Paper 2023/1006
Reusable Secure Computation in the Plain Model
Abstract
Consider the standard setting of twoparty computation where the sender has a secret function $f$ and the receiver has a secret input $x$ and the output $f(x)$ is delivered to the receiver at the end of the protocol. Let us consider the unidirectional message model where only one party speaks in each round. In this setting, Katz and Ostrovsky (Crypto 2004) showed that at least four rounds of interaction between the parties are needed in the plain model (i.e., no trusted setup) if the simulator uses the adversary in a blackbox way (a.k.a. blackbox simulation). Suppose the sender and the receiver would like to run multiple sequential iterations of the secure computation protocol on possibly different inputs. For each of these iterations, do the parties need to start the protocol from scratch and exchange four messages? In this work, we explore the possibility of \textit{amortizing} the round complexity or in other words, \textit{reusing} a certain number of rounds of the secure computation protocol in the plain model. We obtain the following results. 1. Under standard cryptographic assumptions, we construct a fourround twoparty computation protocol where (i) the first three rounds of the protocol could be reused an unbounded number of times if the receiver input remains the same and only the sender input changes, and (ii) the first two rounds of the protocol could be reused an unbounded number of times if the receiver input needs to change as well. In other words, the sender sends a single additional message if only its input changes, and in the other case, we need one message each from the receiver and the sender. The number of additional messages needed in each of the above two modes is optimal and, additionally, our protocol allows arbitrary interleaving of these two modes. 2. We also extend these results to the multiparty setting (in the simultaneous message exchange model) and give roundoptimal protocols such that (i) the first two rounds could be reused an unbounded number of times if the inputs of the parties need to change and (ii) the first three rounds could be reused an unbounded number of times if the inputs remain the same but the functionality to be computed changes. As in the twoparty setting, we allow arbitrary interleaving of the above two modes of operation.
Metadata
 Available format(s)
 Category
 Foundations
 Publication info
 A minor revision of an IACR publication in CRYPTO 2023
 Keywords
 Reusable secure computationplain modelround optimalreusable zeroknowledgereusable oblivious transfer
 Contact author(s)

vipul @ cmu edu
akshayram1993 @ gmail com
mingyuan @ berkeley edu  History
 20230629: approved
 20230628: received
 See all versions
 Short URL
 https://ia.cr/2023/1006
 License

CC BY
BibTeX
@misc{cryptoeprint:2023/1006, author = {Vipul Goyal and Akshayaram Srinivasan and Mingyuan Wang}, title = {Reusable Secure Computation in the Plain Model}, howpublished = {Cryptology ePrint Archive, Paper 2023/1006}, year = {2023}, note = {\url{https://eprint.iacr.org/2023/1006}}, url = {https://eprint.iacr.org/2023/1006} }