Sublinear Distributed Product Checks on Replicated Secret-Shared Data over $\mathbb{Z}_{2^k}$ Without Ring Extensions

Yun Li; Daniel Escudero; Yufei Duan; Zhicong Huang; Cheng Hong; Chao Zhang; Yifan Song

Paper 2024/700

Sublinear Distributed Product Checks on Replicated Secret-Shared Data over $\mathbb{Z}_{2^k}$ Without Ring Extensions

Yun Li, Ant Group

Daniel Escudero, J.P. Morgan AI Research & J.P. Morgan AlgoCRYPT CoE

Yufei Duan, Tsinghua University

Zhicong Huang, Ant Group

Cheng Hong, Ant Group

Chao Zhang, Tsinghua University

Yifan Song, Tsinghua University

Abstract

Multiple works have designed or used maliciously secure honest majority MPC protocols over $\mathbb{Z}_{2^k}$ using replicated secret sharing (e.g. Koti et al. USENIX'21). A recent trend in the design of such MPC protocols is to first execute a semi-honest protocol, and then use a check that verifies the correctness of the computation requiring only sublinear amount of communication in terms of the circuit size. The so-called Galois ring extensions are needed in order to execute such checks over $\mathbb{Z}_{2^k}$, but these rings incur incredibly high computation overheads, which completely undermine any potential benefits the ring $\mathbb{Z}_{2^k}$ had to begin with. In this work we revisit the task of designing sublinear distributed product checks on replicated secret-shared data over $\mathbb{Z}_{2^k}$ among three parties with an honest majority. We present a novel technique for verifying the correctness of a set of multiplication (in fact, inner product) triples, involving a sublinear cost in terms of the number of multiplications. Most importantly, unlike previous works, our tools do not rely on Galois ring extensions, which are computationally expensive, and only require computation over rings of the form $\mathbb{Z}_{2^\ell}$. In terms of communication, our checks are $3\sim 5\times$ lighter than existing checks using ring extensions, which is already quite remarkable. However, our most noticeable improvement is in terms of computation: our checks are $17.7\sim 44.2\times$ better than previous approaches, for many parameter regimes of interest. Our experimental results show that checking a 10 million gate circuit with the 3PC protocol from Boyle et al. (CCS'19) takes about two minutes, while our approach takes only 2.82 seconds. Finally, our techniques are not restricted to the three-party case, and we generalize them to replicated secret-sharing with an arbitrary number of parties $n$. Even though the share size in this scheme grows exponentially with $n$, prior works have used it for $n=4$ or $n=5$ --- or even general $n$ for feasibility results --- and our distributed checks also represent improvements in these contexts.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Published elsewhere. Major revision. CCS 2024
DOI: https://doi.org/10.1145/3658644.3690260
Keywords: Secure Computation Malicious Security Distributed Zero-knowledge Proofs
Contact author(s): liyun24 @ antgroup com
daniel escudero @ protonmail com
dyf23 @ mails tsinghua edu cn
zhicong hzc @ antgroup com
vince hc @ antgroup com
chaoz @ tsinghua edu cn
yfsong @ mail tsinghua edu cn
History: 2024-09-05: revised; 2024-05-07: received; See all versions
Short URL: https://ia.cr/2024/700
License: CC BY

BibTeX

@misc{cryptoeprint:2024/700,
      author = {Yun Li and Daniel Escudero and Yufei Duan and Zhicong Huang and Cheng Hong and Chao Zhang and Yifan Song},
      title = {Sublinear Distributed Product Checks on Replicated Secret-Shared Data over $\mathbb{Z}_{2^k}$ Without Ring Extensions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/700},
      year = {2024},
      doi = {https://doi.org/10.1145/3658644.3690260},
      url = {https://eprint.iacr.org/2024/700}
}