Paper 2024/283

Toward Malicious Constant-Rate 2PC via Arithmetic Garbling

Carmit Hazay, Bar-Ilan University
Yibin Yang, Georgia Institute of Technology
Abstract

A recent work by Ball, Li, Lin, and Liu [Eurocrypt'23] presented a new instantiation of the arithmetic garbling paradigm introduced by Applebaum, Ishai, and Kushilevitz [FOCS'11]. In particular, Ball et al.'s garbling scheme is the first constant-rate garbled circuit over large enough bounded integer computations, inferring the first constant-round constant-rate secure two-party computation (2PC) over bounded integer computations in the presence of semi-honest adversaries. The main source of difficulty in lifting the security of garbling schemes-based protocols to the malicious setting lies in proving the correctness of the underlying garbling scheme. In this work, we analyze the security of Ball et al.'s scheme in the presence of malicious attacks. - We demonstrate an overflow attack, which is inevitable in this computational model, even if the garbled circuit is fully correct. Our attack follows by defining an adversary, corrupting either the garbler or the evaluator, that chooses a bad input and causes the computation to overflow, thus leaking information about the honest party's input. By utilizing overflow attacks, we show that -bit leakage is necessary for achieving security against a malicious garbler, discarding the possibility of achieving full malicious security in this model. We further demonstrate a wider range of overflow attacks against a malicious evaluator with more than bit of leakage. - We boost the security level of Ball et al.'s scheme by utilizing two variants of Vector Oblivious Linear Evaluation, denoted by VOLEc and aVOLE. We present the first constant-round constant-rate 2PC protocol over bounded integer computations, in the presence of a malicious garbler with -bit leakage and a semi-honest evaluator, in the {VOLEc,aVOLE}-hybrid model and being black-box in the underlying group and ring. Compared to the semi-honest variant, our protocol incurs only a constant factor overhead, both in computation and communication. The constant-round and constant-rate properties hold even in the plain model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in EUROCRYPT 2024
Keywords
Arithmetic GCConstant-rate 2PCMalicious security
Contact author(s)
Carmit Hazay @ biu ac il
yyang811 @ gatech edu
History
2024-02-23: approved
2024-02-20: received
See all versions
Short URL
https://ia.cr/2024/283
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/283,
      author = {Carmit Hazay and Yibin Yang},
      title = {Toward Malicious Constant-Rate {2PC} via Arithmetic Garbling},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/283},
      year = {2024},
      url = {https://eprint.iacr.org/2024/283}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.