Abstract
In 2016, Guruswami and Wootters showed Shamir’s secret-sharing scheme defined over an extension field has a regenerating property. Namely, we can compress each share to an element of the base field by applying a linear form, such that the secret is determined by a linear combination of the compressed shares. Immediately it seemed like an application to improve the complexity of unconditionally secure multiparty computation must be imminent; however, thus far, no result has been published.
We present the first application of regenerating codes to MPC, and show that its utility lies in reducing the number of rounds. Concretely, we present a protocol that obliviously evaluates a depth-d arithmetic circuit in \(d + O(1)\) rounds, in the amortized setting of parallel evaluations, with \(o(n^2)\) ring elements communicated per multiplication. Our protocol makes use of function-dependent preprocessing, and is secure against the maximal adversary corrupting \(t < n/2\) parties. All existing approaches in this setting have complexity \(\varOmega (n^2)\).
Moreover, we extend some of the theory on regenerating codes to Galois rings. It was already known that the repair property of MDS codes over fields can be fully characterized in terms of its dual code. We show this characterization extends to linear codes over Galois rings, and use it to show the result of Guruswami and Wootters also holds true for Shamir’s scheme over Galois rings.
Work done while Daniel Escudero was at Aarhus University.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
When Mary Wootters presented this result to the community in an invited talk of the Beyond TCS workshop affiliated to CRYPTO 2018, she posed the question to the community of what its implications to MPC are. It generated a bit of a buzz, with several members of the community working on it even during the conference, however no result has been published thus far. We remark that other applications to regenerating codes to, for example, leakage-resilience of secret-sharing schemes [3] or side-channel countermeasures have been proposed, but none of these study positive effects in MPC constructions [5].
- 2.
We could try to get around this using computationally secure pseudorandom secret sharing, but this requires an exponential number of keys in n.
- 3.
The communication of the king-based protocol is O(n) field elements for the maximal adversary \(n = 2t+1\). By incorporating a constant-rate RMFE we can achieve a communication of O(n) bits, which is asymptotically optimal [10].
- 4.
We call a single-round protocol one that only requires one round per multiplication layer in the circuit.
- 5.
We only regard 1-dimensional repair of the 0-th coordinate, since we specifically target applications to MPC. In the literature on regenerating codes, the definition typically includes all coordinates and allows for larger messages to be sent.
- 6.
Also note that product sharings do not give error detection, so if we did not insist on a maximal adversary and wanted to use random double sharings, we would have to employ different techniques to get active security.
- 7.
- 8.
This is precisely what goes wrong if one uses traditional multiplication triples: The error on each honest party’s share will depend on the honest parties’ inputs, which the adversary cannot simulate.
References
Abspoel, M., Cramer, R., Damgård, I., Escudero, D., Yuan, C.: Efficient information-theoretic secure multiparty computation over \(\mathbb{Z}/p^k\mathbb{Z}\) via Galois rings. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 471–501. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_19
Ben-Efraim, A., Nielsen, M., Omri, E.: Turbospeedz: double your online SPDZ! improving SPDZ using function dependent preprocessing. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 530–549. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_26
Benhamouda, F., Degwekar, A., Ishai, Y., Rabin, T.: On the local leakage resilience of linear secret sharing schemes. J. Cryptol. 34(2), 1–65 (2021)
Cascudo, I., Cramer, R., Xing, C., Yuan, C.: Amortized complexity of information-theoretically secure MPC revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 395–426. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_14
Chabanne, H., Maghrebi, H., Prouff, E.: Linear repairing codes and side-channel attacks. IACR Trans. Cryptographic Hardware Embedded Syst. 2018(1), 118–141 (2018)
Choudhuri, A.R., Goel, A., Green, M., Jain, A., Kaptchuk, G.: Fluid MPC: secure multiparty computation with dynamic participants. Cryptology ePrint Archive, Report 2020/754 (2020). https://eprint.iacr.org/2020/754
