Non-Interactive Secure Multiparty Computation

Amos Beimel; Ariel Gabizon; Yuval Ishai; Eyal Kushilevitz; Sigurd Meldgaard; Anat Paskin-Cherniavsky

Paper 2014/960

Non-Interactive Secure Multiparty Computation

Amos Beimel, Ariel Gabizon, Yuval Ishai, Eyal Kushilevitz, Sigurd Meldgaard, and Anat Paskin-Cherniavsky

Abstract

We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function $f (x_{1}, \dots, x_{n})$ is specified by a joint probability distribution $R = (R_{1}, \dots, R_{n})$ and local encoding functions $E n c_{i} (x_{i}, R_{i})$ , $1 <= i <= n$ . Given correlated randomness $(R_{1}, \dots, R_{n}) \in_{R} R$ , each party $P_{i}$ , using its input $x_{i}$ and its randomness $R_{i}$ , computes the message $m_{i} = E n c_{i} (x_{i}, R_{i})$ . The messages $m_{1}, \dots, m_{n}$ can be used to decode $f (x_{1}, \dots, x_{n})$ . For a set $T \subseteq [n]$ , the protocol is said to be $T$ -robust if revealing the messages $(E n c_{i} (x_{i}, R_{i}))_{i \notin T}$ together with the randomness $(R_{i})_{i \in T}$ gives the same information about $(x_{i})_{i \notin T}$ as an oracle access to the function $f$ restricted to these input values. Namely, a coalition can learn no more than the restriction of fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For , the protocol is -robust if it is -robust for every of size at most and it is fully robust if it is -robust. A 0-robust NIMPC protocol for coincides with a protocol in the private simultaneous messages model of Feige et al.~(STOC 1994). In the setting of computational (indistinguishability-based) security, fully robust NIMPC is implied by multi-input functional encryption, a notion that was recently introduced by Goldwasser et al. (Eurocrypt 2014) and realized using indistinguishability obfuscation. We consider NIMPC in the information-theoretic setting and obtain unconditional positive results for some special cases of interest: Group products. For every (possibly non-abelian) finite group , the iterated group product function admits an efficient, fully robust NIMPC protocol. Small functions. Every function admits a fully robust NIMPC protocol whose complexity is polynomial in the size of the input domain (i.e., exponential in the total bit-length of the inputs). Symmetric functions. Every symmetric function , where is an input domain of constant size, admits a -robust NIMPC protocol of complexity . For the case where is a -out-of- threshold function, we get a fully robust protocol of complexity . On the negative side, we show that natural attempts to realize NIMPC using private simultaneous messages protocols and garbling schemes from the literature fail to achieve even 1-robustness.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: A major revision of an IACR publication in CRYPTO 2014
Keywords: secure multiparty computation obfuscation private simultaneous messages protocols randomized encoding of functions garbling schemes multi-input functional encryption
Contact author(s): amos beimel @ gmail com
History: 2014-11-25: received
Short URL: https://ia.cr/2014/960
License: CC BY

BibTeX

@misc{cryptoeprint:2014/960,
      author = {Amos Beimel and Ariel Gabizon and Yuval Ishai and Eyal Kushilevitz and Sigurd Meldgaard and Anat Paskin-Cherniavsky},
      title = {Non-Interactive Secure Multiparty Computation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/960},
      year = {2014},
      url = {https://eprint.iacr.org/2014/960}
}