1,037 research outputs found
Separating Two-Round Secure Computation From Oblivious Transfer
We consider the question of minimizing the round complexity of protocols for secure multiparty computation (MPC) with security against an arbitrary number of semi-honest parties. Very recently, Garg and Srinivasan (Eurocrypt 2018) and Benhamouda and Lin (Eurocrypt 2018) constructed such 2-round MPC protocols from minimal assumptions. This was done by showing a round preserving reduction to the task of secure 2-party computation of the oblivious transfer functionality (OT). These constructions made a novel non-black-box use of the underlying OT protocol. The question remained whether this can be done by only making black-box use of 2-round OT. This is of theoretical and potentially also practical value as black-box use of primitives tends to lead to more efficient constructions.
Our main result proves that such a black-box construction is impossible, namely that non-black-box use of OT is necessary. As a corollary, a similar separation holds when starting with any 2-party functionality other than OT.
As a secondary contribution, we prove several additional results that further clarify the landscape of black-box MPC with minimal interaction. In particular, we complement the separation from 2-party functionalities by presenting a complete 4-party functionality, give evidence for the difficulty of ruling out a complete 3-party functionality and for the difficulty of ruling out black-box constructions of 3-round MPC from 2-round OT, and separate a relaxed "non-compact" variant of 2-party homomorphic secret sharing from 2-round OT
08491 Abstracts Collection -- Theoretical Foundations of Practical Information Security
From 30.11. to 05.12.2008, the Dagstuhl Seminar 08491 ``Theoretical Foundations of Practical Information Security \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
How to Securely Compute the Modulo-Two Sum of Binary Sources
In secure multiparty computation, mutually distrusting users in a network
want to collaborate to compute functions of data which is distributed among the
users. The users should not learn any additional information about the data of
others than what they may infer from their own data and the functions they are
computing. Previous works have mostly considered the worst case context (i.e.,
without assuming any distribution for the data); Lee and Abbe (2014) is a
notable exception. Here, we study the average case (i.e., we work with a
distribution on the data) where correctness and privacy is only desired
asymptotically.
For concreteness and simplicity, we consider a secure version of the function
computation problem of K\"orner and Marton (1979) where two users observe a
doubly symmetric binary source with parameter p and the third user wants to
compute the XOR. We show that the amount of communication and randomness
resources required depends on the level of correctness desired. When zero-error
and perfect privacy are required, the results of Data et al. (2014) show that
it can be achieved if and only if a total rate of 1 bit is communicated between
every pair of users and private randomness at the rate of 1 is used up. In
contrast, we show here that, if we only want the probability of error to vanish
asymptotically in block length, it can be achieved by a lower rate (binary
entropy of p) for all the links and for private randomness; this also
guarantees perfect privacy. We also show that no smaller rates are possible
even if privacy is only required asymptotically.Comment: 6 pages, 1 figure, extended version of submission to IEEE Information
Theory Workshop, 201
Separating Key Agreement and Computational Differential Privacy
Two party differential privacy allows two parties who do not trust each
other, to come together and perform a joint analysis on their data whilst
maintaining individual-level privacy. We show that any efficient,
computationally differentially private protocol that has black-box access to
key agreement (and nothing stronger), is also an efficient,
information-theoretically differentially private protocol. In other words, the
existence of efficient key agreement protocols is insufficient for efficient,
computationally differentially private protocols. In doing so, we make progress
in answering an open question posed by Vadhan about the minimal computational
assumption needed for computational differential privacy.
Combined with the information-theoretic lower bound due to McGregor, Mironov,
Pitassi, Reingold, Talwar, and Vadhan in [FOCS'10], we show that there is no
fully black-box reduction from efficient, computationally differentially
private protocols for computing the Hamming distance (or equivalently inner
product over the integers) on bits, with additive error lower than
, to key agreement.
This complements the result by Haitner, Mazor, Silbak, and Tsfadia in
[STOC'22], which showed that computing the Hamming distance implies key
agreement. We conclude that key agreement is \emph{strictly} weaker than
computational differential privacy for computing the inner product, thereby
answering their open question on whether key agreement is sufficient
Structure-Preserving Smooth Projective Hashing
International audienceSmooth projective hashing has proven to be an extremely useful primitive, in particular when used in conjunction with commitments to provide implicit decommitment. This has lead to applications proven secure in the UC framework, even in presence of an adversary which can do adaptive corruptions, like for example Password Authenticated Key Exchange (PAKE), and 1-out-of-m Oblivious Transfer (OT). However such solutions still lack in efficiency, since they heavily scale on the underlying message length. Structure-preserving cryptography aims at providing elegant and efficient schemes based on classical assumptions and standard group operations on group elements. Recent trend focuses on constructions of structure- preserving signatures, which require message, signature and verification keys to lie in the base group, while the verification equations only consist of pairing-product equations. Classical constructions of Smooth Projective Hash Function suffer from the same limitation as classical signatures: at least one part of the computation (messages for signature, witnesses for SPHF) is a scalar. In this work, we introduce and instantiate the concept of Structure- Preserving Smooth Projective Hash Function, and give as applications more efficient instantiations for one-round PAKE and three-round OT, and information retrieval thanks to Anonymous Credentials, all UC- secure against adaptive adversaries
On Pseudorandom Encodings
We initiate a study of pseudorandom encodings: efficiently computable and decodable encoding functions that map messages from a given distribution to a random-looking distribution. For instance, every distribution that can be perfectly and efficiently compressed admits such a pseudorandom encoding. Pseudorandom encodings are motivated by a variety of cryptographic applications, including password-authenticated key exchange, “honey encryption” and steganography.
The main question we ask is whether every efficiently samplable distribution admits a pseudorandom encoding. Under different cryptographic assumptions, we obtain positive and negative answers for different flavors of pseudorandom encodings, and relate this question to problems in other areas of cryptography. In particular, by establishing a two-way relation between pseudorandom encoding schemes and efficient invertible sampling algorithms, we reveal a connection between adaptively secure multiparty computation for randomized functionalities and questions in the domain of steganography
Unconditionally Secure Bit Commitment
We describe a new classical bit commitment protocol based on cryptographic
constraints imposed by special relativity. The protocol is unconditionally
secure against classical or quantum attacks. It evades the no-go results of
Mayers, Lo and Chau by requiring from Alice a sequence of communications,
including a post-revelation verification, each of which is guaranteed to be
independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev.
Let
- …