Advertisement

Secure Arithmetic Computation with Constant Computational Overhead

  • Benny ApplebaumEmail author
  • Ivan Damgård
  • Yuval Ishai
  • Michael Nielsen
  • Lior Zichron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10401)

Abstract

We study the complexity of securely evaluating an arithmetic circuit over a finite field \(\mathbb {F}\) in the setting of secure two-party computation with semi-honest adversaries. In all existing protocols, the number of arithmetic operations per multiplication gate grows either linearly with \(\log |\mathbb {F}|\) or polylogarithmically with the security parameter. We present the first protocol that only makes a constant (amortized) number of field operations per gate. The protocol uses the underlying field \(\mathbb {F}\) as a black box, and its security is based on arithmetic analogues of well-studied cryptographic assumptions.

Our protocol is particularly appealing in the special case of securely evaluating a “vector-OLE” function of the form \(\varvec{a}x+\varvec{b}\), where \(x\in \mathbb {F}\) is the input of one party and \(\varvec{a},\varvec{b}\in \mathbb {F}^w\) are the inputs of the other party. In this case, which is motivated by natural applications, our protocol can achieve an asymptotic rate of 1/3 (i.e., the communication is dominated by sending roughly 3w elements of \(\mathbb {F}\)). Our implementation of this protocol suggests that it outperforms competing approaches even for relatively small fields \(\mathbb {F}\) and over fast networks.

Our technical approach employs two new ingredients that may be of independent interest. First, we present a general way to combine any linear code that has a fast encoder and a cryptographic (“LPN-style”) pseudorandomness property with another linear code that supports fast encoding and erasure-decoding, obtaining a code that inherits both the pseudorandomness feature of the former code and the efficiency features of the latter code. Second, we employ local arithmetic pseudo-random generators, proposing arithmetic generalizations of boolean candidates that resist all known attacks.

Notes

Acknowledgements

The first and fifth authors were supported by the European Union’s Horizon 2020 Programme (ERC-StG-2014-2020) under grant agreement no. 639813 ERC-CLC, by an ICRC grant and by the Check Point Institute for Information Security. The third author was supported in part by NSF-BSF grant 2015782, BSF grant 2012366, ISF grant 1709/14, DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the DARPA through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the authors and do not reflect the official policy or position of the DoD, the NSF, or the U.S. Government. The second and forth author were supported by the advanced ERC grant MPCPRO.

