Advertisement

Efficient Pseudorandom Correlation Generators: Silent OT Extension and More

  • Elette Boyle
  • Geoffroy CouteauEmail author
  • Niv Gilboa
  • Yuval Ishai
  • Lisa Kohl
  • Peter SchollEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11694)

Abstract

Secure multiparty computation (MPC) often relies on correlated randomness for better efficiency and simplicity. This is particularly useful for MPC with no honest majority, where input-independent correlated randomness enables a lightweight “non-cryptographic” online phase once the inputs are known. However, since the amount of randomness typically scales with the circuit size of the function being computed, securely generating correlated randomness forms an efficiency bottleneck, involving a large amount of communication and storage.

A natural tool for addressing the above limitations is a pseudorandom correlation generator (PCG). A PCG allows two or more parties to securely generate long sources of useful correlated randomness via a local expansion of correlated short seeds and no interaction. PCGs enable MPC with silent preprocessing, where a small amount of interaction used for securely sampling the seeds is followed by silent local generation of correlated pseudorandomness.

A concretely efficient PCG for Vector-OLE correlations was recently obtained by Boyle et al. (CCS 2018) based on variants of the learning parity with noise (LPN) assumption over large fields. In this work, we initiate a systematic study of PCGs and present concretely efficient constructions for several types of useful MPC correlations. We obtain the following main contributions:
  • PCG foundations. We give a general security definition for PCGs. Our definition suffices for any MPC protocol satisfying a stronger security requirement that is met by existing protocols. We prove that a stronger security requirement is indeed necessary, and justify our PCG definition by ruling out a stronger and more natural definition.

  • Silent OT extension. We present the first concretely efficient PCG for oblivious transfer correlations. Its security is based on a variant of the binary LPN assumption and any correlation-robust hash function. We expect it to provide a faster alternative to the IKNP OT extension protocol (Crypto 2003) when communication is the bottleneck. We present several applications, including protocols for non-interactive zero-knowledge with bounded-reusable preprocessing from binary LPN, and concretely efficient related-key oblivious pseudorandom functions.

  • PCGs for simple 2-party correlations. We obtain PCGs for several other types of useful 2-party correlations, including (authenticated) one-time truth-tables and Beaver triples. While the latter PCGs are slower than our PCG for OT, they are still practically feasible. These PCGs are based on a host of assumptions and techniques, including specialized homomorphic secret sharing schemes and pseudorandom generators tailored to their structure.

  • Multiparty correlations. We obtain PCGs for multiparty correlations that can be used to make the (input-dependent) online communication of MPC protocols scale linearly with the number of parties, instead of quadratically.

Notes

Acknowledgements

We would like to thank Peter Rindal and Melissa Rossi for helpful discussions and pointers, and the anonymous Crypto 2019 reviewers for their comments.

E. Boyle, N. Gilboa, and Y. Ishai supported by ERC Project NTSC (742754). E. Boyle additionally supported by ISF grant 1861/16 and AFOSR Award FA9550-17-1-0069. G. Couteau supported by ERC Project PREP-CRYPTO (724307). N. Gilboa additionally supported by ISF grant 1638/15 and a grant by the BGU Cyber Center. Y. Ishai additionally supported by ISF grant 1709/14, NSF-BSF grant 2015782, and a grant from the Ministry of Science and Technology, Israel and Department of Science and Technology, Government of India. L. Kohl supported by ERC Project PREP-CRYPTO (724307), by DFG grant HO 4534/2-2 and by a DAAD scholarship. This work was done in part while visiting the FACT Center at IDC Herzliya, Israel. P. Scholl supported by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 731583 (SODA), and the Danish Independent Research Council under Grant-ID DFF-6108-00169 (FoCC).

