Paper 2024/1479
Honest Majority GOD MPC with $O(\mathsf{depth}(C))$ Rounds and Low Online Communication
Abstract
In the context of secure multiparty computation (MPC) protocols with guaranteed output delivery (GOD) for the honest majority setting, the state-of-the-art in terms of communication is the work of (Goyal et al. CRYPTO'20), which communicates O(n|C|) field elements, where |C| is the size of the circuit being computed and n is the number of parties. Their round complexity, as usual in secret-sharing based MPC, is proportional to O(depth(C)), but only in the optimistic case where there is no cheating. Under attack, the number of rounds can increase to \Omega(n^2) before honest parties receive output, which is undesired for shallow circuits with depth(C) << n^2. In contrast, other protocols that only require O(depth(C) rounds even in the worst case exist, but the state-of-the-art from (Choudhury and Patra, Transactions on Information Theory, 2017) still requires \Omega(n^4|C|) communication in the offline phase, and \Omega(n^3|C|) in the online (for both point-to-point and broadcast channels). We see there exists a tension between efficient communication and number of rounds. For reference, the recent work of (Abraham et al., EUROCRYPT'23) shows that for perfect security and t<n/3, protocols with both linear communication and O(depth(C)) rounds exist. We address this state of affairs by presenting a novel honest majority GOD protocol that maintains O(depth(C)) rounds, even under attack, while improving over the communication of the most efficient protocol in this setting by Choudhury and Patra. More precisely, our protocol has point-to-point (P2P) online communication of O(n|C|), accompanied by O(n|C|) broadcasted (BC) elements, while the offline has O(n^3|C|) P2P communication with O(n^3|C|) BC. This improves over the previous best result, and reduces the tension between communication and round complexity. Our protocol is achieved via a careful use of packed secret-sharing in order to improve the communication of existing verifiable secret-sharing approaches, although at the expense of weakening their robust guarantees: reconstruction of shared values may fail, but only if the adversary gives away the identities of many corrupt parties. We show that this less powerful notion is still useful for MPC, and we use this as a core building block in our construction. Using this weaker VSS, we adapt the recent secure-with-abort Turbopack protocol (Escudero et al. CCS'22) to the GOD setting without significantly sacrificing in efficiency.
Metadata
- Available format(s)
- Category
- Foundations
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2024
- Keywords
- MPCHonest MajorityGOD
- Contact author(s)
-
amita2 @ illinois edu
alex bienstock @ jpmchase com
ivan @ cs au dk
daniel escudero @ protonmail com - History
- 2024-09-24: approved
- 2024-09-21: received
- See all versions
- Short URL
- https://ia.cr/2024/1479
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1479, author = {Amit Agarwal and Alexander Bienstock and Ivan Damgård and Daniel Escudero}, title = {Honest Majority {GOD} {MPC} with $O(\mathsf{depth}(C))$ Rounds and Low Online Communication}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1479}, year = {2024}, url = {https://eprint.iacr.org/2024/1479} }