17,039 research outputs found
On the Exact Round Complexity of Secure Three-Party Computation
We settle the exact round complexity of three-party computation (3PC) in honest-majority setting, for a range of security notions such as selective abort, unanimous abort, fairness and guaranteed output delivery. Selective abort security, the weakest in the lot, allows the corrupt parties to selectively deprive some of the honest parties of the output. In the mildly stronger version of unanimous abort, either all or none of the honest parties receive the output. Fairness implies that the corrupted parties receive their output only if all honest parties receive output and lastly, the strongest notion of guaranteed output delivery implies that the corrupted parties cannot prevent honest parties from receiving their output. It is a folklore that the implication holds from the guaranteed output delivery to fairness to unanimous abort to selective abort. We focus on two network settings-- pairwise-private channels without and with a broadcast channel.
In the minimal setting of pairwise-private channels, 3PC with selective abort is known to be feasible in just two rounds, while guaranteed output delivery is infeasible to achieve irrespective of the number of rounds. Settling the quest for exact round complexity of 3PC in this setting, we show that three rounds are necessary and sufficient for unanimous abort and fairness. Extending our study to the setting with an additional broadcast channel, we show that while unanimous abort is achievable in just two rounds, three rounds are necessary and sufficient for fairness and guaranteed output delivery. Our lower bound results extend for any number of parties in honest majority setting and imply tightness of several known constructions.
The fundamental concept of garbled circuits underlies all our upper bounds. Concretely, our constructions involve transmitting and evaluating only constant number of garbled circuits. Assumption-wise, our constructions rely on injective (one-to-one) one-way functions
On Secure Two-Party Computation in Three Rounds
We revisit the exact round complexity of secure two-party computation. While four rounds are known to be sufficient for securely computing general functions that provide output to one party [Katz-Ostrovsky, CRYPTO\u2704], Goldreich-Krawczyk [SIAM J. Computing\u2796] proved that three rounds are insufficient for this task w.r.t. black-box simulation.
In this work, we study the feasibility of secure computation in three rounds using non-black-box simulation. Our main result is a three-round two-party computation protocol for general functions against adversaries with auxiliary inputs of bounded size. This result relies on a new two round input-extraction protocol based on succinct randomized encodings.
We also provide a partial answer to the question of achieving security against non-uniform adversaries. Assuming sub-exponentially secure iO and one-way functions, we rule out three-round protocols that achieve polynomial simulation-based security against the output party and exponential indistinguishability-based security against the other party
Round-Optimal Secure Multiparty Computation with Honest Majority
We study the exact round complexity of secure multiparty computation (MPC) in the honest majority setting. We construct several round-optimal -party protocols, tolerating any corruptions.
- Security with abort: We give the first construction of two round MPC for general functions that achieves security with abort against malicious adversaries in the plain model. The security of our protocol only relies on one-way functions.
- Guaranteed output delivery: We also construct protocols that achieve security with guaranteed output delivery: (i) Against fail-stop adversaries, we construct two round MPC either in the (bare) public-key infrastructure model with no additional assumptions, or in the plain model assuming two-round semi-honest oblivious transfer. In three rounds, however, we can achieve security assuming only one-way functions. (ii) Against malicious adversaries, we construct three round MPC in the plain model, assuming public-key encryption and Zaps. Previously, such protocols were only known based on specific learning assumptions and required the use of common reference strings.
All of our results are obtained via general compilers that may be of independent interest
Privacy Preserving Multi-Server k-means Computation over Horizontally Partitioned Data
The k-means clustering is one of the most popular clustering algorithms in
data mining. Recently a lot of research has been concentrated on the algorithm
when the dataset is divided into multiple parties or when the dataset is too
large to be handled by the data owner. In the latter case, usually some servers
are hired to perform the task of clustering. The dataset is divided by the data
owner among the servers who together perform the k-means and return the cluster
labels to the owner. The major challenge in this method is to prevent the
servers from gaining substantial information about the actual data of the
owner. Several algorithms have been designed in the past that provide
cryptographic solutions to perform privacy preserving k-means. We provide a new
method to perform k-means over a large set using multiple servers. Our
technique avoids heavy cryptographic computations and instead we use a simple
randomization technique to preserve the privacy of the data. The k-means
computed has exactly the same efficiency and accuracy as the k-means computed
over the original dataset without any randomization. We argue that our
algorithm is secure against honest but curious and passive adversary.Comment: 19 pages, 4 tables. International Conference on Information Systems
Security. Springer, Cham, 201
Why Quantum Bit Commitment And Ideal Quantum Coin Tossing Are Impossible
There had been well known claims of unconditionally secure quantum protocols
for bit commitment. However, we, and independently Mayers, showed that all
proposed quantum bit commitment schemes are, in principle, insecure because the
sender, Alice, can almost always cheat successfully by using an
Einstein-Podolsky-Rosen (EPR) type of attack and delaying her measurements. One
might wonder if secure quantum bit commitment protocols exist at all. We answer
this question by showing that the same type of attack by Alice will, in
principle, break any bit commitment scheme. The cheating strategy generally
requires a quantum computer. We emphasize the generality of this ``no-go
theorem'': Unconditionally secure bit commitment schemes based on quantum
mechanics---fully quantum, classical or quantum but with measurements---are all
ruled out by this result. Since bit commitment is a useful primitive for
building up more sophisticated protocols such as zero-knowledge proofs, our
results cast very serious doubt on the security of quantum cryptography in the
so-called ``post-cold-war'' applications. We also show that ideal quantum coin
tossing is impossible because of the EPR attack. This no-go theorem for ideal
quantum coin tossing may help to shed some lights on the possibility of
non-ideal protocols.Comment: We emphasize the generality of this "no-go theorem". All bit
commitment schemes---fully quantum, classical and quantum but with
measurements---are shown to be necessarily insecure. Accepted for publication
in a special issue of Physica D. About 18 pages in elsart.sty. This is an
extended version of an earlier manuscript (quant-ph/9605026) which has
appeared in the proceedings of PHYSCOMP'9
- …