Abstract
We prove that perfectly-secure optimally-resilient secure Multi-Party Computation (MPC) for a circuit with C gates and depth D can be obtained in \({\mathcal {O}}((Cn+n^4 + Dn^2)\log n)\) communication complexity and \({\mathcal {O}}(D)\) expected time. For \(D \ll n\) and \(C\ge n^3\), this is the first perfectly-secure optimal-resilient MPC protocol with linear communication complexity per gate and constant expected time complexity per layer.
Compared to state-of-the-art MPC protocols in the player elimination framework [Beerliova and Hirt TCC’08, and Goyal, Liu, and Song CRYPTO’19], for \(C>n^3\) and \(D \ll n\), our results significantly improve the run time from \(\varTheta (n+D)\) to expected \({\mathcal {O}}(D)\) while keeping communication complexity at \({\mathcal {O}}(Cn\log n)\).
Compared to state-of-the-art MPC protocols that obtain an expected \({\mathcal {O}}(D)\) time complexity [Abraham, Asharov, and Yanai TCC’21], for \(C>n^3\), our results significantly improve the communication complexity from \({\mathcal {O}}(Cn^4\log n)\) to \({\mathcal {O}}(Cn\log n)\) while keeping the expected run time at \({\mathcal {O}}(D)\).
One salient part of our technical contribution is centered around a new primitive we call detectable secret sharing. It is perfectly-hiding, weakly-binding, and has the property that either reconstruction succeeds, or \({\mathcal {O}}(n)\) parties are (privately) detected. On the one hand, we show that detectable secret sharing is sufficiently powerful to generate multiplication triplets needed for MPC. On the other hand, we show how to share p secrets via detectable secret sharing with communication complexity of just \({\mathcal {O}}(n^4\log n+p \log n)\). When sharing \(p\ge n^4\) secrets, the communication cost is amortized to just \({\mathcal {O}}(1)\) per secret.
Our second technical contribution is a new Verifiable Secret Sharing protocol that can share p secrets at just \({\mathcal {O}}(n^4\log n+pn\log n)\) word complexity. When sharing \(p\ge n^3\) secrets, the communication cost is amortized to just \({\mathcal {O}}(n)\) per secret. The best prior required \({\mathcal {O}}(n^3)\) communication per secret.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Our actual parameters are further optimized to pack more secrets.
- 2.
Again, in the actual construction we will use different dimensions, but we keep using a bivariate polynomial with degree \(t+t/4\) in both x and y for simplicity.
- 3.
To ease understanding and notion, we sometimes expect to receive from the adversary some sets or inputs that satisfy some conditions. We do not necessarily verify the conditions in the functionality, and this is without loss of generality. For instance, in this step we require that the adversary sends a set \(\textsf{CONFLICTS}\) such that \(\textsf{CONFLICTS}\cap { \mathsf ZEROS}= \emptyset \). Instead, we can enforce that this is the case by resetting: \(\textsf{CONFLICTS}= \textsf{CONFLICTS}\setminus { \mathsf ZEROS}\).
- 4.
If not all honest parties send shares that lie on the same bivariate polynomial, or not all send inputs that satisfy the input assumptions as described, then no security is guaranteed. This can be formalized as follows. If the input assumptions do not hold, then the functionality sends to the adversary all the inputs of all honest parties, and lets the adversary to singlehandedly determine all outputs of all honest parties. This makes the protocol vacuously secure (since anything can be simulated).
References
Abraham, I., Asharov, G., Patil, S., Patra, A.: Asymptotically free broadcast in constant expected time via packed vss. In: TCC (2022). https://doi.org/10.1007/978-3-031-22318-1_14
Abraham, I., Asharov, G., Yanai, A.: Efficient perfectly secure computation with optimal resilience. In: Theory of Cryptography (2021). https://doi.org/10.1007/978-3-030-90453-1_3
Abraham, I., Dolev, D., Halpern, J.Y.: An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience. In: PODC 2008 (2008). https://doi.org/10.1145/1400751.1400804
Anirudh, C., Choudhury, A., Patra, A.: A survey on perfectly-secure verifiable secret-sharing. Cryptology ePrint Archive (2021)
Asharov, G., Cohen, R., Shochat, O.: Static vs. adaptive security in perfect MPC: a separation and the adaptive security of BGW. In: 3rd Conference on Information-Theoretic Cryptography, ITC 2022 (2022)
Asharov, G., Lindell, Y.: A full proof of the BGW protocol for perfectly secure multiparty computation. J. Cryptol. 30(1), 58–151 (2015). https://doi.org/10.1007/s00145-015-9214-4
Asharov, G., Lindell, Y., Rabin, T.: Perfectly-secure multiplication for any \(t < n/3\). In: Advances in Cryptology - CRYPTO 2011 (2011). https://doi.org/10.1007/978-3-642-22792-9_14
Bangalore, L., Choudhury, A., Patra, A.: Almost-surely terminating asynchronous byzantine agreement revisited. In: 2018 ACM Symposium on Principles of Distributed Computing, PODC. ACM (2018). https://doi.org/10.1145/3212734.3212735
Bangalore, L., Choudhury, A., Patra, A.: The power of shunning: Efficient asynchronous byzantine agreement revisited*. J. ACM (2020)
Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Annual International Cryptology Conference (1991). https://doi.org/10.1007/3-540-46766-1_34
Beerliova-Trubiniova, Z., Hirt, M.: Efficient multi-party computation with dispute control. In: Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4–7 2006, Proceedings 3, pp. 305–328 (2006). https://doi.org/10.1007/11681878_16
