6 research outputs found
Generation and Distribution of Quantum Oblivious Keys for Secure Multiparty Computation
The oblivious transfer primitive is sufficient to implement secure multiparty
computation. However, secure multiparty computation based only on classical
cryptography is severely limited by the security and efficiency of the
oblivious transfer implementation. We present a method to efficiently and
securely generate and distribute oblivious keys by exchanging qubits and by
performing commitments using classical hash functions. With the presented
hybrid approach, quantum and classical, we obtain a practical and high-speed
oblivious transfer protocol, secure even against quantum computer attacks. The
oblivious distributed keys allow implementing a fast and secure oblivious
transfer protocol, which can pave the way for the widespread of applications
based on secure multiparty computation.Comment: 11 pages, 5 figure
A New Upperbound for the Oblivious Transfer Capacity of Discrete Memoryless Channels
We derive a new upper bound on the string oblivious transfer capacity of
discrete memoryless channels. The main tool we use is the tension region of a
pair of random variables introduced in Prabhakaran and Prabhakaran (2014) where
it was used to derive upper bounds on rates of secure sampling in the source
model. In this paper, we consider secure computation of string oblivious
transfer in the channel model. Our bound is based on a monotonicity property of
the tension region in the channel model. We show that our bound strictly
improves upon the upper bound of Ahlswede and Csisz\'ar (2013).Comment: 7 pages, 3 figures, extended version of submission to IEEE
Information Theory Workshop, 201
How Many Oblivious Transfers are Needed for Secure Multiparty Computation? â
Oblivious transfer (OT) is an essential building block for secure multiparty computation when there is no honest majority. In this setting, current protocols for n â„ 3 parties require each pair of parties to engage in a single OT for each gate in the circuit being evaluated. Since implementing OT typically requires expensive public-key operations (alternatively, expensive setup or physical infrastructure), minimizing the number of OTs is a highly desirable goal. In this work we initiate a study of this problem in both an information-theoretic and a computational setting and obtain the following results. âą If the adversary can corrupt up to t = (1âÉ)n parties, where É> 0 is an arbitrarily small constant, then a total of O(n) OT channels between pairs of parties are necessary and sufficient for general secure computation. Combined with previous protocols for âextending OTsâ, O(nk) invocations of OT are sufficient for computing arbitrary functions with computational security, where k is a security parameter. âą The above result does not improve over the previous state of the art in the important case where t = n â 1, when the number of parties is small, or in the information-theoretic setting. For thes
Semi-homomorphic Encryption and Multiparty Computation
An additively-homomorphic encryption scheme enables us to compute
linear functions of an encrypted input by manipulating only the ciphertexts. We define the relaxed notion of a semi-homomorphic
encryption scheme, where the plaintext can be recovered as long as the
computed function does not increase the size of the input too
much . We show that a number of existing cryptosystems are
captured by our relaxed notion. In particular, we give examples of semi-homomorphic encryption schemes based on lattices, subset sum and factoring.
We then demonstrate how semi-homomorphic encryption schemes allow us
to construct an efficient multiparty computation protocol for arithmetic circuits, UC-secure against a dishonest majority. The protocol consists of a preprocessing phase and an online phase. Neither the inputs nor the function to be computed have to be known during preprocessing.
Moreover, the online phase is extremely efficient as it requires
no cryptographic operations: the parties only need to exchange additive shares and verify information theoretic MACs.
Our contribution is therefore twofold: from a theoretical point of view, we can base multiparty computation on a variety of different assumptions, while on the practical side we offer a protocol with better efficiency than any previous solution