密码协议中主动安全的代价

IF 2.3 3区 计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS
Carmit Hazay, Muthuramakrishnan Venkitasubramaniam, Mor Weiss
{"title":"密码协议中主动安全的代价","authors":"Carmit Hazay, Muthuramakrishnan Venkitasubramaniam, Mor Weiss","doi":"10.1007/s00145-024-09509-2","DOIUrl":null,"url":null,"abstract":"<p>We construct the first actively-secure Multi-Party Computation (MPC) protocols with an <i>arbitrary</i> number of parties in the dishonest majority setting, for an <i>arbitrary</i> field <span>\\({\\mathbb {F}}\\)</span> with <i>constant communication overhead</i> over the “passive-GMW” protocol (Goldreich, Micali and Wigderson, STOC ‘87). Our protocols rely on passive implementations of Oblivious Transfer (OT) in the Boolean setting and Oblivious Linear function Evaluation (OLE) in the arithmetic setting. Previously, such protocols were only known over sufficiently large fields (Genkin et al. STOC ‘14) or a constant number of parties (Ishai et al. CRYPTO ‘08). Conceptually, our protocols are obtained via a new compiler from a passively-secure protocol for a distributed multiplication functionality <span>\\({{{\\mathcal {F}}}}_{\\scriptscriptstyle \\textrm{MULT}}\\)</span>, to an actively-secure protocol for general functionalities. Roughly, <span>\\({{{\\mathcal {F}}}}_{\\scriptscriptstyle \\textrm{MULT}}\\)</span> is parameterized by a linear-secret sharing scheme <span>\\({{{\\mathcal {S}}}}\\)</span>, where it takes <span>\\({{{\\mathcal {S}}}}\\)</span>-shares of two secrets and returns <span>\\({{{\\mathcal {S}}}}\\)</span>-shares of their product. We show that our compilation is concretely efficient for sufficiently large fields, resulting in an overhead of 2 when securely computing natural circuits. Our compiler has two additional benefits: (1) It can rely on <i>any</i> passive implementation of <span>\\({{{\\mathcal {F}}}}_{\\scriptscriptstyle \\textrm{MULT}}\\)</span>, which, besides the standard implementation based on OT (for Boolean) and OLE (for arithmetic), allows us to rely on implementations based on threshold cryptosystems (Cramer et al. Eurocrypt ‘01), and (2) it can rely on weaker-than-passive (i.e., imperfect/leaky) implementations, which in some parameter regimes yield actively-secure protocols with overhead less than 2. Instantiating this compiler with an “honest-majority” implementation of <span>\\({{{\\mathcal {F}}}}_{\\scriptscriptstyle \\textrm{MULT}}\\)</span>, we obtain the first honest-majority protocol (with up to one-third corruptions) for Boolean circuits with constant communication overhead over the best passive protocol (Damgård and Nielsen, CRYPTO ‘07). </p>","PeriodicalId":54849,"journal":{"name":"Journal of Cryptology","volume":"39 1","pages":""},"PeriodicalIF":2.3000,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The Price of Active Security in Cryptographic Protocols\",\"authors\":\"Carmit Hazay, Muthuramakrishnan Venkitasubramaniam, Mor Weiss\",\"doi\":\"10.1007/s00145-024-09509-2\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>We construct the first actively-secure Multi-Party Computation (MPC) protocols with an <i>arbitrary</i> number of parties in the dishonest majority setting, for an <i>arbitrary</i> field <span>\\\\({\\\\mathbb {F}}\\\\)</span> with <i>constant communication overhead</i> over the “passive-GMW” protocol (Goldreich, Micali and Wigderson, STOC ‘87). Our protocols rely on passive implementations of Oblivious Transfer (OT) in the Boolean setting and Oblivious Linear function Evaluation (OLE) in the arithmetic setting. Previously, such protocols were only known over sufficiently large fields (Genkin et al. STOC ‘14) or a constant number of parties (Ishai et al. CRYPTO ‘08). Conceptually, our protocols are obtained via a new compiler from a passively-secure protocol for a distributed multiplication functionality <span>\\\\({{{\\\\mathcal {F}}}}_{\\\\scriptscriptstyle \\\\textrm{MULT}}\\\\)</span>, to an actively-secure protocol for general functionalities. Roughly, <span>\\\\({{{\\\\mathcal {F}}}}_{\\\\scriptscriptstyle \\\\textrm{MULT}}\\\\)</span> is parameterized by a linear-secret sharing scheme <span>\\\\({{{\\\\mathcal {S}}}}\\\\)</span>, where it takes <span>\\\\({{{\\\\mathcal {S}}}}\\\\)</span>-shares of two secrets and returns <span>\\\\({{{\\\\mathcal {S}}}}\\\\)</span>-shares of their product. We show that our compilation is concretely efficient for sufficiently large fields, resulting in an overhead of 2 when securely computing natural circuits. Our compiler has two additional benefits: (1) It can rely on <i>any</i> passive implementation of <span>\\\\({{{\\\\mathcal {F}}}}_{\\\\scriptscriptstyle \\\\textrm{MULT}}\\\\)</span>, which, besides the standard implementation based on OT (for Boolean) and OLE (for arithmetic), allows us to rely on implementations based on threshold cryptosystems (Cramer et al. Eurocrypt ‘01), and (2) it can rely on weaker-than-passive (i.e., imperfect/leaky) implementations, which in some parameter regimes yield actively-secure protocols with overhead less than 2. Instantiating this compiler with an “honest-majority” implementation of <span>\\\\({{{\\\\mathcal {F}}}}_{\\\\scriptscriptstyle \\\\textrm{MULT}}\\\\)</span>, we obtain the first honest-majority protocol (with up to one-third corruptions) for Boolean circuits with constant communication overhead over the best passive protocol (Damgård and Nielsen, CRYPTO ‘07). </p>\",\"PeriodicalId\":54849,\"journal\":{\"name\":\"Journal of Cryptology\",\"volume\":\"39 1\",\"pages\":\"\"},\"PeriodicalIF\":2.3000,\"publicationDate\":\"2024-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Cryptology\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s00145-024-09509-2\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cryptology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s00145-024-09509-2","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

