Skip to main content
SpringerLink
Log in

Actively Secure Setup for SPDZ

  • Research Article
  • Published:
Journal of Cryptology Aims and scope Submit manuscript

Abstract

We present the first actively secure, practical protocol to generate the distributed secret keys needed in the SPDZ offline protocol. As an added bonus our protocol results in the resulting distribution of the public and secret keys are such that the associated SHE ‘noise’ analysis is the same as if the distributed keys were generated by a trusted setup. We implemented the presented protocol for distributed BGV key generation within the SCALE-MAMBA  framework. Our method makes use of a new method for creating doubly (or even more) authenticated bits in different MPC engines, which has applications in other areas of MPC-based secure computation. We were able to generate keys for two parties and a plaintext size of 64 bits in around 5 min, and a little more than 18 min for a 128-bit prime.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Notes

  1. We use SCALE-MAMBA as a reference work throughout this paper as it gives a fixed target (including key sizes) for the final distributed keys we are trying to produce.

  2. Carsten Baum has pointed out that we can remove this reduction to the subset-sum by increasing, in some (important) cases, the number of bits we throw away. This however results in a less efficient protocol; thus, we rely on the Multiple Subset-Sum Problem to obtain an efficient protocol. As our focus is primarily on trying to obtain as efficient a protocol as possible we prefer to keep the reliance on the MSSP problem.

  3. If the underlying MPC system is SPDZ based, then a more efficient way to perform the method is using the FHE pre-processing instead of directly within the Offline phase as implied by the given protocol. But this assumes the pre-processing is FHE based, which it will not be in our application.

  4. In our security proof we show that this specific information can be perfectly simulated by the simulator and leaks no information about the actual shared value.

  5. The density of a standard subset sum problem is given by \(d = \frac{\nu }{\max _i \log a_i}\).

  6. See the proof of the theorem below.

  7. Note that \(\gamma =1\) since \(p_0, p_1\) are both big.

  8. Of course in practice we generate the secure bits in batches and hence this is just the minimal number of rounds required.

  9. Our implementations are now included in the SCALE-MAMBA code-base.

References

  1. I. Damgård, V. Pastro, N.P. Smart, S. Zakarias, Multiparty computation from somewhat homomorphic encryption, in R. Safavi-Naini, R. Canetti, eds. Advances in Cryptology – CRYPTO 2012. Volume 7417 of Lecture Notes in Computer Science, (Springer, Santa Barbara, CA, USA, 2012), pp. 643–662.

  2. Z. Brakerski, C. Gentry, V. Vaikuntanathan, (Leveled) fully homomorphic encryption without bootstrapping. in S. Goldwasser, ed., ITCS 2012: 3rd Innovations in Theoretical Computer Science, (Association for Computing Machinery, Cambridge, MA, USA, 2012), pp. 309–325

  3. I. Damgård., M. Keller, E. Larraia, V. Pastro, P. Scholl, N.P. Smart, Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits. In J. Crampton, S. Jajodia, K. Mayes, eds. ESORICS 2013: 18th European Symposium on Research in Computer Security. Volume 8134 of Lecture Notes in Computer Science, (Springer, Egham, UK, Heidelberg, Germany, 2013), pp. 1–18

  4. C. Gentry, A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)

  5. G. Asharov, A. Jain, A. López-Alt, E. Tromer, V. Vaikuntanathan, D. Wichs, Multiparty computation with low communication, computation and interaction via threshold FHE, in D. Pointcheval, T. Johansson, eds. Advances in Cryptology – EUROCRYPT 2012. Volume 7237 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Cambridge, UK, 2012), pp. 483–501

  6. C. Mouchet, J. Troncoso-Pastoriza, J.P. Hubaux, Computing across trust boundaries using distributed homomorphic cryptography. Cryptology ePrint Archive, Report 2019/961 (2019) https://eprint.iacr.org/2019/961

  7. R. Cramer, I. Damgård, D. Escudero, P. Scholl, C. Xing, SPD \(\mathbb{Z}_{2^k}\): efficient MPC mod \(2^k\) for dishonest majority, in H. Shacham, A. Boldyreva eds., Advances in Cryptology – CRYPTO 2018, Part II. Volume 10992 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 2018), pp. 769–798

