Cryptology ePrint Archive: Report 2013/593

One-Sided Adaptively Secure Two-Party Computation

Carmit Hazay and Arpita Patra

Abstract: Adaptive security is a strong security notion that captures additional security threats that are not addressed by static corruptions. For instance, it captures real-world scenarios where ``hackers'' actively break into computers, possibly while they are executing secure protocols. Studying this setting is interesting from both theoretical and practical points of view. A primary building block in designing adaptively secure protocols is a non-committing encryption (NCE) that implements secure communication channels in the presence of adaptive corruptions. Current constructions require a number of public key operations that grows linearly with the length of the message. Furthermore, general two-party protocols require a number of NCE calls that is linear in the circuit size.

In this paper we study the two-party setting in which at most one of the parties is adaptively corrupted, which we believe is the right security notion in the two-party setting. We study the feasibility of ({\bf 1}) NCE with constant number of public key operations for large message spaces. ({\bf 2}) Oblivious transfer with constant number of public key operations for large sender's input spaces, and ({\bf 3}) constant round secure computation protocols with a number of NCE calls, and an overall number of public key operations, that are independent of the circuit size. Our study demonstrates that such primitives indeed exist in the presence of single corruptions, while this is not known for fully adaptive security (where both parties may get corrupted).

Category / Keywords: cryptographic protocols / Secure Two-Party Computation, Adaptive Security, Non-Committing Encryption, Oblivious Transfer

Original Publication (with major differences): IACR-TCC-2014

Date: received 13 Sep 2013, last revised 18 Nov 2013

Contact author: arpitapatra10 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20131118:160529 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]