Low Cost Constant Round MPC Combining BMR and Oblivious Transfer
Publikation: Bidrag til tidsskrift/Konferencebidrag i tidsskrift /Bidrag til avis › Tidsskriftartikel › Forskning › peer review
Standard
Low Cost Constant Round MPC Combining BMR and Oblivious Transfer. / Hazay, Carmit; Scholl, Peter; Soria-Vazquez, Eduardo.
I: Journal of Cryptology, Bind 33, Nr. 4, 10.2020, s. 1732-1786.Publikation: Bidrag til tidsskrift/Konferencebidrag i tidsskrift /Bidrag til avis › Tidsskriftartikel › Forskning › peer review
Harvard
APA
CBE
MLA
Vancouver
Author
Bibtex
}
RIS
TY - JOUR
T1 - Low Cost Constant Round MPC Combining BMR and Oblivious Transfer
AU - Hazay, Carmit
AU - Scholl, Peter
AU - Soria-Vazquez, Eduardo
PY - 2020/10
Y1 - 2020/10
N2 - In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead.1. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality.2. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit.In both approaches, the underlying secret-sharing-based protocol is only used forone actively secure F-2 multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant-round MPC for binary circuits is not much more expensive than practical, non-constant-round protocols. We demonstrate the practicality of our second protocol with an implementation and perform experiments with up to 9 parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous protocols in this setting by 60 times.
AB - In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead.1. Our first protocol takes a generic approach using any secret-sharing-based MPC protocol for binary circuits, and a correlated oblivious transfer functionality.2. Our second protocol builds on secret-sharing-based MPC with information-theoretic MACs. This approach is less flexible, being based on a specific form of MPC, but requires no additional oblivious transfers to compute the garbled circuit.In both approaches, the underlying secret-sharing-based protocol is only used forone actively secure F-2 multiplication per AND gate. An interesting consequence of this is that, with current techniques, constant-round MPC for binary circuits is not much more expensive than practical, non-constant-round protocols. We demonstrate the practicality of our second protocol with an implementation and perform experiments with up to 9 parties securely computing the AES and SHA-256 circuits. Our running times improve upon the best possible performance with previous protocols in this setting by 60 times.
KW - MPC
KW - BMR
KW - Constant rounds
KW - Concrete efficiency
KW - UNIVERSALLY COMPOSABLE SECURITY
KW - MULTIPARTY COMPUTATION
KW - CIRCUIT
U2 - 10.1007/s00145-020-09355-y
DO - 10.1007/s00145-020-09355-y
M3 - Journal article
VL - 33
SP - 1732
EP - 1786
JO - Journal of Cryptology
JF - Journal of Cryptology
SN - 0933-2790
IS - 4
ER -