Paper 2019/211

MonZa: Fast Maliciously Secure Two Party Computation on Z_{2^k}

Dario Catalano, Mario Di Raimondo, Dario Fiore, and Irene Giacomelli

Abstract

In this paper we present a new 2-party protocol for secure computation over rings of the form $\mathbb{Z}_{2^k}$. As many recent efficient MPC protocols supporting dishonest majority, our protocol consists of a heavier (input-independent) pre-processing phase and a very efficient online stage. Our offline phase is similar to BeDOZa (Bendlin et al. Eurocrypt 2011) but employs Joye-Libert (JL, Eurocrypt 2013) as underlying homomorphic cryptosystem and, notably, it can be proven secure without resorting to the expensive sacrifice step. JL turns out to be particularly well suited for the ring setting as it naturally supports $\mathbb{Z}_{2^k} $ as underlying message space. Moreover, it enjoys several additional properties (such has valid ciphertext-verifiability and efficiency) that make it a very good fit for MPC in general. As a main technical contribution we show how to take advantage of all these properties (and of more properties that we introduce in this work, such as a ZK proof of correct multiplication) in order to design a two-party protocol that is efficient, fast and easy to implement in practice. Our solution is particularly well suited for relatively large choices of $k$ (e.g., $k=128$), but compares favorably with the state of the art solution of SPDZ2k (Cramer et al. Crypto 2018) already for the practically very relevant case of $k=64$.