Communication Locality in Secure Multi-party Computation

How to Run Sublinear Algorithms in a Distributed Setting
  • Elette Boyle
  • Shafi Goldwasser
  • Stefano Tessaro
Conference paper

DOI: 10.1007/978-3-642-36594-2_21

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7785)
Cite this paper as:
Boyle E., Goldwasser S., Tessaro S. (2013) Communication Locality in Secure Multi-party Computation. In: Sahai A. (eds) Theory of Cryptography. Lecture Notes in Computer Science, vol 7785. Springer, Berlin, Heidelberg

Abstract

We devise multi-party computation protocols for general secure function evaluation with the property that each party is only required to communicate with a small number of dynamically chosen parties. More explicitly, starting with n parties connected via a complete and synchronous network, our protocol requires each party to send messages to (and process messages from) at most polylog(n) other parties using polylog(n) rounds. It achieves secure computation of any polynomial-time computable randomized function f under cryptographic assumptions, and tolerates up to \(({1\over 3} - \epsilon) \cdot n\) statically scheduled Byzantine faults.

We then focus on the particularly interesting setting in which the function to be computed is a sublinear algorithm: An evaluation of f depends on the inputs of at most q = o(n) of the parties, where the identity of these parties can be chosen randomly and possibly adaptively. Typically, q = polylog(n). While the sublinear query complexity of f makes it possible in principle to dramatically reduce the communication complexity of our general protocol, the challenge is to achieve this while maintaining security: in particular, while keeping the identities of the selected inputs completely hidden. We solve this challenge, and we provide a protocol for securely computing such sublinear f that runs in polylog(n) + O(q) rounds, has each party communicating with at most q ·polylog(n) other parties, and supports message sizespolylog(n) ·(ℓ + n), where ℓ is the parties’ input size.

Our optimized protocols rely on a multi-signature scheme, fully homomorphic encryption (FHE), and simulation-sound adaptive NIZK arguments. However, we remark that multi-signatures and FHE are used to obtain our bounds on message size and round complexity. Assuming only standard digital signatures and public-key encryption, one can still obtain the property that each party only communicates with polylog(n) other parties. We emphasize that the scheduling of faults can depend on the initial PKI setup of digital signatures and the NIZK parameters.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Elette Boyle
    • 1
  • Shafi Goldwasser
    • 2
  • Stefano Tessaro
    • 1
  1. 1.MIT CSAILUSA
  2. 2.MIT CSAIL and WeizmannUSA

Personalised recommendations