On-Line/Off-Line Leakage Resilient Secure Computation Protocols
We study the question of designing leakage-resilient secure computation protocols. Our model is that of only computation leaks information with a leak-free input encoding phase. In more detail, we assume an offline phase called the input encoding phase in which each party encodes its input in a specified format. This phase is assumed to be free of any leakage and may or may not depend upon the function that needs to be jointly computed by the parties. Then finally, we have a secure computation phase in which the parties exchange messages with each other. In this phase, the adversary gets access to a leakage oracle which allows it to download a function of the computation transcript produced by an honest party to compute the next outgoing message.
We present two main constructions of secure computation protocols in the above model. Our first construction is based only on the existence of (semi-honest) oblivious transfer. This construction employs an encoding phase which is dependent of the function to be computed (and the size of the encoded input is dependent on the size of the circuit of the function to be computed). Our second construction has an input encoding phase independent of the function to be computed. Hence in this construction, the parties can simple encode their input and store it as soon as it is received and then later on run secure computation for any function of their choice. Both of the above constructions, tolerate complete leakage in the secure computation phase.
Our second construction (with a function independent input encoding phase) makes use of a fully homomorphic encryption scheme. A natural question that arises is “can a leakage-resilient secure computation protocol with function independent input encoding be based on simpler and weaker primitives?”. Towards that end, we show that any such construction would imply a secure two-party computation protocol with sub-linear communication complexity (in fact, communication complexity independent of the size of the function being computed).
Finally, we also show how to extend our constructions for the continual leakage case where there is: a one time leak-free input encoding phase, a leaky secure computation phase which could be run multiple times for different functionalities (but the same input vector), and, a leaky refresh phase after each secure computation phase where the input is “re-encoded”.
Keywordsleakage secure computation protocol malicious adversary continual leakage communication complexity
Unable to display preview. Download preview PDF.
- [BCH11]Bitansky, N., Canetti, R., Halevi, S.: Leakage tolerant interactive protocols. Cryptology ePrint Archive, Report 2011/204 (2011)Google Scholar
- [BOGW88]Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: STOC, pp. 1–10. ACM (1988)Google Scholar
- [CGGM00]Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: Proceedings of 32rd Annual ACM Symposium on Theory of Computing (STOC), pp. 235–244. ACM Press (2000)Google Scholar
- [DHP11]Damgaard, I., Hazay, C., Patra, A.: Leakage resilient secure two-party computation. Cryptology ePrint Archive, Report 2011/256 (2011)Google Scholar
- [DP08]Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp. 293–302. IEEE Computer Society (2008)Google Scholar
- [Gen09]Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) STOC, pp. 169–178. ACM (2009)Google Scholar
- [Gen10]Gentry, C.: Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 116–137. Springer, Heidelberg (2010)Google Scholar
- [GJS11]Garg, S., Jain, A., Sahai, A.: Leakage-Resilient Zero Knowledge. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 297–315. Springer, Heidelberg (2011)Google Scholar
- [GKR08]Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-Time Programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)Google Scholar
- [GMW87]Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of 19th Annual ACM Symposium on Theory of Computing, pp. 218–229 (1987)Google Scholar
- [Kil95]Kilian, J.: Improved Efficient Arguments. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 311–324. Springer, Heidelberg (1995)Google Scholar
- [Yao86]Yao, A.C.: How to generate and exchange secrets. In: FOCS 1986: Proceedings of 27th Annual Symposium on Foundations of Computer Science, pp. 162–167 (1986)Google Scholar