Skip to main content

Reusable Two-Round MPC from DDH

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12551)

Abstract

We present a reusable two-round multi-party computation (MPC) protocol from the Decisional Diffie Hellman assumption (DDH). In particular, we show how to upgrade any secure two-round MPC protocol to allow reusability of its first message across multiple computations, using Homomorphic Secret Sharing (HSS) and pseudorandom functions in \(NC^1\)— each of which can be instantiated from DDH.

In our construction, if the underlying two-round MPC protocol is secure against semi-honest adversaries (in the plain model) then so is our reusable two-round MPC protocol. Similarly, if the underlying two-round MPC protocol is secure against malicious adversaries (in the common random/reference string model) then so is our reusable two-round MPC protocol.

Previously, such reusable two-round MPC protocols were only known under assumptions on lattices. At a technical level, we show how to upgrade any two-round MPC protocol to a first message succinct two-round MPC protocol, where the first message of the protocol is generated independently of the computed circuit (though it is not reusable). This step uses homomorphic secret sharing (HSS) and low-depth pseudorandom functions. Next, we show a generic transformation that upgrades any first message succinct two-round MPC to allow for reusability of its first message.

Supported in part from AFOSR Award FA9550-19-1-0200, NSF CNS Award 1936826, DARPA SIEVE Award, and research grants by the Sloan Foundation, Visa Inc., and Center for Long-Term Cybersecurity (CLTC, UC Berkeley). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the funding agencies.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-64378-2_12
  • Chapter length: 29 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-64378-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

Notes

  1. 1.

    The Garg et al. paper required other assumptions. However, since then they have all been shown to be implied by indistinguishability obfuscation and one-way functions.

  2. 2.

    Note that this requirement is more stringent than just requiring that the size of the first round message is independent of the computed circuit, which can be achieved using laconic OT [CDG+17] for any two-round MPC protocol.

  3. 3.

    Actually, we use an \(n\lambda \)-party MPC protocol, for reasons that will become clear later in this overview.

  4. 4.

    We tweak the notion slightly here, so readers familiar with [GS18] may notice some differences in this overview.

  5. 5.

    It is important to note that the set of garbled labels corresponding to some input x hides the actual string x. Hence, outputting all the labels instead of specific shares enables everyone to obtain the desired output without any further communication, but also does not compromise security.

  6. 6.

    We remark that, in the actual protocol each party i sends their labels, encrypted, along with the garbled circuit \(\widetilde{\mathsf {C}}_i\) in the second round. The vanilla MPC protocol outputs the correct sets of decryption keys based on the shares, which allows everyone to obtain the correct sets of labels, while the other labels remain hidden.

  7. 7.

    We actually use the string whose first \(\lambda \) bits are the size of \(\mathsf {C} \), and the remaining bits are the description of \(\mathsf {C} \). This is to account for the possibility that one circuit may be a prefix of another.

  8. 8.

    Again, the actual protocol is slightly different, in that all labels are encrypted and sent along with the garbled circuits, and \(\mathsf{N}\) outputs decryption keys corresponding to the correct labels.

  9. 9.

    This is for reasons very similar to those in [DG17a].

  10. 10.

    It might seem unnatural to include \(\mathsf {C} \) in the input of \(\mathsf {MPC} _2\) when it was already used as an input for \(\mathsf {MPC} _1\). This is done to keep the notation consistent with a stronger notion of two-round MPC where \(\mathsf {C} \) will be dropped from the input of \(\mathsf {MPC} _1\).

  11. 11.

    Without loss of generality we may assume that the \(\mathsf {MPC} _2\) algorithm is deterministic given the state \(\mathsf {st} ^{(1)}_i\). Any randomness needed for the second round could be included in \(\mathsf {st} ^{(1)}_i\). Even in the reusable (defined later) case, it is possible to use a PRF computed on the input circuit to provide the needed randomness for the execution of \(\mathsf {MPC} _2\).

  12. 12.

    In particular, for an FMS two-round MPC protocol, its first message is succinct but may not be reusable.

  13. 13.

    Technically, \(\mathsf {gen} \) should also take the parameters nT as input, but we leave these implicit.

  14. 14.