  8. M. Keller, E. Orsini, P. Scholl, MASCOT: faster malicious arithmetic secure computation with oblivious transfer, in E.R. Weippl, S. Katzenbeisser, C. Kruegel, A.C. Myers, S. Halevi, eds. ACM CCS 2016: 23rd Conference on Computer and Communications Security, (ACM Press, Vienna, Austria, 2016), pp. 830–842

  9. E. Orsini, N.P. Smart, F. Vercauteren, Overdrive2k: Efficient secure MPC over \(\mathbb{Z}_{2^k}\) from somewhat homomorphic encryption, in S. Jarecki ed., Topics in Cryptology – CT-RSA 2020. Volume 12006 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, San Francisco, CA, USA, 2020), pp. 254–283

  10. B.R. Curtis, R. Player, On the feasibility and impact of standardising sparse-secret LWE parameter sets for homomorphic encryption, [45] 1–10

  11. R. Bendlin, I. Damgård, C. Orlandi, S. Zakarias, Semi-homomorphic encryption and multiparty computation, in K.G. Paterson, ed., Advances in Cryptology – EUROCRYPT 2011. Volume 6632 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Tallinn, Estonia, 2011), pp. 169–188

  12. A. Aly, E. Orsini, D. Rotaru, N.P. Smart, T. Wood, Zaphod: Efficiently combining LSSS and garbled circuits in SCALE, [45] 33–44

  13. D. Rotaru, T. Wood, MArBled circuits: Mixing arithmetic and Boolean circuits with active security, in F. Hao, S. Ruj, S. Sen Gupta, eds., [Progress in Cryptology - INDOCRYPT 2019: 20th International Conference in Cryptology in India. Volume 11898 of Lecture Notes in Computer Science

  14. M. Keller, MP-SPDZ: a versatile framework for multi-party computation. in J. Ligatti, X. Ou, J. Katz, G. Vigna, eds., ACM CCS 2020: 27th Conference on Computer and Communications Security, Virtual Event, (ACM Press, USA, 2020), pp. 1575–1590

  15. E. Boyle, G. Couteau, N. Gilboa, Y. Ishai, L. Kohl, P. Scholl, Efficient pseudorandom correlation generators: silent OT extension and more, in A. Boldyreva, D. Micciancio, eds., Advances in Cryptology – CRYPTO 2019, Part III. Volume 11694 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 2019), pp. 489–518

  16. M.K. Franklin, S. Haber, Joint encryption and message-efficient secure computation, in D.R. Stinson, ed., Advances in Cryptology – CRYPTO’93. Volume 773 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 1994), pp. 266–277

  17. Franklin, M.K., Haber, S.: Joint encryption and message-efficient secure computation. Journal of Cryptology 9(4) (1996) 217–232

    Article  MathSciNet  Google Scholar 

  18. R. Cramer, I. Damgård, J.B. Nielsen, Multiparty computation from threshold homomorphic encryption, in B. Pfitzmann, ed., Advances in Cryptology – EUROCRYPT 2001. Volume 2045 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Innsbruck, Austria, 2001), pp. 280–299

  19. M. Chen, C. Hazay, Y. Ishai, Y. Kashnikov, D. Micciancio, T. Riviere, A. Shelat, M. Venkitasubramaniam, R. Wang, Diogenes: lightweight scalable RSA modulus generation with a dishonest majority, in 42nd IEEE Symposium on Security and Privacy, SP 2021, (San Francisco, CA, USA, 2021), pp. 590–607

  20. I. Damgård, M. Geisler, M. Krøigaard, J.B. Nielsen, Asynchronous multiparty computation: theory and implementation, in S. Jarecki, G. Tsudik, eds. PKC 2009: 12th International Conference on Theory and Practice of Public Key Cryptography. Volume 5443 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Irvine, CA, USA, 2009), pp. 160–179