References

  1. 1.
    Alekhnovich, M.: More on average case vs approximation complexity. Comput. Complex. 20(4), 755–786 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Ananth, P., Sahai, A.: Projective arithmetic functional encryption and indistinguishability obfuscation from degree-5 multilinear maps. IACR Cryptology ePrint Archive 2016:1097 (2016)Google Scholar
  3. 3.
    Applebaum, B.: Pseudorandom generators with long stretch and low locality from random local one-way functions. SIAM J. Comput. 42(5), 2008–2037 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Applebaum, B.: Cryptographic hardness of random local functions - survey. Comput. Complex. 25(3), 667–722 (2016)CrossRefzbMATHGoogle Scholar
  5. 5.
    Applebaum, B., Avron, J., Brzuska, C.: Arithmetic cryptography: extended abstract. In: Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ITCS 2015, Rehovot, Israel, 11–13 January 2015, pp. 143–151 (2015)Google Scholar
  6. 6.
    Applebaum, B., Barak, B., Wigderson, A.: Public-key cryptography from different assumptions. In: STOC, pp. 171–180 (2010)Google Scholar
  7. 7.
    Applebaum, B., Bogdanov, A., Rosen, A.: A dichotomy for local small-bias generators. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 600–617. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_34 CrossRefGoogle Scholar
  8. 8.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC\(^{0}\). SIAM J. Comput. 36(4), 845–888 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: On pseudorandom generators with linear stretch in NC\(^{0}\). Comput. Complex. 17(1), 38–69 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. SIAM J. Comput. 43(2), 905–929 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Applebaum, B., Lovett, S.: Algebraic attacks against random local functions and their countermeasures. In: STOC, pp. 1087–1100 (2016)Google Scholar
  12. 12.
    Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer extensions. Cryptology ePrint Archive, Report 2016/602 (2016). http://eprint.iacr.org/2016/602
  13. 13.
    Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: STOC, pp. 479–488 (1996)Google Scholar
  14. 14.
    Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994). doi: 10.1007/3-540-48329-2_24 CrossRefGoogle Scholar
  15. 15.
    Boneh, D., Franklin, M.K.: Efficient generation of shared RSA keys. J. ACM 48(4), 702–722 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Bost, R., Popa, R.A., Tu, S., Goldwasser, S.: Machine learning classification over encrypted data. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8–11 February 2015Google Scholar
  17. 17.
    Cramer, R., Damgård, I.: Secure distributed linear algebra in a constant number of rounds. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 119–136. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_7 CrossRefGoogle Scholar
  18. 18.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001). doi: 10.1007/3-540-44586-2_9 CrossRefGoogle Scholar
  19. 19.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_38 CrossRefGoogle Scholar
  20. 20.
    Druk, E., Ishai, Y.: Linear-time encodable codes meeting the Gilbert-Varshamov bound and their cryptographic applications. In: ITCS, pp. 169–182 (2014)Google Scholar
  21. 21.
    Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognition. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03168-7_14 CrossRefGoogle Scholar
  22. 22.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. CACM 28(6), 637–647 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Feldman, V., Perkins, W., Vempala, S.: On the complexity of random satisfiability problems with planted solutions. In: STOC, pp. 77–86 (2015)Google Scholar
  24. 24.
    Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K.E., Naehrig, M., Wernsing, J.: Cryptonets: applying neural networks to encrypted data with high throughput and accuracy. In: Proceedings of the 33rd International Conference on Machine Learning, ICML 2016, New York, NY, USA, 19–24 June 2016, pp. 201–210 (2016)Google Scholar
  25. 25.
    Gilbert, E.N.: A comparison of signalling alphabets. Bell Syst. Tech. J. 31(3), 504–522 (1952)CrossRefGoogle Scholar
  26. 26.
    Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_8 CrossRefGoogle Scholar
  27. 27.
    Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)CrossRefzbMATHGoogle Scholar
  28. 28.
    Goldreich, O.: Candidate one-way functions based on expander graphs. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. LNCS, vol. 6650, pp. 76–87. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22670-0_10 CrossRefGoogle Scholar
  29. 29.
    Goldreich, O., Krawczyk, H., Luby, M.: On the existence of pseudorandom generators. SIAM J. Comput. 22(6), 1163–1175 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York, NY, USA, pp. 218–229 (1987)Google Scholar
  31. 31.
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_9 CrossRefGoogle Scholar
  32. 32.
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: FOCS (2000)Google Scholar
  33. 33.
    Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Eidenbenz, S., Triguero, F., Morales, R., Conejo, R., Hennessy, M. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002). doi: 10.1007/3-540-45465-9_22 CrossRefGoogle Scholar
  34. 34.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with constant computational overhead. In: STOC, pp. 433–442 (2008)Google Scholar
  35. 35.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Secure arithmetic computation with no honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 294–314. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_18 CrossRefGoogle Scholar
  36. 36.
    Keller, M., Orsini, E., Scholl, P.: Actively secure OT extension with optimal overhead. Cryptology ePrint Archive, Report 2015/546 (2015). http://eprint.iacr.org/2015/546
  37. 37.
    Keller, M., Orsini, E., Scholl, P.: MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 830–842 (2016)Google Scholar
  38. 38.
    Kothari, P.K., Mori, R., O’Donnell, R., Witmer, D.: Sum of squares lower bounds for refuting any CSP (2017). CoRR, abs/1701.04521Google Scholar
  39. 39.
    Lin, H.: Indistinguishability obfuscation from constant-degree graded encoding schemes. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 28–57. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49890-3_2 CrossRefGoogle Scholar
  40. 40.
    Lin, H.: Indistinguishability obfuscation from DDH on 5-linear maps and locality-5 PRGs. IACR Cryptology ePrint Archive 2016:1096 (2016)Google Scholar
  41. 41.
    Lin, H., Vaikuntanathan, V.: Indistinguishability obfuscation from DDH-like assumptions on constant-degree graded encodings. In: FOCS, pp. 11–20 (2016)Google Scholar
  42. 42.
    Luby, M.: LT codes. In: FOCS, p. 271. IEEE Computer Society (2002)Google Scholar
  43. 43.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_1 CrossRefGoogle Scholar
  44. 44.
    Mohassel, P., Weinreb, E.: Efficient secure linear algebra in the presence of covert or computationally unbounded adversaries. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 481–496. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_27 CrossRefGoogle Scholar
  45. 45.
    Mossel, E., Shpilka, A., Trevisan, L.: On epsilon-biased generators in NC\(^{0}\). Random Struct. Algorithms 29(1), 56–81 (2006)CrossRefzbMATHGoogle Scholar
  46. 46.
    Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35(5), 1254–1281 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  47. 47.
    O’Donnell, R., Witmer, D.: Goldreich’s PRG: evidence for near-optimal polynomial stretch. In: CCC, pp. 1–12 (2014)Google Scholar
  48. 48.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi: 10.1007/3-540-48910-X_16 CrossRefGoogle Scholar
  49. 49.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1–34:40 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  50. 50.
    Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: Efficient privacy-preserving face recognition. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 229–244. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14423-3_16 CrossRefGoogle Scholar
  51. 51.
    Spielman, D.A.: Linear-time encodable and decodable error-correcting codes. IEEE Trans. Inf. Theory 42(6), 1723–1731 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  52. 52.
    Varshamov, R.R.: Estimate of the number of signals in error correcting codes. In: Doklady Akademii Nauk SSSR, no. 117, pp. 739–741 (1957)Google Scholar
  53. 53.
    Wiedemann, D.H.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32(1), 54–62 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  54. 54.
    Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Benny Applebaum
    • 1
    Email author
  • Ivan Damgård
    • 2
  • Yuval Ishai
    • 3
  • Michael Nielsen
    • 2
  • Lior Zichron
    • 1
  1. 1.Tel Aviv UniversityTel AvivIsrael
  2. 2.Aarhus UniversityAarhusDenmark
  3. 3.Technion and UCLAHaifaIsrael

Personalised recommendations