The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs

Mihir Bellare; Rishabh Ranjan; Doreen Riepel; Ali Aldakheel

Paper 2024/1476

The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs

Mihir Bellare

, University of California, San Diego

Rishabh Ranjan

, University of California, San Diego

Doreen Riepel

, University of California, San Diego

Ali Aldakheel, King Abdulaziz City for Science and Technology

Abstract

This paper initiates a concrete-security treatment of two-party secure computation. The first step is to propose, as target, a simple, indistinguishability-based definition that we call InI. This could be considered a poor choice if it were weaker than standard simulation-based definitions, but it is not; we show that for functionalities satisfying a condition called invertibility, that we define and show is met by functionalities of practical interest like PSI and its variants, the two definitions are equivalent. Based on this, we move forward to study the concrete security of a canonical OPRF-based construction of PSI, giving a tight proof of InI security of the constructed PSI protocol based on the security of the OPRF. This leads us to the concrete security of OPRFs, where we show how different DH-style assumptions on the underlying group yield proofs of different degrees of tightness, including some that are tight, for the well-known and efficient 2H-DH OPRF, and thus for the corresponding DH PSI protocol. We then give a new PSI protocol, called salted-DH PSI, that is as efficient as DH-PSI, yet enjoys tighter proofs.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: A major revision of an IACR publication in ASIACRYPT 2024
Keywords: Secure computation PSI OPRF proof tightness.
Contact author(s): mbellare @ ucsd edu
riranjan @ ucsd edu
doreen riepel @ gmail com
amaldakheel @ kacst edu sa
History: 2024-09-21: revised; 2024-09-20: received; See all versions
Short URL: https://ia.cr/2024/1476
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1476,
      author = {Mihir Bellare and Rishabh Ranjan and Doreen Riepel and Ali Aldakheel},
      title = {The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for {PSI} and {OPRFs}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1476},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1476}
}