Skip to main content
SpringerLink
Log in
Book cover

European Symposium on Research in Computer Security

ESORICS 2019: Computer Security – ESORICS 2019 pp 151–171Cite as

Feistel Structures for MPC, and More

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11736))

Abstract

Efficient PRP/PRFs are instrumental to the design of cryptographic protocols. We investigate the design of dedicated PRP/PRFs for three application areas - secure multiparty computation (MPC), ZKSNARK and zero-knowledge (ZK) based PQ signature schemes. In particular, we explore a family of PRFs which are generalizations of the well-known Feistel design approach followed in a previously proposed application specific design - MiMC. Attributing to this approach we call our family of PRP/PRFs GMiMC.

In MPC applications, our construction shows improvements (over MiMC) in throughput by a factor of more than 4 and simultaneously a 5-fold reduction of preprocessing effort, albeit at the cost of a higher latency. Another use-case where MiMC outperforms other designs, in SNARK applications, our design GMiMCHash shows moderate improvement. Additionally, in this case our design benefits from the flexibility of using smaller (prime) fields. In the area of recently proposed ZK-based PQ signature schemes where MiMC was not competitive at all, our new design has 30 times smaller signature size than MiMC.

L. Grassi has been partialy supported by EU H2020 project Safe-DEED, grant agreement n\(\circ \)825225. S. Ramacher has been partially supported by the Austrian Research Promotion Agency (FFG) within the ICT of the future grants program, grant agreement n\(\circ \)863129 (project IoT4CPS), of the Federal Ministry for Transport, Innovation and Technology (BMVIT) and by A-SIT Secure Information Technology Center Austria. D. Rotaru was supported by the Defense Advanced Research Projects Agency (DARPA) and Space and Naval Warfare Systems Center, Pacific (SSC Pacific) under contract No. N66001-15-C-4070. Arnab Roy is supported by the EPSRC funding under grant No. EPSRC EP/N011635/1.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    If no matrix exists that satisfies such condition, choose a matrix M for which the total number of zero coefficients for each \(M^i\) is minimum.

  2. 2.

    We emphasize that no key schedule is required in this case, since there is no secret-key material.

  3. 3.

    Improving the computational complexity of this attack using more pairs is an open problem. Since the cost is dominated by the size of the polynomials involved, it is not clear if significant improvements are possible.

  4. 4.

    The number of rounds in this case is given considering the number of rounds of any possible distinguisher - which is independent of the secret key - in the MitM scenario plus a secure margin. Since the key is fixed in the known- and chosen-key model, this number of rounds provides the security in these scenarios.

  5. 5.

    https://github.com/bristolcrypto/SPDZ-2.

  6. 6.

    https://www.cryptolux.org/index.php/Lightweight_Block_Ciphers.

  7. 7.

    Our ZKBoo use-case uses such fields, but the analysis we provide is rather specific to the needed low data-complexity security requirements.

References

  1. Agrawal, S., Mohassel, P., Mukherjee, P., Rindal, P.: DiSE: distributed symmetric-key encryption. In: Lie et al. [43], pp. 1993–2010 (2018)

    Google Scholar 

  2. Albrecht, M., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. Cryptology ePrint Archive, Report 2016/687 (2016). http://eprint.iacr.org/2016/687

  3. Albrecht, M.R., et al.: Feistel structures for MPC, and more. Cryptology ePrint Archive, Report 2019/397 (2019). https://eprint.iacr.org/2019/397

  4. Albrecht, M., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 191–219. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_7

    Chapter  Google Scholar 

  5. Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_17

    Chapter  Google Scholar 

  6. Aly, A., et al.: Scale-mamba v1.3: Documentation (2018). https://homes.esat.kuleuven.be/~nsmart/SCALE/

  7. N. Analytics. MP-SPDZ (2019). https://github.com/n1analytics/MP-SPDZ

  8. Applebaum, B., Haramaty, N., Ishai, Y., Kushilevitz, E., Vaikuntanathan, V.: Low-complexity cryptographic hash functions. In: 8th Innovations in Theoretical Computer Science Conference - ITCS 2017. LIPIcs, vol. 67, pp. 7:1–7:31. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2017)

    Google Scholar 

  9. Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC\({}^{\text{0 }}\). SIAM J. Comput. 36(4), 845–888 (2006)

    Article  MathSciNet  Google Scholar 

  10. Archer, D.W., et al.: From keys to databases - real-world applications of secure multi-party computation. Cryptology ePrint Archive, Report 2018/450 (2018). https://eprint.iacr.org/2018/450