  21. Y. Ishai, E. Kushilevitz, S. Meldgaard, C. Orlandi, A. Paskin-Cherniavsky, On the power of correlated randomness in secure computation, in A. Sahai, ed. TCC 2013: 10th Theory of Cryptography Conference. Volume 7785 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Tokyo, Japan, 2013), pp. 600–620

  22. I. Damgård, C. Orlandi, Multiparty computation for dishonest majority: from passive to active security at low cost, in T. Rabin, ed. Advances in Cryptology – CRYPTO 2010. Volume 6223 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 2010), pp. 558–576

  23. J.B. Nielsen, P.S. Nordholt, C. Orlandi, S.S. Burra, A new approach to practical active-secure two-party computation, in R. Safavi-Naini, R. Canetti, eds. Advances in Cryptology – CRYPTO 2012. Volume 7417 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 2012), pp. 681–700

  24. R. Rivest, Unconditionally secure commitment and oblivious transfer schemes using private channels and a trusted initializer, 1999

  25. D. Beaver, Efficient multiparty protocols using circuit randomization, in J. Feigenbaum, ed., Advances in Cryptology – CRYPTO’91. Volume 576 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 1992), pp. 420–432

  26. R. Bendlin, I. Damgård, Threshold decryption and zero-knowledge proofs for lattice-based cryptosystems, in D. Micciancio, ed. TCC 2010: 7th Theory of Cryptography Conference. Volume 5978 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Zurich, Switzerland, 2010), pp. 201–218

  27. M. Keller, V. Pastro, D. Rotaru, Overdrive: Making SPDZ great again, in J.B. Nielsen, V. Rijmen, eds. Advances in Cryptology – EUROCRYPT 2018, Part III. Volume 10822 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Tel Aviv, Israel, 2018), pp. 158–189

  28. C. Baum, D. Cozzo, N.P. Smart, using TopGear in overdrive: a more efficient ZKPoK for SPDZ, in K.G. Paterson, D. Stebila, eds. SAC 2019: 26th Annual International Workshop on Selected Areas in Cryptography. Volume 11959 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Waterloo, ON, Canada, 2019), pp. 274–302

  29. C. Gentry, S. Halevi, N.P. Smart, Homomorphic evaluation of the AES circuit, in R. Safavi-Naini, R. Canetti, eds. Advances in Cryptology – CRYPTO 2012. Volume 7417 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 2012), pp. 850–867

  30. C. Gentry, S. Halevi, N.P. Smart, Homomorphic evaluation of the AES circuit. Cryptology ePrint Archive, Report 2012/099 (2012) https://eprint.iacr.org/2012/099

  31. E. Alkim, L. Ducas, T. Pöppelmann, P. Schwabe, Post-quantum key exchange: a new hope, in T. Holz, S. Savage, eds. USENIX Security 2016: 25th USENIX Security Symposium, Austin, TX, USA, USENIX Association, 2016, pp. 327–343

  32. Y. Pan, F. Zhang, A note on the density of the multiple subset sum problems. Cryptology ePrint Archive, Report 2011/525 (2011) https://eprint.iacr.org/2011/525

  33. E. Horowitz, S. Sahni, Computing partitions with applications to the knapsack problem. Journal of the Association for Computing Machinery 21 (1974) 277–292

  34. D. Pisinger, Linear time algorithms for knapsack problems with bounded weights. Journal of Algorithms 33 (1999) 1–14

  35. K. Koiliaris, C. Xu, A faster pseudopolynomial time algorithm for subset sum, in P.N. Klein, ed. ACM-SIAM Symposium on Discrete Algorithms, SODA 2017, 2017, pp. 1062–1072

  36. M. Keller, E. Orsini, P. Scholl, Actively secure OT extension with optimal overhead, in R. Gennaro, M.J.B Robshaw, eds. Advances in Cryptology – CRYPTO 2015, Part I. Volume 9215 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 2015), pp. 724–741

  37. X. Wang, S. Ranellucci, J. Katz, Global-scale secure multiparty computation, in B.M. Thuraisingham, D. Evans, T. Malkin, D. Xu, eds. ACM CCS 2017: 24th Conference on Computer and Communications Security, (ACM Press, Dallas, TX, USA, 2017), pp. 39–56

