is only known from assumptions that imply (additively) homomorphic encryption, such as Quadratic Residuosity, Decisional Diffie-Hellman, or Learning With Errors.

In this work we move towards closing the gap between MPC and THC by presenting a protocol for THC on general graphs secure against all-but-one semi-honest corruptions from constant-round constant-overhead secure two-party computation. Our protocol is therefore the first to achieve THC on arbitrary networks without relying on assumptions with rich algebraic structure. As a technical tool, we introduce the notion of locally simulatable MPC, which we believe to be of independent interest.

The full version [BBKM23] is available as entry 2023/849 in the IACR eprint archive.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In contrast, this is trivial to achieve (in the semi-honest setting) if hiding network topology is not a concern: simply forward the message through the network.

  2. 2.

    MPC with constant computational overhead means that a circuit of size s(n) can be securely evaluated in time \(O(s(n))+{\text {poly}}(\lambda )\), where the latter term is a fixed polynomial of the security parameter.

  3. 3.

    [HMTZ16] gave an early construction of a more efficient protocol for such graphs from the decisional Diffie-Hellman assumption.

  4. 4.

    On the other hand, it is known that oblivious transfer is necessary to simply communicate in a topology-hiding manner in the presence of a dishonest majority. In particular, OT is implied by topology-hiding broadcast with a dishonest majority for graphs with just 4 nodes [BBMM18]. Again, because the broadcast functionality does not hide its inputs it is trivial to realize without hiding the topology. [BBC+20] showed that OT is necessary for topology-hiding anonymous broadcast on even simpler graphs.

  5. 5.

    In fact, the protocol we describe can be seen as a conceptually simpler alternative to Ball et al.’s [BBC+19, Theorem 4.1] 1-secure, semi-honest, information-theoretic topology-hiding anonymous broadcast on the class of all cycles with a given vertex set.

  6. 6.

    If the box was clonable, a party could make a local copy then learn the partial OR of the inputs of all parties who previously handled the box by simply plugging 0s until they receive an output.

  7. 7.

    The stationary distribution is not uniform, but nevertheless each party has non-negligible probability of being the last party.

  8. 8.

    While this is beyond the scope of this exposition, we could quantify the leakage in terms of the electric conductance of the graph. What this means additionally is that the protocol is even insecure against a single corruption as a party can learn information from just counting the number of rounds between two consecutive visits of the box.

  9. 9.

    However our final protocol will turn out to be both topology-hiding and locally simulatable.

  10. 10.

    Note that the distinction into \(\mu \) different simulators instead of \(\mu \) copies of the same simulator is solely for the sake of clarity.

  11. 11.

    A walk in a graph is an alternating sequence of adjacent vertices and edges; both vertices and edges may be repeated. A covering walk contains each vertex at least once.

References

  1. Awerbuch, B., Goldreich, O., Peleg, D., Vainish, R.: A tradeoff between information and communication in broadcast protocols. In: Reif, J.H. (ed.) AWOC 1988. LNCS, vol. 319, pp. 369–379. Springer, New York (1988). https://doi.org/10.1007/BFb0040404

    Chapter  MATH  Google Scholar 

  2. Akavia, A., LaVigne, R., Moran, T.: Topology-hiding computation on all graphs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 447–467. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_15

    Chapter  Google Scholar 

  3. Akavia, A., LaVigne, R., Moran, T.: Topology-hiding computation on all graphs. J. Cryptol. 33(1), 176–227 (2020)

    Article  MathSciNet  MATH  Google Scholar 

  4. Akavia, A., Moran, T.: Topology-hiding computation beyond logarithmic diameter. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 609–637. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_21

    Chapter  Google Scholar 

  5. Ball, M., Boyle, E., Cohen, R., Malkin, T., Moran, T.: Is information-theoretic topology-hiding computation possible? In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 502–530. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_20

    Chapter  Google Scholar 

  6. Ball, M., et al.: Topology-hiding communication from minimal assumptions. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12551, pp. 473–501. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_17

    Chapter  Google Scholar 

  7. Ball, M., Bienstock, A., Kohl, L., Meyer, P.: Towards topology-hiding computation from oblivious transfer. Cryptology ePrint Archive, Paper 2023/849 (2023). https://eprint.iacr.org/2023/849

  8. Ball, M., Boyle, E., Malkin, T., Moran, T.: Exploring the boundaries of topology-hiding computation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 294–325. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_10

    Chapter  Google Scholar 

  9. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: 20th Annual ACM Symposium on Theory of Computing, pp. 1–10, Chicago, IL, USA, ACM Press, 2–4 May 1988