  11. Ben-Sasson, E., et al.: Decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society Press, May 2014

    Google Scholar 

  12. Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_6

    Chapter  MATH  Google Scholar 

  13. Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 169–188. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_11

    Chapter  Google Scholar 

  14. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_11

    Chapter  Google Scholar 

  15. Biham, E., Anderson, R., Knudsen, L.: Serpent: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-69710-1_15

    Chapter  Google Scholar 

  16. Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_13

    Chapter  Google Scholar 

  17. Boneh, D., Eskandarian, S., Fisch, B.: Post-quantum EPID signatures from symmetric primitives. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 251–271. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_13

    Chapter  Google Scholar 

  18. Boneh, D., Ishai, Y., Passelègue, A., Sahai, A., Wu, D.J.: Exploring crypto dark matter. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 699–729. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_25

    Chapter  Google Scholar 

  19. Boyar, J., Peralta, R., Pochuev, D.: On the multiplicative complexity of Boolean functions over the basis (cap, +, 1). Theor. Comput. Sci. 235, 43–57 (2000)

    Google Scholar 

  20. Canteaut, A., et al.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 313–333. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_16

    Chapter  Google Scholar 

  21. Chailloux, A.: Quantum security of the Fiat-Shamir transform of commit and open protocols. IACR Cryptology ePrint Archive 2019:699 (2019)

    Google Scholar 

  22. Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 17, pp. 1825–1842. ACM Press, October 2017

    Google Scholar 

  23. Chase, M., et al.: The Picnic Signature Algorithm Specification (2017). https://github.com/Microsoft/Picnic/blob/master/spec.pdf

  24. Childs, A.M., van Dam, W., Hung, S., Shparlinski, I.E.: Optimal quantum algorithm for polynomial interpolation. In: ICALP. LIPIcs, vol. 55, pp. 16:1–16:13. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2016)

    Google Scholar 

  25. Cox, D.A., Little, J., O’Shea, D.: Ideals, Varieties, and Algorithms - An Introduction to Computational Algebraic Geometry and Commutative Algebra. Undergraduate Texts in Mathematics, 2 edn. Springer, Heidelberg (1997)

    Google Scholar 

  26. Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: Nessie Proposal: NOEKEON (2000). http://gro.noekeon.org/Noekeon-spec.pdf

  27. Damgård, I., Geisler, M., Krøigaard, M., Nielsen, J.B.: Asynchronous multiparty computation: theory and implementation. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 160–179. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_10

    Chapter  Google Scholar 

  28. Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38

    Chapter  Google Scholar 

  29. Derler, D., Ramacher, S., Slamanig, D.: Generic double-authentication preventing signatures and a post-quantum instantiation. In: Baek, J., Susilo, W., Kim, J. (eds.) ProvSec 2018. LNCS, vol. 11192, pp. 258–276. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01446-9_15

    Chapter  Google Scholar 

  30. Derler, D., Ramacher, S., Slamanig, D.: Post-quantum zero-knowledge proofs for accumulators with applications to ring signatures from symmetric-key primitives. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 419–440. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_20

    Chapter  MATH  Google Scholar 

  31. Dinur, I., Kales, D., Promitzer, A., Ramacher, S., Rechberger, C.: Linear equivalence of block ciphers with partial non-linear layers: application to lowMC. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 343–372. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_12

    Chapter  Google Scholar 

  32. Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the Fiat-Shamir transformation in the quantum random-oracle model. IACR Cryptology ePrint Archive 2019:190 (2019)

    Google Scholar 

  33. Dong, X., Li, Z., Wang, X.: Quantum cryptanalysis on some generalized Feistel schemes. Cryptology ePrint Archive, Report 2017/1249 (2017). https://eprint.iacr.org/2017/1249

  34. Doröz, Y., Shahverdi, A., Eisenbarth, T., Sunar, B.: Toward practical homomorphic evaluation of block ciphers using prince. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 208–220. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_17

    Chapter  Google Scholar 

  35. Grassi, L., Rechberger, C., Rotaru, D., Scholl, P., Smart, N.P.: MPC-friendly symmetric key primitives. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 430–443. ACM Press, October 2016

    Google Scholar 

  36. Grosso, V., Leurent, G., Standaert, F.-X., Varıcı, K.: LS-designs: bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 18–37. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_2

    Chapter  MATH  Google Scholar 

  37. Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28–40. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052332

    Chapter  Google Scholar 

  38. Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: Lie et al. [43], pp. 525–537 (2018)

    Google Scholar 

  39. Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 158–189. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_6