Beerliová-Trubíniová, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Theory of Cryptography Conference (2008). https://doi.org/10.1007/978-3-540-78524-8_13
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Annual ACM Symposium on Theory of Computing (1988). https://doi.org/10.1145/62212.62213
Ben-Sasson, E., Fehr, S., Ostrovsky, R.: Near-linear unconditionally-secure multiparty computation with a dishonest minority. In: Advances in Cryptology-CRYPTO 2012: 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, 19–23 August 2012. Proceedings, pp. 663–680 (2012). https://doi.org/10.1007/978-3-642-32009-5_39
Berman, P., Garay, J.A., Perry, K.J.: Bit optimal distributed consensus. In: Computer science (1992)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS (2001). https://doi.org/10.1109/SFCS.2001.959888
Canetti, R., Damgaard, I., Dziembowski, S., Ishai, Y., Malkin, T.: On adaptive vs. non-adaptive security of multiparty protocols. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 262–279. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_17
Canetti, R., Damgard, I., Dziembowski, S., Ishai, Y., Malkin, T.: Adaptive versus non-adaptive security of multi-party protocols. J. Cryptol. 17(3), 153–207 (2004). https://doi.org/10.1007/s00145-004-0135-x
Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: 20th Annual ACM Symposium on Theory of Computing (1988). https://doi.org/10.1145/62212.62214
Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: 26th Annual Symposium on Foundations of Computer Science (1985). https://doi.org/10.1109/SFCS.1985.64
Choudhury, A.: Protocols for Reliable and Secure Message Transmission. Ph.D. thesis, Citeseer (2010)
Choudhury, A., Patra, A.: An efficient framework for unconditionally secure multiparty computation. IEEE Trans. Inf. Theory. 63, 428–468 (2016)
Coan, B.A., Welch, J.L.: Modular construction of nearly optimal byzantine agreement protocols. In: ACM Symposium on Principles of distributed computing (1989). https://doi.org/10.1145/72981.73002
Cramer, R., Damgård, I., Maurer, U.: General secure multi-party computation from any linear secret-sharing scheme. In: International Conference on the Theory and Applications of Cryptographic Techniques (2000). https://doi.org/10.1007/3-540-45539-6_22
Feldman, P., Micali, S.: Optimal algorithms for byzantine agreement. In: 20th Annual ACM Symposium on Theory of Computing (1988). https://doi.org/10.1145/62212.62225
Feldman, P.N.: Optimal algorithms for Byzantine agreement. Ph.D. thesis, Massachusetts Institute of Technology (1988)
Fischer, M.J., Lynch, N.A.: A lower bound for the time to assure interactive consistency. Inf. Process. Lett. (1982)
Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: 24th Annual ACM Symposium on Theory of Computing (1992). https://doi.org/10.1145/129712.129780
Gennaro, R., Rabin, M.O., Rabin, T.: Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In: ACM Symposium on Principles of Distributed Computing (1998). https://doi.org/10.1145/277697.277716
Goyal, V., Liu, Y., Song, Y.: Communication-efficient unconditional MPC with guaranteed output delivery. In: Annual International Cryptology Conference (2019). https://doi.org/10.1007/978-3-030-26951-7_4
Goyal, V., Song, Y., Zhu, C.: Guaranteed output delivery comes free in honest majority MPC. In: Advances in Cryptology-CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part II, pp. 618–646 (2020). https://doi.org/10.1007/978-3-030-56880-1_22
Hirt, M., Maurer, U., Przydatek, B.: Efficient secure multi-party computation. In: International Conference on the Theory and Application of Cryptology and Information Security (2000). https://doi.org/10.1007/3-540-44448-3_12
Katz, J., Koo, C.: On expected constant-round protocols for byzantine agreement. In: Annual International Cryptology Conference (2006). https://doi.org/10.1007/11818175_27
Kushilevitz, E., Lindell, Y., Rabin, T.: Information-theoretically secure protocols and security under composition. In: 38th Annual ACM Symposium on Theory of Computing (2006). https://doi.org/10.1145/1132516.1132532
MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error Correcting Codes, vol. 16. Elsevier (1977)
Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: ACM Symposium on Theory of Computing (1989). https://doi.org/10.1145/73007.73014
Acknowledgements
Gilad Asharov is sponsored by the Israel Science Foundation (grant No. 2439/20), by JPM Faculty Research Award, and by the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 891234. Shravani Patil would like to acknowledge the support of DST National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS) 2020–2025. Arpita Patra would like to acknowledge the support of DST National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS) 2020–2025, Google India Faculty Award, and JPM Faculty Research Award.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Abraham, I., Asharov, G., Patil, S., Patra, A. (2023). Detect, Pack and Batch: Perfectly-Secure MPC with Linear Communication and Constant Expected Time. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14005. Springer, Cham. https://doi.org/10.1007/978-3-031-30617-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-30617-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30616-7
Online ISBN: 978-3-031-30617-4
eBook Packages: Computer ScienceComputer Science (R0)
