Binary AMD Circuits from Secure Multiparty Computation

An AMD circuit over a finite field $\mathbb F$ is a randomized arithmetic circuit that offers the ``best possible protection\u27\u27 against additive attacks. That is, the effect of every additive attack that may blindly add a (possibly different) element of $\mathbb F$ to every internal wire of the circuit can be simulated by an ideal attack that applies only to the inputs and outputs. Genkin et al. (STOC 2014, Crypto 2015) introduced AMD circuits as a means for protecting MPC protocols against active attacks, and showed that every arithmetic circuit C over F can be transformed into an equivalent AMD circuit of size $O(|C|)$ with $O(1/|\mathbb F|)$ simulation error. However, for the case of the binary field $\mathbb F=\mathbb F_2$, their constructions relied on a tamper-proof output decoder and could only realize a weaker notion of security. We obtain the first constructions of fully secure binary AMD circuits. Given a boolean circuit $C$ and a statistical security parameter $s$, we construct an equivalent binary AMD circuit $C\u27$ of size $|C|*polylog(|C|,s)$ (ignoring lower order additive terms) with $2^{-s}$ simulation error. That is, the effect of toggling an arbitrary subset of wires can be simulated by toggling only input and output wires. Our construction combines in a general way two types of ``simple\u27\u27 honest-majority MPC protocols: protocols that only offer security against passive adversaries, and protocols that only offer correctness against active adversaries. As a corollary, we get a conceptually new technique for constructing active-secure two-party protocols in the OT-hybrid model, and reduce the open question of obtaining such protocols with constant computational overhead to a similar question in these simpler MPC models

Field Extension in Secret-Shared Form and Its Applications to Efficient Secure Computation

Secure computation enables participating parties to jointly compute a function over their inputs while keeping them private. Secret sharing plays an important role for maintaining privacy during the computation. In most schemes, secret sharing over the same finite field is normally utilized throughout all the steps in the secure computation. A major drawback of this “uniform” approach is that one has to set the size of the field to be as large as the maximum of all the lower bounds derived from all the steps in the protocol. This easily leads to a requirement for using a large field which, in turn, makes the protocol inefficient. In this paper, we propose a “non-uniform” approach: dynamically changing the fields so that they are suitable for each step of computation. At the core of our approach is a surprisingly simple method to extend the underlying field of a secret sharing scheme, in a non-interactive manner, while maintaining the secret being shared. Using our approach, default computations can hence be done in a small field, which allows better efficiency, while one would extend to a larger field only at the necessary steps. As the main application of our technique, we show an improvement upon the recent actively secure protocol proposed by Chida et al. (Crypto’18). The improved protocol can handle a binary field, which enables XOR-free computation of a boolean circuit. Other applications include efficient (batch) equality check and consistency check protocols, which are useful for, e.g., password-based threshold authenticatio

The Price of Active Security in Cryptographic Protocols

We construct the first actively-secure Multi-Party Computation (MPC) protocols with an arbitrary number of parties in the dishonest majority setting, for an arbitrary field F with constant communication overhead over the “passive-GMW” protocol (Goldreich, Micali and Wigderson, STOC ‘87). Our protocols rely on passive implementations of Oblivious Transfer (OT) in the boolean setting and Oblivious Linear function Evaluation (OLE) in the arithmetic setting. Previously, such protocols were only known over sufficiently large fields (Genkin et al. STOC ‘14) or a constant number of parties (Ishai et al. CRYPTO ‘08). Conceptually, our protocols are obtained via a new compiler from a passively-secure protocol for a distributed multiplication functionality $F_{mult}$ , to an actively-secure protocol for general functionalities. Roughly, $F_{mult}$ is parameterized by a linear-secret sharing scheme S, where it takes S-shares of two secrets and returns S-shares of their product. We show that our compilation is concretely efficient for sufficiently large fields, resulting in an over- head of 2 when securely computing natural circuits. Our compiler has two additional benefits: (1) it can rely on any passive implementation of $F_{mult}$, which, besides the standard implementation based on OT (for boolean) and OLE (for arithmetic) allows us to rely on implementations based on threshold cryptosystems (Cramer et al. Eurocrypt ‘01); and (2) it can rely on weaker-than-passive (i.e., imperfect/leaky) implementations, which in some parameter regimes yield actively-secure protocols with overhead less than 2. Instantiating this compiler with an “honest-majority” implementation of FMULT, we obtain the first honest-majority protocol with optimal corruption threshold for boolean circuits with constant communication overhead over the best passive protocol (Damgård and Nielsen, CRYPTO ‘07)

Theory of Cryptography [electronic resource] : 14th International Conference, TCC 2016-B, Beijing, China, October 31-November 3, 2016, Proceedings, Part I /

The two-volume set LNCS 9985 and LNCS 9986 constitutes the refereed proceedings of the 14th International Conference on Theory of Cryptography, TCC 2016-B, held in Beijing, China, in November 2016. The total of 45 revised full papers presented in the proceedings were carefully reviewed and selected from 113 submissions. The papers were organized in topical sections named: TCC test-of-time award; foundations; unconditional security; foundations of multi-party protocols; round complexity and efficiency of multi-party computation; differential privacy; delegation and IP; public-key encryption; obfuscation and multilinear maps; attribute-based encryption; functional encryption; secret sharing; new models.TCC Test-of-Time Award -- From Indifferentiability to Constructive Cryptography (and Back) -- Foundations -- Fast Pseudorandom Functions Based on Expander Graphs -- 3-Message Zero Knowledge Against Human Ignorance -- The GGM Function Family is a Weakly One-Way Family of Functions -- On the (In)security of SNARKs in the Presence of Oracles -- Leakage Resilient One-Way Functions: The Auxiliary-Input Setting -- Simulating Auxiliary Inputs, Revisited -- Unconditional Security -- Pseudoentropy: Lower-bounds for Chain rules and Transformations -- Oblivious Transfer from Any Non-Trivial Elastic Noisy Channel via Secret Key Agreement -- Simultaneous Secrecy and Reliability Amplification for a General Channel Model -- Proof of Space from Stacked Expanders -- Perfectly Secure Message Transmission in Two Rounds -- Foundations of Multi-Party Protocols -- Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious -- Binary AMD Circuits from Secure Multiparty Computation -- Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity -- Composable Adaptive Secure Protocols without Setup under Polytime Assumptions -- Adaptive Security of Yao’s Garbled Circuits -- Round Complexity and Efficiency of Multi-Party Computation -- Efficient Secure Multiparty Computation with Identifiable Abort -- Secure Multiparty RAM Computation in Constant Rounds -- Constant-Round Maliciously Secure Two-Party Computation in the RAM Model -- More Efficient Constant-Round Multi-Party Computation from BMR and SHE -- Cross&Clean: Amortized Garbled Circuits With Constant Overhead -- Differential Privacy -- Separating Computational and Statistical Differential Privacy in the Client-Server Model -- Concentrated Differential Privacy: Simplifications, Extensions, and Lower Bounds -- Strong Hardness of Privacy from Weak Traitor Tracing. .The two-volume set LNCS 9985 and LNCS 9986 constitutes the refereed proceedings of the 14th International Conference on Theory of Cryptography, TCC 2016-B, held in Beijing, China, in November 2016. The total of 45 revised full papers presented in the proceedings were carefully reviewed and selected from 113 submissions. The papers were organized in topical sections named: TCC test-of-time award; foundations; unconditional security; foundations of multi-party protocols; round complexity and efficiency of multi-party computation; differential privacy; delegation and IP; public-key encryption; obfuscation and multilinear maps; attribute-based encryption; functional encryption; secret sharing; new models