    Chapter  Google Scholar 

  40. Keller, M., Scholl, P., Smart, N.P.: An architecture for practical actively secure MPC with dishonest majority. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 549–560. ACM Press, November 2013

    Google Scholar 

  41. Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60590-8_16

    Chapter  Google Scholar 

  42. Knudsen, L.R., Robshaw, M.J.B.: The Block Cipher Companion. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-17342-4

    Book  MATH  Google Scholar 

  43. Lie, D., Mannan, M., Backes, M., Wang, X. (eds.): ACM CCS 2018. ACM Press, October 2018

    Google Scholar 

  44. Méaux, P., Journault, A., Standaert, F.-X., Carlet, C.: Towards stream ciphers for efficient FHE with low-noise ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 311–343. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_13

    Chapter  Google Scholar 

  45. Naehrig, M., Lauter, K.E., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Cloud Computing Security Workshop, CCSW 2011, pp. 113–124 (2011)

    Google Scholar 

  46. Nyberg, K.: Generalized Feistel networks. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 91–104. Springer, Heidelberg (1996). https://doi.org/10.1007/BFb0034838

    Chapter  Google Scholar 

  47. Infrastructure Secret Management Software Overview. https://gist.github.com/maxvt/bb49a6c7243163b8120625fc8ae3f3cd

  48. Partisia. https://partisia.com/

  49. Rotaru, D., Smart, N.P., Stam, M.: Modes of operation suitable for computing on encrypted data. IACR Trans. Symm. Cryptol. 2017(3), 294–324 (2017)

    Google Scholar 

  50. Scott, M.: Optimal irreducible polynomials for GF\((2^m)\) arithmetic. Cryptology ePrint Archive, Report 2007/192 (2007). http://eprint.iacr.org/2007/192

  51. Sepior. https://sepior.com/

  52. Shoup, V.: Number Theory Library 5.5.2 (NTL). http://www.shoup.net/ntl/

  53. Solinas, J.A.: Generalized mersenne numbers. Technical report, NSA (1999)

    Google Scholar 

  54. Suzaki, T., Minematsu, K.: Improving the generalized Feistel. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 19–39. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13858-4_2

    Chapter  Google Scholar 

  55. Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: \(\mathit{ {{twine}}}\): a lightweight block cipher for multiple platforms. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 339–354. Springer, Heidelberg (2013)

    Google Scholar 

  56. Unbound. https://www.unboundtech.com/

Download references

Author information

Authors and Affiliations

  1. Royal Holloway, University of London, Egham, UK

    Martin R. Albrecht

  2. IAIK, Graz University of Technology, Graz, Austria

    Lorenzo Grassi, Sebastian Ramacher, Christian Rechberger & Markus Schofnegger

  3. Know-Center GmbH, Graz, Austria

    Lorenzo Grassi

  4. Inria, Paris, France

    Léo Perrin

  5. University of Bristol, Bristol, UK

    Dragos Rotaru & Arnab Roy

  6. imec-Cosic, Department of Electrical Engineering, KU Leuven, Leuven, Belgium

    Dragos Rotaru

Authors
  1. Martin R. Albrecht
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lorenzo Grassi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Léo Perrin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sebastian Ramacher
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christian Rechberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dragos Rotaru
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Arnab Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Markus Schofnegger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arnab Roy .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

A R1CS for \(\mathrm {GMiMC}_\mathsf{{crf}}\)

A R1CS for \(\mathrm {GMiMC}_\mathsf{{crf}}\)

For \(\mathrm {\mathrm {GMiMC}_\mathsf{{crf}}}\) the rank-1 constraints are as follows:

$$\begin{aligned} \sum _{i=0}^{t-1} X_i + U + k_r + C_r = 0 \text {, } U \cdot U = Y \text {, } U \cdot Y + X_{t-1} = Z \text {,} \end{aligned}$$

where \(k_r\) and \(C_r\) are round keys and round constants respectively. For \(\mathrm {GMiMC}_\mathsf{{crf}}\) Hash the round keys are fixed to a constant. The number of multiplication for \(\mathrm {GMiMC}_\mathsf{{crf}}\) Hash is 2 per round. Therefore the total number of multiplications is 2R where R is the number of rounds in the block cipher \(\mathrm {GMiMC}_\mathsf{{crf}}\). Each round also requires \(t-1\) field additions.

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Albrecht, M.R. et al. (2019). Feistel Structures for MPC, and More. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29962-0_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29961-3

  • Online ISBN: 978-3-030-29962-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation