Generation and Distribution of Quantum Oblivious Keys for Secure Multiparty Computation

The oblivious transfer primitive is sufficient to implement secure multiparty computation. However, secure multiparty computation based only on classical cryptography is severely limited by the security and efficiency of the oblivious transfer implementation. We present a method to efficiently and securely generate and distribute oblivious keys by exchanging qubits and by performing commitments using classical hash functions. With the presented hybrid approach, quantum and classical, we obtain a practical and high-speed oblivious transfer protocol, secure even against quantum computer attacks. The oblivious distributed keys allow implementing a fast and secure oblivious transfer protocol, which can pave the way for the widespread of applications based on secure multiparty computation.Comment: 11 pages, 5 figure

A New Upperbound for the Oblivious Transfer Capacity of Discrete Memoryless Channels

We derive a new upper bound on the string oblivious transfer capacity of discrete memoryless channels. The main tool we use is the tension region of a pair of random variables introduced in Prabhakaran and Prabhakaran (2014) where it was used to derive upper bounds on rates of secure sampling in the source model. In this paper, we consider secure computation of string oblivious transfer in the channel model. Our bound is based on a monotonicity property of the tension region in the channel model. We show that our bound strictly improves upon the upper bound of Ahlswede and Csisz\'ar (2013).Comment: 7 pages, 3 figures, extended version of submission to IEEE Information Theory Workshop, 201

How Many Oblivious Transfers are Needed for Secure Multiparty Computation? ∗

Oblivious transfer (OT) is an essential building block for secure multiparty computation when there is no honest majority. In this setting, current protocols for n ≥ 3 parties require each pair of parties to engage in a single OT for each gate in the circuit being evaluated. Since implementing OT typically requires expensive public-key operations (alternatively, expensive setup or physical infrastructure), minimizing the number of OTs is a highly desirable goal. In this work we initiate a study of this problem in both an information-theoretic and a computational setting and obtain the following results. • If the adversary can corrupt up to t = (1−ɛ)n parties, where ɛ> 0 is an arbitrarily small constant, then a total of O(n) OT channels between pairs of parties are necessary and sufficient for general secure computation. Combined with previous protocols for “extending OTs”, O(nk) invocations of OT are sufficient for computing arbitrary functions with computational security, where k is a security parameter. • The above result does not improve over the previous state of the art in the important case where t = n − 1, when the number of parties is small, or in the information-theoretic setting. For thes

Semi-homomorphic Encryption and Multiparty Computation

An additively-homomorphic encryption scheme enables us to compute linear functions of an encrypted input by manipulating only the ciphertexts. We define the relaxed notion of a semi-homomorphic encryption scheme, where the plaintext can be recovered as long as the computed function does not increase the size of the input too much . We show that a number of existing cryptosystems are captured by our relaxed notion. In particular, we give examples of semi-homomorphic encryption schemes based on lattices, subset sum and factoring. We then demonstrate how semi-homomorphic encryption schemes allow us to construct an efficient multiparty computation protocol for arithmetic circuits, UC-secure against a dishonest majority. The protocol consists of a preprocessing phase and an online phase. Neither the inputs nor the function to be computed have to be known during preprocessing. Moreover, the online phase is extremely efficient as it requires no cryptographic operations: the parties only need to exchange additive shares and verify information theoretic MACs. Our contribution is therefore twofold: from a theoretical point of view, we can base multiparty computation on a variety of different assumptions, while on the practical side we offer a protocol with better efficiency than any previous solution