Paper 2024/503
Two Levels are Better than One: Dishonest Majority MPC with $\widetilde{O}(|C|)$ Total Communication
Abstract
In recent years, there has been tremendous progress in improving the communication complexity of dishonest majority MPC. In the sub-optimal corruption threshold setting, where $t<(1-\varepsilon)\cdot n$ for some constant $0<\varepsilon\leq 1/2$, the recent works Sharing Transformation (Goyal $\textit{et al.}$, CRYPTO'22) and SuperPack (Escudero $\textit{et al.}$, EUROCRYPT'23) presented protocols with information-theoretic online phases achieving $O(1)$ communication per multiplication gate, across all parties. However, the former assumes that their offline phase is instantiated by a trusted party, while the latter instantiates their offline phase with $\Omega(n)$ communication per multiplication gate assuming oblivious linear evaluation (OLE) correlations. In this work, we present a dishonest majority MPC protocol for $t< (1-\varepsilon)\cdot n$ with $\widetilde{O}(1)$ total communication per multiplication gate across both the offline and online phases, or $\widetilde{O}(|C|)$ total communication for any arithmetic circuit $C$. To do so, we securely instantiate the offline phase of Sharing Transformation, assuming some OLE correlations. The major bottleneck in instantiating the offline phases of both Sharing Transformation and SuperPack is generating random packed beaver triples of the form $[\boldsymbol{a}], [\boldsymbol{b}], [\boldsymbol{c}]$, for random $\boldsymbol{a},\boldsymbol{b}\in\mathbb{F}^k$, and $\boldsymbol{c}=\boldsymbol{a}*\boldsymbol{b}\in\mathbb{F}^k$, where $k=\Omega(n)$ is the $\textit{packing parameter}$. We overcome this barrier by presenting a packed beaver triple protocol with $\widetilde{O}(n)$ total communication, or $\widetilde{O}(1)$ communication per underlying triple. Our packed beaver triple protocol consists of two levels of randomness extraction. The first level uses a relaxation of super-invertible matrices that we introduce, called $\textit{weakly}$ super-invertible matrices, in which sub-matrices have sufficiently high (but not necessarily full) rank. This weakening enables matrix constructions with only $O(n)$ non-zero entries, which is a primary reason for the efficiency of our protocol. Our second level of extraction is based on the $\textit{triple extraction}$ protocol of (Choudhury and Patra, Trans. Inform. Theory '17).
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- MPCDishonest MajorityConstant CommunicationPacked Secret-SharingWeakly Super-Invertible Matrices
- Contact author(s)
-
abienstock @ cs nyu edu
kwlyeo @ google com - History
- 2024-04-01: revised
- 2024-03-29: received
- See all versions
- Short URL
- https://ia.cr/2024/503
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/503, author = {Alexander Bienstock and Kevin Yeo}, title = {Two Levels are Better than One: Dishonest Majority {MPC} with $\widetilde{O}(|C|)$ Total Communication}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/503}, year = {2024}, url = {https://eprint.iacr.org/2024/503} }