Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer

  • Yehuda Lindell
  • Benny Pinkas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6597)

Abstract

Protocols for secure two-party computation enable a pair of parties to compute a function of their inputs while preserving security properties such as privacy, correctness and independence of inputs. Recently, a number of protocols have been proposed for the efficient construction of two-party computation secure in the presence of malicious adversaries (where security is proven under the standard simulation-based ideal/real model paradigm for defining security). In this paper, we present a protocol for this task that follows the methodology of using cut-and-choose to boost Yao’s protocol to be secure in the presence of malicious adversaries. Relying on specific assumptions (DDH), we construct a protocol that is significantly more efficient and far simpler than the protocol of Lindell and Pinkas (Eurocrypt 2007) that follows the same methodology. We provide an exact, concrete analysis of the efficiency of our scheme and demonstrate that (at least for not very small circuits) our protocol is more efficient than any other known today.

References

  1. 1.
    Aumann, Y., Lindell, Y.: Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries. Journal of Cryptology 23(2), 281–343 (2010)CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Beaver, D.: Foundations of Secure Interactive Computing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 377–391. Springer, Heidelberg (1992)Google Scholar
  3. 3.
    Canetti, R.: Security and Composition of Multi-party Cryptographic Protocols. Journal of Cryptology 13(1), 143–202 (2000)CrossRefMATHMathSciNetGoogle Scholar
  4. 4.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: 42nd FOCS, pp. 136–145 (2001), Full version http://eprint.iacr.org/2000/067
  5. 5.
    Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Carter, L., Wegman, M.N.: Universal Classes of Hash Functions. JCSS 18(2), 143–154 (1979)MATHMathSciNetGoogle Scholar
  7. 7.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Damgård, I.: On Σ Protocols, http://www.daimi.au.dk/~ivan/Sigma.pdf
  9. 9.
    Dodis, Y., Shoup, V., Walfish, S.: Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 515–535. Springer, Heidelberg (2008)Google Scholar
  10. 10.
    Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)Google Scholar
  11. 11.
    Garay, J., MacKenzie, P., Yang, K.: Strengthening Zero-Knowledge Protocols Using Signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 177–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Goldreich, O.: Foundations of Cryptography: Volume 2 – Basic Applications. Cambridge University Press, Cambridge (2004)Google Scholar
  13. 13.
    Goldreich, O., Micali, S., Wigderson, A.: How to Play any Mental Game – A Completeness Theorem for Protocols with Honest Majority. In: 19th STOC, pp. 218–229 (1987), For details see [12, Chapter 7]Google Scholar
  14. 14.
    Goldwasser, S., Levin, L.: Fair Computation of General Functions in Presence of Immoral Majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  15. 15.
    Goyal, V., Mohassel, P., Smith, A.: Efficient Two Party and Multi Party Computation Against Covert Adversaries. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 289–306. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Hastad, J., Impagliazzo, R., Levin, L., Luby, M.: Construction of a Pseudo-random Generator from any One-way Function. SIAM Journal on Computing 28(4), 1364–1396 (1999)CrossRefMATHMathSciNetGoogle Scholar
  17. 17.
    Hazay, C., Nissim, K.: Efficient Set Operations in the Presence of Malicious Adversaries. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 312–331. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding Cryptography on Oblivious Transfer – Efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)Google Scholar
  19. 19.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Secure Arithmetic Computation with No Honest Majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 294–314. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Jarecki, S., Shmatikov, V.: Efficient Two-Party Secure Computation on Committed Inputs. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 97–114. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Kiraz, M., Schoenmakers, B.: A Protocol Issue for the Malicious Case of Yao’s Garbled Circuit Construction. In: Proceedings of 27th Symposium on Information Theory in the Benelux, pp. 283–290 (2006)Google Scholar
  22. 22.
    Lindell, Y.: Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation. Journal of Cryptology 16(3), 143–184 (2003)CrossRefMATHMathSciNetGoogle Scholar
  23. 23.
    Lindell, Y., Pinkas, B.: A Proof of Yao’s Protocol for Secure Two-Party Computation. The Journal of Cryptology 22(2), 161–188 (2009)CrossRefMATHMathSciNetGoogle Scholar
  24. 24.
    Lindell, Y., Pinkas, B.: An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 52–78. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  25. 25.
    MacKenzie, P., Yang, K.: On Simulation-Sound Trapdoor Commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382–400. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Micali, S., Rogaway, P.: Secure Computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992)Google Scholar
  27. 27.
    Naor, M., Reingold, O.: Synthesizers and Their Application to the Parallel Construction of Psuedo-Random Functions. In: 36th FOCS, pp. 170–181 (1995)Google Scholar
  28. 28.
    Nielsen, J.B., Orlandi, C.: LEGO for Two-Party Secure Computation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 368–386. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Orlandi, C.: Personal communication (2010)Google Scholar
  30. 30.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A Framework for Efficient and Composable Oblivious Transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)Google Scholar
  31. 31.
    Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure Two-Party Computation Is Practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  32. 32.
    Shamir, A.: How to Share a Secret. Communications of the ACM 22(11), 612–613 (1979)CrossRefMATHMathSciNetGoogle Scholar
  33. 33.
    Yao, A.C.: How to Generate and Exchange Secrets. In: 27th FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Yehuda Lindell
    • 1
  • Benny Pinkas
    • 1
  1. 1.Dept. of Computer ScienceBar-Ilan UniversityIsrael

Personalised recommendations