    Google Scholar 

  10. Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_48

    Chapter  Google Scholar 

  11. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  12. Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: 20th Annual ACM Symposium on Theory of Computing, pp. 11–19, Chicago, IL, USA, ACM Press, 2–4 May 1988

    Google Scholar 

  13. David, B., Dowsley, R., Nascimento, A.C.A.: Universally composable oblivious transfer based on a variant of LPN. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 143–158. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12280-9_10

    Chapter  Google Scholar 

  14. Döttling, N., Garg, S., Hajiabadi, M., Masny, D., Wichs, D.: Two-round oblivious transfer from CDH or LPN. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 768–797. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_26

    Chapter  Google Scholar 

  15. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.), 19th Annual ACM Symposium on Theory of Computing, pp. 218–229, New York City, NY, USA, ACM Press, 25–27 May 1987

    Google Scholar 

  16. Goldreich, O.: Candidate one-way functions based on expander graphs. Cryptology ePrint Archive, Report 2000/063 (2000). https://eprint.iacr.org/2000/063

  17. Hirt, M., Maurer, U., Tschudi, D., Zikas, V.: Network-hiding communication and applications to multi-party protocols. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 335–365. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_12

    Chapter  Google Scholar 

  18. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with constant computational overhead. In: Richard, E.L., Cynthia, D. (eds.), 40th Annual ACM Symposium on Theory of Computing, pp. 433–442, Victoria, BC, Canada, ACM Press, 17–20 May 2008

    Google Scholar 

  19. Li, S.: Towards practical topology-hiding computation. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology - ASIACRYPT 2022. ASIACRYPT 2022. LNCS, vol. 13791, pp. 588–617. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22963-3_20

  20. LaVigne, R., Liu-Zhang, C.-D., Maurer, U., Moran, T., Mularczyk, M., Tschudi, D.: Topology-hiding computation beyond semi-honest adversaries. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 3–35. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_1

    Chapter  Google Scholar 

  21. Moran, T., Orlov, I., Richelson, S.: Topology-hiding computation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 159–181. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_8

    Chapter  Google Scholar 

  22. Mossel, E., Shpilka, A., Trevisan, L.: On e-biased generators in NC0. In 44th Annual Symposium on Foundations of Computer Science, pp. 136–145, Cambridge, MA, USA, IEEE, Computer Society Press, 11–14 October 2003

    Google Scholar 

  23. ODonnell, R., Witmer, D.: Goldreich’s prg: evidence for near-optimal polynomial stretch. In: 2014 IEEE 29th Conference on Computational Complexity (CCC), pp. 1–12. IEEE (2014)

    Google Scholar 

  24. Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: 21st Annual ACM Symposium on Theory of Computing, pp. 73–85, Seattle, WA, USA, ACM Press, 15–17 May 1989

    Google Scholar 

  25. Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164, Chicago, Illinois, IEEE Computer Society Press, 3–5 November 1982

    Google Scholar 

  26. Yu, Yu., Zhang, J.: Cryptography with auxiliary input and trapdoor from constant-noise LPN. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 214–243. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_9

    Chapter  Google Scholar 

Download references

Acknowledgments

We thank Elette Boyle, Ran Cohen, and Tal Moran for helpful discussions. Marshall Ball is supported in part by the Simons Foundation. Lisa Kohl is funded by NWO Gravitation project QSC. Pierre Meyer was supported by ERC Project HSS (852952) and by AFOSR Award FA9550-21-1-0046. We thank the anonymous reviewers of TCC for helpful feedback regarding the presentation of our results.

Author information

Authors and Affiliations

  1. New York University, New York, USA

    Marshall Ball & Alexander Bienstock

  2. CWI, Cryptology Group, Amsterdam, The Netherlands

    Lisa Kohl

  3. IDC Herzliya, ISRAEL and IRIF, Université Paris Cité, CNRS, Paris, France

    Pierre Meyer

Authors
  1. Marshall Ball
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Bienstock
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lisa Kohl
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierre Meyer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pierre Meyer .

Editor information

Editors and Affiliations

  1. Apple, Cupertino, CA, USA

    Guy Rothblum

  2. NTT Research, Sunnyvale, CA, USA

    Hoeteck Wee

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ball, M., Bienstock, A., Kohl, L., Meyer, P. (2023). Towards Topology-Hiding Computation from Oblivious Transfer. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023. Lecture Notes in Computer Science, vol 14369. Springer, Cham. https://doi.org/10.1007/978-3-031-48615-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-48615-9_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-48614-2

  • Online ISBN: 978-3-031-48615-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation