Information-Theoretic Conditions for Two-Party Secure Function Evaluation (original) (raw)
Related papers
Statistical Security Conditions for Two-Party Secure Function Evaluation
Lecture Notes in Computer Science, 2008
To simplify proofs in information-theoretic security, the standard security definition of two-party secure function evaluation based on the real/ideal model paradigm is often replaced by an informationtheoretic security definition. At EUROCRYPT 2006, we showed that most of these definitions had some weaknesses, and presented new information-theoretic conditions that were equivalent to a simulation-based definition in the real/ideal model. However, there we only considered the perfect case, where the protocol is not allowed to make any error, which has only limited applications. We generalize these results to the statistical case, where the protocol is allowed to make errors with a small probability. Our results are based on a new measure of information that we call the statistical information, which may be of independent interest.
Communication preserving protocols for secure function evaluation
Proceedings of the thirty-third annual ACM symposium on Theory of computing - STOC '01, 2001
Page 1. Communication Preserving Protocols for Secure Function Evaluation Moni Naor * Kobbi Nissim Department of Computer Science and Applied Mathematics Weizmann Institute of Science, Rehovot 76100, Israel naor, kobbi@wisdom.weizmann.ac.il ...
An Efficient 2-Party Private Function Evaluation Protocol Based on Half Gates
The Computer Journal, 2018
Private function evaluation (PFE) is a special case of secure multi-party computation (MPC), where the function to be computed is known by only one party. PFE is useful in several real-life applications where an algorithm or a function itself needs to remain secret for reasons such as protecting intellectual property or security classification level. In this paper, we focus on improving 2-party PFE based on symmetric cryptographic primitives. In this respect, we look back at the seminal PFE framework presented by Mohassel and Sadeghian at Eurocrypt'13. We show how to adapt and utilize the well-known half gates garbling technique (Zahur et al., Eurocrypt'15) to their constant round 2-party PFE scheme. Compared to their scheme, our resulting optimization significantly improves the efficiency of both the underlying Oblivious Evaluation of Extended Permutation (OEP) and secure 2party computation (2PC) protocols, and yields a more than 40% reduction in overall communication cost (the computation time is also slightly decreased, and the number of rounds remains unchanged).
On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions
Journal of Cryptology, 2006
The recently proposed universally composable security framework for analyzing security of cryptographic protocols provides very strong security guarantees. In particular, a protocol proven secure in this framework is guaranteed to maintain its security even when run concurrently with arbitrary other protocols. It has been shown that if a majority of the parties are honest, then universally composable protocols exist for essentially any cryptographic task in the plain model (i.e., with no set-up assumptions beyond that of authenticated communication). When honest majority is not guaranteed, general feasibility results are known only when given a trusted set-up, such as in the common reference string model. Only little was known regarding the existence of universally composable protocols in the plain model without honest majority, and in particular regarding the important special case of two-party protocols.
Fairplay — A Secure Two-Party Computation System
2000
Advances in modern cryptography coupled with rapid growth in processing and communication speeds make secure two-party computation a realis- tic paradigm. Yet, thus far, interest in this paradigm has remained mostly theoretical. This paper introduces Fairplay (29), a full-fledged system that implements generic secure function eval- uation (SFE). Fairplay comprises of a high level pro- cedural definition language called SFDL
Highly Efficient and Reusable Private Function Evaluation with Linear Complexity
IACR Cryptol. ePrint Arch., 2018
Private function evaluation aims to securely compute a function f(x1, . . . , xn) without leaking any information other than what is revealed by the output, where f is a private input of one of the parties (say Party1) and xi is a private input of the i-th party Partyi. In this work, we propose a novel and secure two-party private function evaluation (2PFE) scheme based on the DDH assumption. Our scheme introduces a reusability feature that significantly improves the state-of-the-art. Accordingly, our scheme has two variants, one is utilized in the initial execution of the function f , and the other is utilized in its subsequent evaluations. To the best of our knowledge, this is the first and most efficient 2PFE scheme that enjoys a reusablity feature. Our protocols achieve linear communication and computation complexities and a constant number of rounds which is at most three.
Partial Fairness in Secure Two-Party Computation
2012
A seminal result of Cleve (STOC '86) is that, in general, complete fairness is impossible to achieve in two-party computation. In light of this, various techniques for obtaining partial fairness have been suggested in the literature. We propose a definition of partial fairness within the standard real-/ideal-world paradigm that addresses deficiencies of prior definitions. We also show broad feasibility results with respect to our definition: partial fairness is possible for any (randomized) functionality f : X × Y → Z 1 × Z 2 at least one of whose domains or ranges is polynomial in size. Our protocols are always private, and when one of the domains has polynomial size our protocols also simultaneously achieve the usual notion of security with abort. In contrast to some prior work, we rely on standard assumptions only.
More efficient secure function evaluation using tiny trusted third parties
… , Dartmouth University, Tech. Rep. TR2005-551, 2005
We investigate the use of trustworthy devices, which function as trusted third parties (TTPs), to solve general two-party Secure Function Evaluation (SFE) problems. We assume that a really trustworthy TTP device will have very limited protected memory and computation environment-a tiny TTP. This precludes trivial solutions like "just run the function in the TTP". Traditional scrambled circuit evaluation approaches to SFE have a very high overhead in using indirectly-addressed arrays-every array access's cost is linear in the array size. The main gain in our approach is that array access can be provided with much smaller overhead-O(√ N log N). This expands the horizon of problems which can be efficiently solved using SFE. Additionally, our technique provides a simple way to deploy arbitrary programs on tiny TTPs. In our prototype, we use a larger (and expensive) device, the IBM 4758 secure coprocessor, but we also speculate on the design of future tiny devices that could greatly improve the current prototype's efficiency by being optimized for the operations prevalent in our algorithms. We have prototyped a compiler for the secure function definition language (SFDL) developed in the Fairplay project. Our compiler produces an arithmetic circuit, augmented with array access gates which provide more efficient secure access to arrays. We then have a circuit interpreter in the 4758 to evaluate such a circuit on given inputs. It does this gate by gate, requiring very little protected space. We report on the performance of this prototype, which confirms our approach's strength in handling indirectly-addressed arrays.