References

  1. 1.
    Aguilar, C., Blazy, O., Deneuville, J.C., Gaborit, P., Zémor, G.: Efficient encryption from random quasi-cyclic codes. Cryptology ePrint Archive, Report 2016/1194 (2016). http://eprint.iacr.org/2016/1194
  2. 2.
    Alekhnovich, M.: More on average case vs approximation complexity. In: 44th FOCS. IEEE Computer Society Press, October 2003Google Scholar
  3. 3.
    Applebaum, B., Damgård, I., Ishai, Y., Nielsen, M., Zichron, L.: Secure arithmetic computation with constant computational overhead. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 223–254. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_8CrossRefGoogle Scholar
  4. 4.
    Applebaum, B., Haramaty, N., Ishai, Y., Kushilevitz, E., Vaikuntanathan, V.: Low-complexity cryptographic hash functions. In: ITCS 2017. LIPIcs, January 2017Google Scholar
  5. 5.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography with constant input locality. J. Cryptol. 22(4), 429–469 (2009)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol. 6755, pp. 403–415. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22006-7_34CrossRefGoogle Scholar
  7. 7.
    Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: ACM CCS 2013. ACM Press, November 2013Google Scholar
  8. 8.
    Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992).  https://doi.org/10.1007/3-540-46766-1_34CrossRefGoogle Scholar
  9. 9.
    Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 479–488 (1996).  https://doi.org/10.1145/237814.237996
  10. 10.
    Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 169–188. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_11CrossRefGoogle Scholar
  11. 11.
    Berbain, C., Gilbert, H., Patarin, J.: QUAD: a practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006).  https://doi.org/10.1007/11761679_8CrossRefGoogle Scholar
  12. 12.
    Blum, A., Furst, M.L., Kearns, M.J., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_24CrossRefGoogle Scholar
  13. 13.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30576-7_18CrossRefGoogle Scholar
  14. 14.
    Boyle, E., Couteau, G., Gilboa, N., Ishai, Y.: Compressing vector OLE. In: ACM CCS 2018. ACM Press, October 2018Google Scholar
  15. 15.
    Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Efficient pseudorandom correlation generators: Silent ot extension and more. Cryptology ePrint Archive, Report 2019/448 (2019). https://eprint.iacr.org/2019/448
  16. 16.
    Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Orrú, M.: Homomorphic secret sharing: optimizations and applications. In: ACM CCS 2017. ACM Press, October/November 2017Google Scholar
  17. 17.
    Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_12CrossRefGoogle Scholar
  18. 18.
    Boyle, E., Gilboa, N., Ishai, Y.: Breaking the circuit size barrier for secure computation under DDH. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 509–539. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_19CrossRefGoogle Scholar
  19. 19.
    Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing: improvements and extensions. In: ACM CCS 2016. ACM Press, October 2016Google Scholar
  20. 20.
    Boyle, E., Gilboa, N., Ishai, Y.: Group-based secure computation: optimizing rounds, communication, and computation. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 163–193. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56614-6_6CrossRefGoogle Scholar
  21. 21.
    Boyle, E., Gilboa, N., Ishai, Y., Lin, H., Tessaro, S.: Foundations of homomorphic secret sharing. In: 9th Innovations in Theoretical Computer Science Conference, ITCS 2018, Cambridge, MA, USA, 11–14 January 2018, pp. 21:1–21:21 (2018).  https://doi.org/10.4230/LIPIcs.ITCS.2018.21
  22. 22.
    Boyle, E., Kohl, L., Scholl, P.: Homomorphic secret sharing from lattices without FHE. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part II. LNCS, vol. 11477, pp. 3–33. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-17656-3_1CrossRefGoogle Scholar
  23. 23.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: ITCS 2012. ACM, January 2012Google Scholar
  24. 24.
    Chase, M., et al.: Reusable non-interactive secure computation. IACR Cryptology ePrint Archive 2018, 940 (2018). https://eprint.iacr.org/2018/940
  25. 25.
    Couteau, G.: A note on the communication complexity of multiparty computation in the correlated randomness model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 473–503. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-17656-3_17CrossRefGoogle Scholar
  26. 26.
    Cramer, R., Damgård, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342–362. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30576-7_19CrossRefGoogle Scholar
  27. 27.
    Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_18CrossRefGoogle Scholar
  28. 28.
    Damgård, I., Nielsen, J.B., Nielsen, M., Ranellucci, S.: The tinytable protocol for 2-party secure computation, or: gate-scrambling revisited. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 167–187. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_6CrossRefGoogle Scholar
  29. 29.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_38CrossRefGoogle Scholar
  30. 30.
    Dessouky, G., Koushanfar, F., Sadeghi, A.R., Schneider, T., Zeitouni, S., Zohner, M.: Pushing the communication barrier in secure computation using lookup tables. In: NDSS 2017. The Internet Society, February/March 2017Google Scholar
  31. 31.
    Dodis, Y., Halevi, S., Rothblum, R.D., Wichs, D.: Spooky encryption and its applications. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 93–122. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53015-3_4CrossRefGoogle Scholar
  32. 32.
    Doerner, J., Shelat, A.: Scaling ORAM for secure computation. In: ACM CCS 2017. ACM Press, October/November 2017Google Scholar
  33. 33.
    Döttling, N., Ghosh, S., Nielsen, J.B., Nilges, T., Trifiletti, R.: TinyOLE: efficient actively secure two-party computation from oblivious linear function evaluation. In: ACM CCS 2017. ACM Press, October/November 2017Google Scholar
  34. 34.
    Druk, E., Ishai, Y.: Linear-time encodable codes meeting the Gilbert-Varshamov bound and their cryptographic applications. In: ITCS 2014. ACM, January 2014Google Scholar
