Skip to main content
Book cover

Theory of Cryptography Conference

TCC 2020: Theory of Cryptography pp 532–561Cite as

On Statistical Security in Two-Party Computation

  • 300 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12551)

Abstract

There has been a large body of work characterizing the round complexity of general-purpose maliciously secure two-party computation (\(\mathsf {2PC}\)) against probabilistic polynomial time adversaries. This is particularly true for zero-knowledge, which is a special case of \(\mathsf {2PC}\). In fact, in the special case of zero knowledge, optimal protocols with unconditional security against one of the two players have also been meticulously studied and constructed.

On the other hand, general-purpose maliciously secure \(\mathsf {2PC}\) with statistical or unconditional security against one of the two participants has remained largely unexplored so far. In this work, we initiate the study of such protocols, which we refer to as \(\mathsf {2PC}\) with one-sided statistical security. We settle the round complexity of \(\mathsf {2PC}\) with one-sided statistical security with respect to black-box simulation by obtaining the following tight results:

  • In a setting where only one party obtains an output, we design \(\mathsf {2PC}\) in 4 rounds with statistical security against receivers and computational security against senders.

  • In a setting where both parties obtain outputs, we design \(\mathsf {2PC}\) in 5 rounds with computational security against the party that obtains output first and statistical security against the party that obtains output last.

Katz and Ostrovsky (CRYPTO 2004) showed that \(\mathsf {2PC}\) with black-box simulation requires at least 4 rounds when one party obtains an output and 5 rounds when both parties obtain outputs, even when only computational security is desired against both parties. Thus in these settings, not only are our results tight, but they also show that statistical security is achievable at no extra cost to round complexity. This still leaves open the question of whether \(\mathsf {2PC}\) can be achieved with black-box simulation in 4 rounds with statistical security against senders and computational security against receivers. Based on a lower bound on computational zero-knowledge proofs due to Katz (TCC 2008), we observe that the answer is negative unless the polynomial hierarchy collapses.

This material is based on work supported in part by DARPA under Contract No. HR001120C0024. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-64378-2_19
  • Chapter length: 30 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-64378-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    We note that this is without loss of generality, since any asymmetric functionality can be unconditionally computed from a symmetric one by having each party input a random value, and using it to mask the output.

  2. 2.

    Importantly, this is different from semi-malicious security [38, 39] where the adversary in addition to generating messages in the support of the distribution of all honestly generated messages, outputs the input and randomness that it used, on a special tape. On the other hand, simulating an explainable adversary is much more challenging: since in this case the adversary does not output any such special tape, and therefore the input and randomness must still be extracted from an explainable adversary by the simulator.

  3. 3.

    Alternatively, \(\mathsf {R} \) could withhold the garbled circuit decoding information, i.e. the correspondence between the output wire labels and the output of the circuit, from \(\mathsf {S} \) until the \(5^{th}\) round. This would achieve the same effect, but leads to a more complex analysis. For simplicity of analysis, we choose to garble an encrypted circuit in our formal presentation.

  4. 4.

    Such protocols have been used previously in the literature, most recently in [8].

  5. 5.

    We point out that Informal Theorem 2 follows from this theorem by exchanging the roles of \(\mathsf {S} \) and \(\mathsf {R} \).

References

  1. Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991)

    MathSciNet  CrossRef  Google Scholar 

  2. Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_8

    CrossRef  Google Scholar 

  3. Ananth, P., Choudhuri, A.R., Jain, A.: A new approach to round-optimal secure multiparty computation. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 468–499. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_16

    CrossRef  Google Scholar 

  4. Badrinarayanan, S., Fernando, R., Jain, A., Khurana, D., Sahai, A.: Statistical ZAP arguments. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 642–667. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_22

    CrossRef  Google Scholar 

  5. Badrinarayanan, S., Garg, S., Ishai, Y., Sahai, A., Wadia, A.: Two-message witness indistinguishability and secure computation in the plain model from new assumptions. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology - ASIACRYPT 2017–23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017, Proceedings, Part III. pp. 275–303 (2017)

