2 research outputs found

    Detect, Pack and Batch: Perfectly-Secure MPC with Linear Communication and Constant Expected Time

    Get PDF
    We prove that perfectly-secure optimally-resilient secure Multi-Party Computation (MPC) for a circuit with CC gates and depth DD can be obtained in O((Cn+n4+Dn2)logn)O((Cn+n^4 + Dn^2)\log n) communication complexity and O(D)O(D) expected time. For DnD \ll n and Cn3C\geq n^3, this is the first perfectly-secure optimal-resilient MPC protocol with linear communication complexity per gate and constant expected time complexity per layer. Compared to state-of-the-art MPC protocols in the player elimination framework [Beerliova and Hirt TCC\u2708, and Goyal, Liu, and Song CRYPTO\u2719], for C>n3C>n^3 and DnD \ll n, our results significantly improve the run time from Ω(n+D)\Omega(n+D) to expected O(D)O(D) while keeping communication complexity at O(Cnlogn)O(Cn\log n). Compared to state-of-the-art MPC protocols that obtain an expected O(D)O(D) time complexity [Abraham, Asharov, and Yanai TCC\u2721], for C>n3C>n^3, our results significantly improve the communication complexity from O(Cn4logn)O(Cn^4\log n) to O(Cnlogn)O(Cn\log n) while keeping the expected run time at O(D)O(D). One salient part of our technical contribution is centered around a new primitive we call detectable secret sharing . It is perfectly-hiding, weakly-binding, and has the property that either reconstruction succeeds or O(n)O(n) parties are (privately) detected. On the one hand, we show that detectable secret sharing is sufficiently powerful to generate multiplication triplets needed for MPC. On the other hand, we show how to share pp secrets via detectable secret sharing with communication complexity of just O(n4logn+plogn)O(n^4\log n+p \log n). When sharing pn4p\geq n^4 secrets, the communication cost is amortized to just O(1)O(1) field elements per secret. Our second technical contribution is a new Verifiable Secret Sharing protocol that can share pp secrets at just O(n4logn+pnlogn)O(n^4\log n+pn\log n) word complexity. When sharing pn3p\geq n^3 secrets, the communication cost is amortized to just O(n)O(n) filed elements per secret. The best prior required Ω(n3)\Omega(n^3) communication per secret

    On the Communication Efficiency of Statistically-Secure Asynchronous MPC with Optimal Resilience

    Get PDF
    Secure multi-party computation (MPC) is a fundamental problem in secure distributed computing. An MPC protocol allows a set of nn mutually distrusting parties with private inputs to securely compute any publicly-known function of their inputs, by keeping their respective inputs as private as possible. While several works in the past have addressed the problem of designing communication-efficient MPC protocols in the synchronous communication setting, not much attention has been paid to the design of efficient MPC protocols in the asynchronous communication setting. In this work, we focus on the design of efficient asynchronous MPC (AMPC) protocol with statistical security, tolerating a computationally unbounded adversary, capable of corrupting up to tt parties out of the nn parties. The seminal work of Ben-Or, Kelmer and Rabin (PODC 1994) and later Abraham, Dolev and Stern (PODC 2020) showed that the optimal resilience for statistically-secure AMPC is t<n/3t < n/3. Unfortunately, the communication complexity of the protocol presented by Ben-Or et al is significantly high, where the communication complexity per multiplication is Ω(n13κ2logn)\Omega(n^{13} \kappa^2 \log n) bits (where κ\kappa is the statistical-security parameter). To the best of our knowledge, no work has addressed the problem of improving the communication complexity of the protocol of Ben-Or at al. In this work, our main contributions are the following. -- We present a new statistically-secure AMPC protocol with the optimal resilience t<n/3t < n/3 and where the communication complexity is O(n4κ){\mathcal O}(n^4 \kappa) bits per multiplication. Apart from improving upon the communication complexity of the protocol of Ben-Or et al, our protocol is relatively simpler and based on very few sub-protocols, unlike the protocol of Ben-Or et al which involves several layers of subprotocols. A central component of our AMPC protocol is a new and simple protocol for verifiable asynchronous complete secret-sharing (ACSS), which is of independent interest. -- As a side result, we give the security proof for our AMPC protocol in the standard universal composability (UC) framework of Canetti (FOCS 2001, JACM 2020), which is now the defacto standard for proving the security of cryptographic protocols. This is unlike the protocol of Ben-Or et al, which was missing the formal security proofs
    corecore