    Recall that T is the number of actions to be taken.

References

  1. Ananth, P., Badrinarayanan, S., Jain, A., Manohar, N., Sahai, A.: From fe combiners to secure mpc and back. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 199–228. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_9

    CrossRef  Google Scholar 

  2. Prabhanjan, A., Abhishek, J., Zhengzhong, J.: Multiparty homomorphic encryption (or: On removing setup in multi-key fhe). Cryptology ePrint Archive, Report 2020/169 (2020). https://eprint.iacr.org/2020/169

  3. Attrapadung, N., Matsuda, T., Nishimaki, R., Yamada, S., Yamakawa, T.: Constrained PRFs for \(\rm NC^1\) in traditional groups. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. Part II, volume 10992 of LNCS, pp. 543–574. Springer, Heidelberg (2018)

    CrossRef  Google Scholar 

  4. Afshar, A., Mohassel, P., Pinkas, B., Riva, B.: Non-interactive secure computation based on cut-and-choose. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 387–404. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_22

    CrossRef  Google Scholar 

  5. Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Efficient pseudorandom correlation generators: silent ot extension and more. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 489–518. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_16

    CrossRef  Google Scholar 

  6. Elette, B., Geoffroy, C., Niv, G., Yuval, I.: Compressing vector OLE. In: David, L., Mohammad, M., Michael, B., XiaoFeng, W., (eds.), ACM CCS 2018, pp. 896–912. ACM Press (2018)

    Google Scholar 

  7. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    CrossRef  Google Scholar 

  8. Boyle, E., Gilboa, N., Ishai, Y.: Breaking the circuit size barrier for secure computation under ddh. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 509–539. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_19

    CrossRef  Google Scholar 

  9. Boyle, E., Gilboa, N., Ishai, Y.: Group-based secure computation: optimizing rounds, communication, and computation. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 163–193. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_6

    CrossRef  Google Scholar 

  10. Bartusek, J., Garg, S., Masny, D. and Muhkerjee, P.: Reusable two-round mpc from ddh. Cryptology ePrint Archive, Report 2020/170 (2020). https://eprint.iacr.org/2020/170

  11. Badrinarayanan, S., Jain, A., Ostrovsky, R., Visconti, I.: Non-interactive secure computation from one-way functions. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 118–138. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_5

    CrossRef  Google Scholar 

  12. Benhamouda, F., Lin, H.: k-Round multiparty computation from k-round oblivious transfer via garbled interactive circuits. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 500–532. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_17

    CrossRef  Google Scholar 

  13. Fabrice, B., Huijia, L.: Multiparty reusable non-interactive secure computation. Cryptology ePrint Archive, Report 2020/221 (2020). http://eprint.iacr.org/2020/221

  14. Donald, B., Silvio, M., Phillip, R.: The round complexity of secure protocols (extended abstract). In: 22nd ACM STOC, pp. 503–513. ACM Press (1990)

    Google Scholar 

  15. Brakerski, Z., Perlman, R.: Lattice-based fully dynamic multi-key fhe with short ciphertexts. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 190–213. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_8

    CrossRef  Google Scholar 

  16. Cho, C., Döttling, N., Garg, S., Gupta, D., Miao, P., Polychroniadou, A.: Laconic oblivious transfer and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 33–65. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_2

    CrossRef  Google Scholar 

  17. Chase, M., et al.: Reusable non-interactive secure computation. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 462–488. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_15

    CrossRef  Google Scholar 

  18. Döttling, N., Garg, S.: From selective IBE to full IBE and selective HIBE. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 372–408. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_13

    CrossRef  Google Scholar 

  19. Döttling, N., Garg, S.: Identity-Based encryption from the diffie-hellman assumption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 537–569. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_18

    CrossRef  Google Scholar 

  20. Dodis, Y., Halevi, S., Rothblum, R.D., Wichs, D.: Spooky encryption and its applications. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 93–122. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_4

    CrossRef  Google Scholar 

  21. Craig, G.: Fully homomorphic encryption using ideal lattices. In: Michael, M., editor, 41st ACM STOC, pp. 169–178. ACM Press (2009)

