Two-Party Computing with Encrypted Data (original) (raw)
Related papers
Efficient Two-Party Secure Computation on Committed Inputs
Lecture Notes in Computer Science, 2007
We present an efficient construction of Yao's "garbled circuits" protocol for securely computing any two-party circuit on committed inputs. The protocol is secure in a universally composable way in the presence of malicious adversaries under the decisional composite residuosity (DCR) and strong RSA assumptions, in the common reference string model. The protocol requires a constant number of rounds (four-five in the standard model, two-three in the random oracle model, depending on whether both parties receive the output), O(|C|) modular exponentiations per player, and a bandwidth of O(|C|) group elements, where |C| is the size of the computed circuit. Our technical tools are of independent interest. We propose a homomorphic, semantically secure variant of the Camenisch-Shoup verifiable cryptosystem, which uses shorter keys, is unambiguous (it is infeasible to generate two keys which successfully decrypt the same ciphertext), and allows efficient proofs that a committed plaintext is encrypted under a committed key. Our second tool is a practical four-round (two-round in ROM) protocol for committed oblivious transfer on strings (string-COT) secure against malicious participants. The string-COT protocol takes a few exponentiations per player, and is UC-secure under the DCR assumption in the common reference string model. Previous protocols of comparable efficiency achieved either committed OT on bits, or standard (non-committed) OT on strings.
A New Approach to Practical Active-Secure Two-Party Computation
Lecture Notes in Computer Science, 2012
We propose a new approach to practical two-party computation secure against an active adversary. All prior practical protocols were based on Yao's garbled circuits. We use an OT-based approach and get efficiency via OT extension in the random oracle model. To get a practical protocol we introduce a number of novel techniques for relating the outputs and inputs of OTs in a larger construction. We also report on an implementation of this approach, that shows that our protocol is more efficient than any previous one: For big enough circuits, we can evaluate more than 20000 Boolean gates per second. As an example, evaluating one oblivious AES encryption (∼ 34000 gates) takes 64 seconds, but when repeating the task 27 times it only takes less than 3 seconds per instance.
Outsourcing Secure Two-Party Computation as a Black Box
Lecture Notes in Computer Science, 2015
Secure multiparty computation (SMC) offers a technique to preserve functionality and data privacy in mobile applications. Current protocols that make this costly cryptographic construction feasible on mobile devices securely outsource the bulk of the computation to a cloud provider. However, these outsourcing techniques are built on specific secure computation assumptions and tools, and applying new SMC ideas to the outsourced setting requires the protocols to be completely rebuilt and proven secure. In this work, we develop a generic technique for lifting any secure two-party computation protocol into an outsourced two-party SMC protocol. By augmenting the function being evaluated with auxiliary consistency checks and input values, we can create an outsourced protocol with low overhead cost. Our implementation and evaluation show that in the best case, our outsourcing additions execute within the confidence intervals of two servers running the same computation, and consume approximately the same bandwidth. In addition, the mobile device itself uses minimal bandwidth over a single round of communication. This work demonstrates that efficient outsourcing is possible with any underlying SMC scheme, and provides an outsourcing protocol that is efficient and directly applicable to current and future SMC techniques.