    Google Scholar 

  6. Badrinarayanan, S., Goyal, V., Jain, A., Kalai, Y.T., Khurana, D., Sahai, A.: Promise zero knowledge and its applications to round optimal MPC. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 459–487. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_16

    CrossRef  Google Scholar 

  7. Bellare, M., Jakobsson, M., Yung, M.: Round-optimal zero-knowledge arguments based on any one-way function. In: Advances in Cryptology - EUROCRYPT 1997, Proceeding. pp. 280–305 (1997)

    Google Scholar 

  8. Bitansky, N., Khurana, D., Paneth, O.: Weak zero-knowledge beyond the black-box barrier. In: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing, STOC 2019, pp. 1091–1102, Phoenix, AZ, USA, June 23–26 (2019)

    Google Scholar 

  9. Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: TCC (2018)

    Google Scholar 

  10. Brakerski, Z., Halevi, S., Polychroniadou, A.: Four round secure computation without setup. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 645–677. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_22

    CrossRef  Google Scholar 

  11. Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)

    MathSciNet  CrossRef  Google Scholar 

  12. Chongchitmate, W., Ostrovsky, R.: Circuit-private multi-key FHE. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 241–270. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54388-7_9

    CrossRef  MATH  Google Scholar 

  13. Choudhuri, A.R., Ciampi, M., Goyal, V., Jain, A., Ostrovsky, R.: On round optimal secure multiparty computation from minimal assumptions. IACR Cryptology ePrint Archive 2019, 216 (2019). https://eprint.iacr.org/2019/216

  14. Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Delayed-input non-malleable zero knowledge and multi-party coin tossing in four rounds. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 711–742. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_24

    CrossRef  Google Scholar 

  15. Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Round-optimal secure two-party computation from trapdoor permutations. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 678–710. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_23

    CrossRef  Google Scholar 

  16. Döttling, N., Garg, S., Goyal, V., Malavolta, G.: Laconic conditional disclosure of secrets and applications. In: 60th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2019, pp. 661–685, Baltimore, Maryland, USA, November 9–12 (2019). https://doi.org/10.1109/FOCS.2019.00046

  17. Döttling, N., Garg, S., Hajiabadi, M., Masny, D., Wichs, D.: Two-round oblivious transfer from CDH or LPN. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 768–797. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_26

    CrossRef  Google Scholar 

  18. Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.J.: Magic functions. In: 40th Annual Symposium on Foundations of Computer Science, FOCS 1999, pp. 523–534, New York, USA October 17–18 (1999)

    Google Scholar 

  19. Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, pp. 416–426, Baltimore, Maryland, USA, May 13–17 (1990)

    Google Scholar 

  20. Fortnow, L.: The complexity of perfect zero-knowledge (extended abstract). In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, 1987, pp. 204–209, New York, USA (1987)

    Google Scholar 

  21. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45(3), 882–929 (2016). https://doi.org/10.1137/14095772X

    MathSciNet  CrossRef  MATH  Google Scholar 

  22. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Symposium on Theory of Computing Conference, STOC 2013, pp. 467–476, Palo Alto, CA, USA, June 1–4, (2013). https://doi.org/10.1145/2488608.2488667

  23. Garg, S., Mukherjee, P., Pandey, O., Polychroniadou, A.: The exact round complexity of secure computation. In: EUROCRYPT (2016)

    Google Scholar 

  24. Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9(3), 167–189 (1996). https://doi.org/10.1007/BF00208001

    MathSciNet  CrossRef  MATH  Google Scholar 

  25. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in NP have zero-knowledge proof systems. J. ACM 38, 691–729 (1991)

    MathSciNet  CrossRef  Google Scholar 

  26. Haitner, I., Nguyen, M., Ong, S.J., Reingold, O., Vadhan, S.P.: Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009)

    MathSciNet  CrossRef  Google Scholar 

  27. Halevi, S., Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. J. Cryptology 25(1), 158–193 (2012)

    MathSciNet  CrossRef  Google Scholar 

  28. Jain, A., Jin, Z., Goyal, V., Malavolta, G.: Statistical zaps and new oblivious transfer protocols, to appear. In: Eurocrypt (2020)