  38. R. Zhu, C. Ding, Y. Huang, Practical MPC+FHE with applications in secure multi-PartyNeural network evaluation. Cryptology ePrint Archive, Report 2020/550 (2020) https://eprint.iacr.org/2020/550

  39. M. Keller, E. Orsini, D. Rotaru, P. Scholl, E. Soria-Vazquez, S. Vivek, Faster secure multi-party computation of AES and DES using lookup tables, in D. Gollmann, A. Miyaji, H. Kikuchi, eds. ACNS 17: 15th International Conference on Applied Cryptography and Network Security, Volume 10355 of Lecture Notes in Computer Science, (Springer, Heidelberg, Kanazawa, Japan, Germany, 2017), pp. 229–249

  40. A. Aly, K. Cong, D. Cozzo, M. Keller, E. Orsini, D. Rotaru, O. Scherer, P. Scholl, N.P. Smart, T. Tanguy, T. Wood, SCALE-MAMBA v1.14: Documentation (2021)

  41. T.K. Frederiksen, M. Keller, E. Orsini, P. Scholl, A unified approach to MPC with preprocessing using OT, in T. Iwata, J.H. Cheon, eds. Advances in Cryptology – ASIACRYPT 2015, Part I. Volume 9452 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Auckland, New Zealand, 2015), pp. 711–735

  42. Y. Ishai, J. Kilian, K. Nissim, E. Petrank, Extending oblivious transfers efficiently, in D. Boneh, ed. Advances in Cryptology – CRYPTO 2003. Volume 2729 of Lecture Notes in Computer Science, (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 2003), pp. 145–161

  43. S.S. Burra, E. Larraia, J.B. Nielsen, P.S. Nordholt, C. Orlandi, E. Orsini, P. Scholl, N.P. Smart, High-performance multi-party computation for binary circuits based on oblivious transfer. J. Cryptol. 34(3), 34 (2021)

  44. Data61: MP-SPDZ (2019) https://github.com/data61/MP-SPDZ

  45. M. Brenner, T. Lepoint, K. Rohloff, eds. Proceedings of the 7th ACM Workshop on Encrypted Computing & Applied Homomorphic Cryptography, WAHC@CCS 2019, (ACM, London, UK, 2019)

Download references

Acknowledgements

The authors would like to thank Carsten Baum and Emmanuela Orsini for suggestions in relation to the work in this paper and Claudio Orlandi in elaborating on the early history of the BDOZ and Tiny-OT work. The work in this paper was carried out, while Dragos Rotaru and Tim Wood were PhD students at the University of Bristol and were employed by KU Leuven. This work has been supported in part by ERC Advanced Grant ERC-2015-AdG-IMPaCT, by the Defense Advanced Research Projects Agency (DARPA) and Space and Naval Warfare Systems Center, Pacific (SSC Pacific) under contract No. N66001-15-C-4070 and FA8750-19-C-0502, by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA) via Contract No. 2019-1902070006, by the FWO under an Odysseus project GOH9718N and by CyberSecurity Research Flanders with reference number VR20192203. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the ERC, ODNI, US Air Force, IARPA, DARPA, the US Government or FWO. The US Government is authorised to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation therein.

Author information

Authors and Affiliations

  1. Cape Privacy, New York, NY, USA

    Dragos Rotaru

  2. imec-COSIC, KU Leuven, Leuven, Belgium

    Dragos Rotaru, Nigel P. Smart, Titouan Tanguy, Frederik Vercauteren & Tim Wood

Authors
  1. Dragos Rotaru
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nigel P. Smart
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Titouan Tanguy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frederik Vercauteren
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tim Wood
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nigel P. Smart.

Additional information

Communicated by Jonathan Katz.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rotaru, D., Smart, N.P., Tanguy, T. et al. Actively Secure Setup for SPDZ. J Cryptol 35, 5 (2022). https://doi.org/10.1007/s00145-021-09416-w

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00145-021-09416-w

Keywords

Search

Navigation