    Google Scholar 

  22. Sanjam, G., Craig, G., Shai, H., Mariana, R., Amit, S., Brent, W.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th FOCS, pp. 40–49. IEEE Computer Society Press (2013)

    Google Scholar 

  23. Garg, S., Gentry, C., Halevi, S., Raykova, M.: Two-round secure MPC from indistinguishability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 74–94. Springer, Heidelberg (2014)

    Google Scholar 

  24. Oded, G., Shafi, G., Silvio, M.: How to construct random functions (extended abstract). In: 25th FOCS, pp. 464–479. IEEE Computer Society Press (1984)

    Google Scholar 

  25. Sanjam, G., Craig, G., Amit, S., Brent, W.: Witness encryption and its applications. In: Dan, B., Tim, R., Joan, F., (eds.), 45th ACM STOC, pp. 467–476. ACM Press (2013)

    Google Scholar 

  26. Gentry, C., Halevi, S., Lu, S., Ostrovsky, R., Raykova, M., Wichs, D.: Garbled RAM revisited. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 405–422. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_23

    CrossRef  Google Scholar 

  27. Garg, S., Ishai, Y., Srinivasan, A.: Two-round mpc: information-theoretic and black-box. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. Part I, volume 11239 of LNCS, pp. 123–151. Springer, Heidelberg (2018)

    Google Scholar 

  28. Sanjam, G., Steve, L., Rafail, O.: Black-box garbled RAM. In Venkatesan, G., (eds.), 56th FOCS, pp. 210–229. IEEE Computer Society Press (2015)

    Google Scholar 

  29. Sanjam G., Steve, L., Rafail, O., Alessandra, S.: Garbled RAM from one-way functions. In Rocco, A.S., Ronitt, R., (eds.), 47th ACM STOC, pp. 449–458. ACM Press (2015)

    Google Scholar 

  30. Dov Gordon, S., Liu, F.-H., Shi, E.: Constant-round mpc with fairness and guarantee of output delivery. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 63–82. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_4

    CrossRef  Google Scholar 

  31. Oded, G., Silvio, M., Avi, W.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Alfred, A., (eds.), 19th ACM STOC, pp. 218–229. ACM Press (1987)

    Google Scholar 

  32. Sanjam, G., Akshayaram S.: Garbled protocols and two-round MPC from bilinear maps. In: 58th FOCS, pp. 588–599. IEEE Computer Society Press (2017)

    Google Scholar 

  33. Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 468–499. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_16

    CrossRef  Google Scholar 

  34. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Prabhakaran, M., Sahai, A.: Efficient non-interactive secure computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 406–425. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_23

    CrossRef  Google Scholar 

  35. Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004)

    MathSciNet  CrossRef  Google Scholar 

  36. Steve, L., Ostrovsky, R.: How to garble RAM programs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 719–734. Springer, Heidelberg (2013)

    Google Scholar 

  37. Mohassel, P., Rosulek, M.: Non-interactive secure 2pc in the offline/online and batch settings. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 425–455. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_15

    CrossRef  MATH  Google Scholar 

  38. Mukherjee, P., Wichs, D.: Two round multiparty computation via multi-key fhe. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 735–763. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_26

    CrossRef  Google Scholar 

  39. Moni, N., Omer, R.: Number-theoretic constructions of efficient pseudo-random functions. In: 38th FOCS, pp. 8–467. IEEE Computer Society Press (1997)

    Google Scholar 

  40. Peikert, C., Shiehian, S.: Multi-key fhe from lwe, revisited. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 217–238. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_9

    CrossRef  Google Scholar 

Download references

Acknowledgements

We thank Saikrishna Badrinarayanan for valuable contributions while collaborating during the early stages of this work.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to James Bartusek .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 International Association for Cryptologic Research

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Bartusek, J., Garg, S., Masny, D., Mukherjee, P. (2020). Reusable Two-Round MPC from DDH. In: Pass, R., Pietrzak, K. (eds) Theory of Cryptography. TCC 2020. Lecture Notes in Computer Science(), vol 12551. Springer, Cham. https://doi.org/10.1007/978-3-030-64378-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64378-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64377-5

  • Online ISBN: 978-3-030-64378-2

  • eBook Packages: Computer ScienceComputer Science (R0)