摘要

我们构建了首个主动安全的多方计算(MPC)协议,该协议在不诚实多数设置中具有任意数量的参与方,对于任意域 \({\mathbb {F}}\) 与 "被动-GMW "协议(Goldreich, Micali and Wigderson, STOC '87)相比具有恒定的通信开销。我们的协议依赖于布尔设置中的遗忘传输(OT)和算术设置中的遗忘线性函数评估(OLE)的被动实现。在此之前,人们只知道在足够大的字段上(Genkin 等人,STOC '14)或在恒定的各方数量上(Ishai 等人,CRYPTO '08)有这样的协议。从概念上讲,我们的协议是通过一个新的编译器从分布式乘法功能的被动安全协议({{\mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}/),获得一般功能的主动安全协议的。粗略地说,\({{{/mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}}/)是由线性秘密共享方案\({{{/mathcal {S}}}}/)参数化的,其中它接收两个秘密的\({{/mathcal {S}}}}/)-共享,并返回它们的乘积的\({{/mathcal {S}}}}/)-共享。我们证明,对于足够大的字段,我们的编译是具体高效的,在安全计算自然电路时,开销为 2。我们的编译器还有两个额外的好处:(1) 它可以依赖于任何被动实现({{\mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}),除了基于 OT(布尔)和 OLE(算术)的标准实现之外,它还允许我们依赖于基于阈值密码系统的实现(Cramer et al. Eurocrypt '01);(2) 它可以依赖于弱于被动(即、弱于被动(即不完善/不可靠)的实现,在某些参数环境下,这些实现可产生开销小于 2 的主动安全协议。将该编译器与 \({{\mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}\)的 "诚实多数 "实现进行实例化,我们获得了第一个针对布尔电路的诚实多数协议(最多有三分之一的破坏),其通信开销恒定在最佳被动协议之上(Damgård 和 Nielsen,CRYPTO '07)。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

The Price of Active Security in Cryptographic Protocols

The Price of Active Security in Cryptographic Protocols

We construct the first actively-secure Multi-Party Computation (MPC) protocols with an arbitrary number of parties in the dishonest majority setting, for an arbitrary field \({\mathbb {F}}\) with constant communication overhead over the “passive-GMW” protocol (Goldreich, Micali and Wigderson, STOC ‘87). Our protocols rely on passive implementations of Oblivious Transfer (OT) in the Boolean setting and Oblivious Linear function Evaluation (OLE) in the arithmetic setting. Previously, such protocols were only known over sufficiently large fields (Genkin et al. STOC ‘14) or a constant number of parties (Ishai et al. CRYPTO ‘08). Conceptually, our protocols are obtained via a new compiler from a passively-secure protocol for a distributed multiplication functionality \({{{\mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}\), to an actively-secure protocol for general functionalities. Roughly, \({{{\mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}\) is parameterized by a linear-secret sharing scheme \({{{\mathcal {S}}}}\), where it takes \({{{\mathcal {S}}}}\)-shares of two secrets and returns \({{{\mathcal {S}}}}\)-shares of their product. We show that our compilation is concretely efficient for sufficiently large fields, resulting in an overhead of 2 when securely computing natural circuits. Our compiler has two additional benefits: (1) It can rely on any passive implementation of \({{{\mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}\), which, besides the standard implementation based on OT (for Boolean) and OLE (for arithmetic), allows us to rely on implementations based on threshold cryptosystems (Cramer et al. Eurocrypt ‘01), and (2) it can rely on weaker-than-passive (i.e., imperfect/leaky) implementations, which in some parameter regimes yield actively-secure protocols with overhead less than 2. Instantiating this compiler with an “honest-majority” implementation of \({{{\mathcal {F}}}}_{\scriptscriptstyle \textrm{MULT}}\), we obtain the first honest-majority protocol (with up to one-third corruptions) for Boolean circuits with constant communication overhead over the best passive protocol (Damgård and Nielsen, CRYPTO ‘07).

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Cryptology
Journal of Cryptology 工程技术-工程:电子与电气
CiteScore
7.10
自引率
3.30%
发文量
24
审稿时长
18 months
期刊介绍: The Journal of Cryptology is a forum for original results in all areas of modern information security. Both cryptography and cryptanalysis are covered, including information theoretic and complexity theoretic perspectives as well as implementation, application, and standards issues. Coverage includes such topics as public key and conventional algorithms and their implementations, cryptanalytic attacks, pseudo-random sequences, computational number theory, cryptographic protocols, untraceability, privacy, authentication, key management and quantum cryptography. In addition to full-length technical, survey, and historical articles, the journal publishes short notes.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信