Aarhus University Seal / Aarhus Universitets segl

Low Cost Constant Round MPC Combining BMR and Oblivious Transfer

Publikation: Bidrag til tidsskrift/Konferencebidrag i tidsskrift /Bidrag til avisTidsskriftartikelForskningpeer review

Standard

Low Cost Constant Round MPC Combining BMR and Oblivious Transfer. / Hazay, Carmit; Scholl, Peter; Soria-Vazquez, Eduardo.

I: Journal of Cryptology, Bind 33, Nr. 4, 10.2020, s. 1732-1786.

Publikation: Bidrag til tidsskrift/Konferencebidrag i tidsskrift /Bidrag til avisTidsskriftartikelForskningpeer review

Harvard

APA

CBE

MLA

Vancouver

Author

Hazay, Carmit ; Scholl, Peter ; Soria-Vazquez, Eduardo. / Low Cost Constant Round MPC Combining BMR and Oblivious Transfer. I: Journal of Cryptology. 2020 ; Bind 33, Nr. 4. s. 1732-1786.

Bibtex

@article{1a0463de3c554cde94bc5f579ed04c7e,
title = "Low Cost Constant Round MPC Combining BMR and Oblivious Transfer",
abstract = "In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead.1. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality.2. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit.In both approaches, the underlying secret-sharing-based protocol is only used forone actively secure F-2 multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant-round MPC for binary circuits is not much more expensive than practical, non-constant-round protocols. We demonstrate the practicality of our second protocol with an implementation and perform experiments with up to 9 parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous protocols in this setting by 60 times.",
keywords = "MPC, BMR, Constant rounds, Concrete efficiency, UNIVERSALLY COMPOSABLE SECURITY, MULTIPARTY COMPUTATION, CIRCUIT",
author = "Carmit Hazay and Peter Scholl and Eduardo Soria-Vazquez",
year = "2020",
month = oct,
doi = "10.1007/s00145-020-09355-y",
language = "English",
volume = "33",
pages = "1732--1786",
journal = "Journal of Cryptology",
issn = "0933-2790",
publisher = "Springer",
number = "4",

}

RIS

TY - JOUR

T1 - Low Cost Constant Round MPC Combining BMR and Oblivious Transfer

AU - Hazay, Carmit

AU - Scholl, Peter

AU - Soria-Vazquez, Eduardo

PY - 2020/10

Y1 - 2020/10

N2 - In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead.1. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality.2. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit.In both approaches, the underlying secret-sharing-based protocol is only used forone actively secure F-2 multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant-round MPC for binary circuits is not much more expensive than practical, non-constant-round protocols. We demonstrate the practicality of our second protocol with an implementation and perform experiments with up to 9 parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous protocols in this setting by 60 times.

AB - In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead.1. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality.2. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit.In both approaches, the underlying secret-sharing-based protocol is only used forone actively secure F-2 multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant-round MPC for binary circuits is not much more expensive than practical, non-constant-round protocols. We demonstrate the practicality of our second protocol with an implementation and perform experiments with up to 9 parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous protocols in this setting by 60 times.

KW - MPC

KW - BMR

KW - Constant rounds

KW - Concrete efficiency

KW - UNIVERSALLY COMPOSABLE SECURITY

KW - MULTIPARTY COMPUTATION

KW - CIRCUIT

U2 - 10.1007/s00145-020-09355-y

DO - 10.1007/s00145-020-09355-y

M3 - Journal article

VL - 33

SP - 1732

EP - 1786

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 4

ER -