  35. 35.
    Franklin, M.K., Haber, S.: Joint encryption and message-efficient secure computation. J. Cryptol. 9(4), 217–232 (1996).  https://doi.org/10.1007/BF00189261MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30576-7_17CrossRefGoogle Scholar
  37. 37.
    Ghosh, S., Nielsen, J.B., Nilges, T.: Maliciously secure oblivious linear function evaluation with constant overhead. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 629–659. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_22CrossRefGoogle Scholar
  38. 38.
    Gilboa, N., Ishai, Y.: Compressing cryptographic resources. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 591–608. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_37CrossRefGoogle Scholar
  39. 39.
    Gilboa, N., Ishai, Y.: Distributed point functions and their applications. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 640–658. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_35CrossRefGoogle Scholar
  40. 40.
    Goldreich, O., Micali, S., Wigderson, A.: How to play ANY mental game or a completeness theorem for protocols with honest majority. In: 19th ACM STOC. ACM Press, May 1987Google Scholar
  41. 41.
    Guo, C., Katz, J., Wang, X., Yu, Y.: Efficient and secure multiparty computation from fixed-key block ciphers. Cryptology ePrint Archive, Report 2019/074 (2019). https://eprint.iacr.org/2019/074
  42. 42.
    Halevi, S., Ishai, Y., Jain, A., Kushilevitz, E., Rabin, T.: Secure multiparty computation with general interaction patterns. In: ITCS 2016. ACM, January 2016Google Scholar
  43. 43.
    Hazay, C., Orsini, E., Scholl, P., Soria-Vazquez, E.: TinyKeys: a new approach to efficient multi-party computation. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 3–33. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96878-0_1CrossRefGoogle Scholar
  44. 44.
    Heyse, S., Kiltz, E., Lyubashevsky, V., Paar, C., Pietrzak, K.: Lapin: an efficient authentication protocol based on ring-LPN. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 346–365. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34047-5_20CrossRefGoogle Scholar
  45. 45.
    Hubacek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: ITCS 2015. ACM, January 2015Google Scholar
  46. 46.
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_9CrossRefGoogle Scholar
  47. 47.
    Ishai, Y., Kushilevitz, E., Meldgaard, S., Orlandi, C., Paskin-Cherniavsky, A.: On the power of correlated randomness in secure computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 600–620. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36594-2_34CrossRefzbMATHGoogle Scholar
  48. 48.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Batch codes and their applications. In: 36th ACM STOC. ACM Press, June 2004Google Scholar
  49. 49.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_32CrossRefGoogle Scholar
  50. 50.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Secure arithmetic computation with no honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 294–314. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_18CrossRefGoogle Scholar
  51. 51.
    Katz, J., Ranellucci, S., Rosulek, M., Wang, X.: Optimizing authenticated garbling for faster secure two-party computation. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 365–391. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96878-0_13CrossRefGoogle Scholar
  52. 52.
    Keller, M., Orsini, E., Rotaru, D., Scholl, P., Soria-Vazquez, E., Vivek, S.: Faster secure multi-party computation of AES and DES using lookup tables. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 229–249. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61204-1_12CrossRefGoogle Scholar
  53. 53.
    Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 158–189. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78372-7_6CrossRefGoogle Scholar
  54. 54.
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, Illinois, USA, 2–4 May 1988, pp. 20–31 (1988).  https://doi.org/10.1145/62212.62215
  55. 55.
    Kolesnikov, V., Kumaresan, R.: Improved OT extension for transferring short secrets. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 54–70. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_4CrossRefGoogle Scholar
  56. 56.
    Kolesnikov, V., Kumaresan, R., Rosulek, M., Trieu, N.: Efficient batched oblivious PRF with applications to private set intersection. In: ACM CCS 2016. ACM Press, October 2016Google Scholar
  57. 57.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Barstow, D., Brauer, W., Brinch Hansen, P., Gries, D., Luckham, D., Moler, C., Pnueli, A., Seegmüller, G., Stoer, J., Wirth, N., Günther, C.G. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988).  https://doi.org/10.1007/3-540-45961-8_39CrossRefGoogle Scholar
  58. 58.
    Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35(5), 1254–1281 (2006)MathSciNetCrossRefGoogle Scholar
  59. 59.
    Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_40CrossRefGoogle Scholar
  60. 60.
    Scholl, P.: Extending oblivious transfer with low communication via key-homomorphic PRFs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part I. LNCS, vol. 10769, pp. 554–583. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76578-5_19CrossRefGoogle Scholar
  61. 61.
    Wang, X., Ranellucci, S., Katz, J.: Authenticated garbling and efficient maliciously secure two-party computation. In: ACM CCS 2017. ACM Press, October/November 2017Google Scholar
  62. 62.
    Wang, X., Ranellucci, S., Katz, J.: Global-scale secure multiparty computation. In: ACM CCS 2017. ACM Press, October/November 2017Google Scholar
  63. 63.
    Wolf, C.: Multivariate quadratic polynomials in public key cryptography. Cryptology ePrint Archive, Report 2005/393 (2005). http://eprint.iacr.org/2005/393

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.IDC HerzliyaHerzliyaIsrael
  2. 2.Karlsruhe Institute of TechnologyKarlsruheGermany
  3. 3.Ben-Gurion University of the NegevBeershebaIsrael
  4. 4.TechnionHaifaIsrael
  5. 5.Aarhus UniversityAarhusDenmark

Personalised recommendations