3 research outputs found
Fast Oblivious AES\\A dedicated application of the MiniMac protocol
We present an actively secure multi-party computation the of the Advanced Encryption Standard (AES). To the best of our knowledge it is the fastest of its kind to date. We start from an efficient actively secure evaluation of general binary circuits that was implemented by the authors of [DLT14]. They presented an optimized implementation of the so-called MiniMac protocol [DZ13] that runs in the pre-processing model, and applied this to a binary AES circuit.
In this paper we describe how to dedicate the pre-processing to the structure of AES, which improves significantly the throughput and latency of previous actively secure implementations. We get a latency of about 6 ms and amortised time about 0.4 ms per AES block,
which seems completely adequate for practical applications such as verification of 1-time passwords
Fast Multiparty Multiplications from shared bits
We study the question of securely multiplying N-bit integers that are stored in binary representation, in the context of protocols for dishonest majority with preprocessing. We achieve communication complexity O(N) using only secure operations over small fields F_2 and F_p with log(p) \approx log(N). For semi-honest security we achieve communication O(N)2^{O(log∗(N))} using only secure operations over F_2. This improves over the straightforward solution of simulating a Boolean multiplication circuit, both asymptotically and in practice
Efficient Generic Zero-Knowledge Proofs from Commitments
Even though Zero-knowledge has existed for more than 30 years, few
generic constructions for Zero-knowledge exist. In this paper we
present a new kind of commitment scheme on which we build a novel and
efficient Zero-knowledge protocol for circuit satisfiability.
We can prove knowledge of the AES-key which map a particular plaintext to a particular ciphertext
in less than 4 seconds with a soundness error of . Our protocol only requires a number
of commitments proportional to the security parameter with a small constant (roughly 5)