Cramer, R., Damgård, I., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015). ISBN 9781107043053. www.cambridge.org/de/academic/subjects/computer-science/cryptography-cryptology-and-coding/secure-multiparty-computation-and-secret-sharing?format=HB&isbn=9781107043053
Cramer, R., Rambaud, M., Xing, C.: Asymptotically-good arithmetic secret sharing over \({Z}/(p^\ell {Z})\) with strong multiplication and its applications to efficient MPC. Cryptology ePrint Archive, Report 2019/832 (2019). https://eprint.iacr.org/2019/832
Damgård, I., Nielsen, J.B.: Scalable and unconditionally secure multiparty computation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 572–590. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_32
Damgård, I., Larsen, K.G., Nielsen, J.B.: Communication lower bounds for statistically secure MPC, with or without preprocessing. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 61–84. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_3
Escudero, D., Dalskov, A.: Honest majority MPC with abort with minimal online communication. Cryptology ePrint Archive, Report 2020/1556 (2020). https://eprint.iacr.org/2020/1556
Guruswami, V., Wootters, M.: Repairing Reed-Solomon codes. CoRR, abs/1509.04764 (2015). Note, we specifically refer to the version published on arXiv
Guruswami, V., Wootters, M.: Repairing Reed-Solomon codes. In: Wichs, D., Mansour, Y. (eds.) Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, 18–21 June 2016, pp. 216–226. ACM (2016). https://doi.org/10.1145/2897518.2897525
Ishai, Y., Kushilevitz, E.: On the hardness of information-theoretic multiparty computation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 439–455. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_26
Quintin, G., Barbier, M., Chabot, C.: On generalized Reed-Solomon codes over commutative and noncommutative rings. IEEE Trans. Inf. Theory 59(9), 5882–5897 (2013)
Rashmi, K.V., Shah, N.B., Kumar, P.V.: Optimal exact-regenerating codes for distributed storage at the MSR and MBR points via a product-matrix construction. IEEE Trans. Inf. Theory 57(8), 5227–5239 (2011)
Rashmi, K.V., Shah, N.B., Ramchandran, K., Kumar, P.V.: Regenerating codes for errors and erasures in distributed storage. In: 2012 IEEE International Symposium on Information Theory Proceedings, pp. 1202–1206. IEEE (2012)
Tamo, I., Ye, M., Barg, A.: Optimal repair of Reed-Solomon codes: achieving the cut-set bound. In: 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS), pp. 216–227. IEEE (2017)
Wan, Z.-X.: Lectures on Finite Fields and Galois Rings. World Scientific Publishing Company (2003). ISBN 978-9812385048. https://doi.org/10.1142/5350
Wigderson, A., Or, M.B., Goldwasser, S.: Completeness theorems for noncryptographic fault-tolerant distributed computations. In: Proceedings of the 20th Annual Symposium on the Theory of Computing (STOC 1988), pp. 1–10 (1988)
Acknowledgments
We thank the anonymous Asiacrypt 2021 reviewers for their valuable feedback. Chaoping Xing’s research work is partially supported by the NSFC under grant 12031011, Huawei-SJTU joint projects and the National Key Research and Development Project 2020YFA0712300. During his time in Aarhus University, Daniel Escudero was supported by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme under grant agreement No 669255 (MPCPRO).
This paper was prepared for information purposes by the Artificial Intelligence Research group of JPMorgan Chase & Co and its affiliates (“JP Morgan”), and is not a product of the Research Department of JP Morgan. JP Morgan makes no representation and warranty whatsoever and disclaims all liability, for the completeness, accuracy or reliability of the information contained herein. This document is not intended as investment research or investment advice, or a recommendation, offer or solicitation for the purchase or sale of any security, financial instrument, financial product or service, or to be used in any way for evaluating the merits of participating in any transaction, and shall not constitute a solicitation under any jurisdiction or to any person, if such solicitation under such jurisdiction or to such person would be unlawful. 2021 JPMorgan Chase & Co. All rights reserved.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Abspoel, M., Cramer, R., Escudero, D., Damgård, I., Xing, C. (2021). Improved Single-Round Secure Multiplication Using Regenerating Codes. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13091. Springer, Cham. https://doi.org/10.1007/978-3-030-92075-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-92075-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92074-6
Online ISBN: 978-3-030-92075-3
eBook Packages: Computer ScienceComputer Science (R0)