    Google Scholar 

  29. Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 158–189. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_6

    CrossRef  MATH  Google Scholar 

  30. Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_5

  31. Kalai, Y.T., Khurana, D., Sahai, A.: Statistical witness indistinguishability (and more) in two messages. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 34–65. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_2

    CrossRef  MATH  Google Scholar 

  32. Katz, J.: Which languages have 4-round zero-knowledge proofs? In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 73–88. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_5

    CrossRef  Google Scholar 

  33. Katz, J., Ostrovsky, R.: Round-Optimal secure two-party computation. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 335–354. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_21

    CrossRef  Google Scholar 

  34. Khurana, D.: Round optimal concurrent non-malleability from polynomial hardness. In: Theory of Cryptography - 15th International Conference Proceedings, Part II, TCC 2017, pp. 139–171, Baltimore, MD, USA, November 12–15 (2017). https://doi.org/10.1007/978-3-319-70503-3_5

  35. Lapidot, D., Shamir, A.: Publicly verifiable non-interactive zero-knowledge proofs. In: Advances in Cryptology - CRYPTO 1990, 10th Annual International Cryptology Conference Proceedings. pp. 353–365, Santa Barbara, California, USA, August 11–15 (1990). https://doi.org/10.1007/3-540-38424-3_26

  36. Lombardi, A., Schaeffer, L.: A note on key agreement and non-interactive commitments. IACR Cryptol. ePrint Arch. 2019, 279 (2019). https://eprint.iacr.org/2019/279

  37. Lombardi, A., Vaikuntanathan, V., Wichs, D.: Statistical ZAPR arguments from bilinear maps. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 620–641. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_21

    CrossRef  Google Scholar 

  38. López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. IACR Cryptol. ePrint Arch. 2013, 94 (2013)

    MATH  Google Scholar 

  39. Mukherjee, P., Wichs, D.: Two round multiparty computation via multi-key FHE. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 735–763. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_26

    CrossRef  Google Scholar 

  40. Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151–158 (1991). https://doi.org/10.1007/BF00196774

    CrossRef  MATH  Google Scholar 

  41. Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP using any one-way permutation. J. Cryptology 11(2), 87–108 (1998)

    MathSciNet  CrossRef  Google Scholar 

  42. Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA (2001)

    Google Scholar 

  43. Ostrovsky, R., Paskin-Cherniavsky, A., Paskin-Cherniavsky, B.: Maliciously circuit-private FHE. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 536–553. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_30

    CrossRef  Google Scholar 

  44. Ostrovsky, R., Richelson, S., Scafuro, A.: Round-Optimal Black-Box Two-Party Computation. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 339–358. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_17

    CrossRef  Google Scholar 

  45. Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: 43rd (FOCS 2002), pp. 366–375, Vancouver, BC, Canada, November 16–19 (2002)

    Google Scholar 

  46. Yao, A.C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167, Toronto, Canada, October 27–29 (1986)

    Google Scholar 

Download references

Acknowledgement

We thank Giulio Malavolta, Akshayaram Srinivasan and the anonymous TCC reviewers for useful suggestions.

Author information

Authors and Affiliations

  1. University of Illinois Urbana-Champaign, Urbana, USA

    Dakshita Khurana & Muhammad Haris Mughees

Authors
  1. Dakshita Khurana
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Haris Mughees
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dakshita Khurana .

Editor information

Editors and Affiliations

  1. Cornell Tech, New York, NY, USA

    Prof. Rafael Pass

  2. Institute of Science and Technology Austria, Klosterneuburg, Austria

    Krzysztof Pietrzak

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 International Association for Cryptologic Research

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Khurana, D., Mughees, M.H. (2020). On Statistical Security in Two-Party Computation. In: Pass, R., Pietrzak, K. (eds) Theory of Cryptography. TCC 2020. Lecture Notes in Computer Science(), vol 12551. Springer, Cham. https://doi.org/10.1007/978-3-030-64378-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64378-2_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64377-5

  • Online ISBN: 978-3-030-64378-2

  • eBook Packages: Computer ScienceComputer Science (R0)