Non-Interactive Secure Multiparty Computation
Advances in Cryptology – CRYPTO 2014, 2014
We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f (x1,. .. , xn) is specified by a joint probability distribution R = (R1,. .. , Rn) and local encoding functions Enci(xi, ri), 1 ≤ i ≤ n. Given correlated randomness (r1,. .. , rn) ∈R R, each party Pi, using its input xi and its randomness ri, computes the message mi = Enci(xi, ri). The messages m1,. .. , mn can be used to decode f (x1,. .. , xn). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages (Enci(xi, ri)) i ∈T together with the randomness (ri)i∈T gives the same information about (xi) i ∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest:
MISC: Multi-Input Secure Two-Party Computation
The ISC International Journal of Information Security, 2023
Secure multi-party computation (MPC) allows a group of parties to compute a function on their private inputs securely. Classic MPC protocols for two parties use Yao's garbled circuit (GC) or the Goldreich-Micali-Wigderson (GMW) protocol. In this paper, we propose MISC, a multi-input secure computation protocol, by combining GC and GMW in a novel way. MISC can evaluate multi-input AND gates, which can reduce the round complexity. Moreover, MISC reduces the communication overhead by 1.7× and 2.4× for 2-input and by 2× and 2.8× for 4-input AND gates compared to the state-of-the-art GMW-style and GC-style protocols, respectively. In order to use the MISC efficiently in different applications, we redesign common building blocks with multi-input AND gates such as Equality checking, Maxpool, Comparison, and Argmax/Argmin. Results on privacy-preserving applications, e.g., circuit-based private set intersection (PSI) and private machine learning (CNN inference), show that compared to GMW, MISC improves the total communication overhead by 3× and the total run time by 1.5×. https://www.isecure-journal.com/article\_170893.html
Private function evaluation by local two-party computation
EURASIP Journal on Information Security, 2015
Information processing services are becoming increasingly pervasive, such as is demonstrated by the Internet of Things or smart grids. Given the importance that these services have reached in our daily life, the demand for security and privacy in the data processing appears equally large. Preserving the privacy of data during its processing is a challenging issue that has led to ingenious new cryptographic solutions, such as fully homomorphic encryption (to name only one). An optimal cryptographic support for private data processing must in any case be scalable and lightweight. To this end, we discuss the application of standard (off-the-shelf) cryptography to enable the computation of any function under permanent disguise (encryption). Using a local form of multiparty computation (essentially in a non-distributed fashion), we show how to execute any data processing algorithm in complete privacy. Our solution can, for example, be used with smart grid equipment, when small hardware security modules are locally available (such as in smart meters).
Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation
We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function.
Secure Computation Without Authentication
Journal of Cryptology, 2011
Research on secure multiparty computation has mainly concentrated on the case where the parties can authenticate each other and the communication between them. This work addresses the question of what security can be guaranteed when authentication is not available. We consider a completely unauthenticated setting, where all messages sent by the parties may be tampered with and modified by the adversary without the uncorrupted parties being able to detect this fact. In this model, it is not possible to achieve the same level of security as in the authenticated-channel setting. Nevertheless, we show that meaningful security guarantees can be provided: Essentially, all the adversary can do is to partition the network into disjoint sets, where in each set the computation is secure in of itself, and also independent of the computation * An extended abstract of this paper appeared in the proceedings of CRYPTO 2005. † Work partially carried out while at IBM T.J. Watson. ‡ Work carried out while at IBM T.J. Watson. § Work partially carried out while at IBM T.J. Watson. ¶ Work partially carried out while at IBM T.J. Watson, and partially supported by an Akamai Presidential Fellowship. © International Association for Cryptologic Research 2010 Secure Computation Without Authentication 721
Secure Multi-party Computation Minimizing Online Rounds
Advances in Cryptology – ASIACRYPT 2009, 2009
Multi-party secure computations are general important procedures to compute any function while keeping the security of private inputs. In this work we ask whether preprocessing can allow low latency (that is, small round) secure multi-party protocols that are universally-composable (UC). In particular, we allow any polynomial time preprocessing as long as it is independent of the exact circuit and actual inputs of the specific instance problem to solve, with only a bound k on the number of gates in the circuits known. To address the question, we first define the model of "Multi-Party Computation on Encrypted Data" (MP-CED), implicitly described in [FH96, JJ00, CDN01, DN03]. In this model, computing parties establish a threshold public key in a preprocessing stage, and only then private data, encrypted under the shared public key, is revealed. The computing parties then get the computational circuit they agree upon and evaluate the circuit on the encrypted data. The MP-CED model is interesting since it is well suited for modern computing environments, where many repeated computations on overlapping data are performed. We present two different round-efficient protocols in this model:-The first protocol generates k garbled gates in the preprocessing stage and requires only two (online) rounds.-The second protocol generates a garbled universal circuit of size O(k log k) in the preprocessing stage, and requires only one (online) round (i.e., an obvious lower bound), and therefore it can run asynchronously. Both protocols are secure against an active, static adversary controlling any number of parties. When the fraction of parties the adversary can corrupt is less than half, the adversary cannot force the protocols to abort. The MP-CED model is closely related to the general Multi-Party Computation (MPC) model and, in fact, both can be reduced to each other. The first (resp. second) protocol above naturally gives protocols for three-round (resp. two-round) universally composable MPC secure against active, static adversary controlling any number of parties (with preprocessing).