Two Round Information-Theoretic MPC with Malicious...
Transcript of Two Round Information-Theoretic MPC with Malicious...
![Page 1: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/1.jpg)
Two Round Information-Theoretic MPC with Malicious Security
Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain
TPMPC 2019
![Page 2: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/2.jpg)
Adversarial Model
![Page 3: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/3.jpg)
Adversarial Model
Malicious Adversary
![Page 4: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/4.jpg)
Adversarial Model
Malicious Adversary
Corrupts < "/2 parties (Honest Majority)
![Page 5: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/5.jpg)
Honest Majority MPC
![Page 6: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/6.jpg)
Honest Majority MPCInformation-Theoretic security is possible.
[Ben-Or, Goldwasser, Widgerson’88]
Typically UC secureSimulation proofs are typically straight-line
Round complexity lower bounds for dishonest majority do not apply 4 rounds necessary for dishonest majority in the plain model [Garg- Mukherjee-Pandey-Polychroniadou16]
Clean ConstructionsUse lightweight tools such as garbling and secret-sharing
![Page 7: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/7.jpg)
Honest Majority MPCInformation-Theoretic security is possible.
[Ben-Or, Goldwasser, Widgerson’88]
Typically UC secureSimulation proofs are typically straight-line
Round complexity lower bounds for dishonest majority do not apply 4 rounds necessary for dishonest majority in the plain model [Garg- Mukherjee-Pandey-Polychroniadou16]
Clean ConstructionsUse lightweight tools such as garbling and secret-sharing
![Page 8: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/8.jpg)
Honest Majority MPCInformation-Theoretic security is possible.
[Ben-Or, Goldwasser, Widgerson’88]
Typically UC secureSimulation proofs are typically straight-line
Round complexity lower bounds for dishonest majority do not apply 4 rounds necessary for dishonest majority in the plain model [Garg- Mukherjee-Pandey-Polychroniadou16]
Clean ConstructionsUse lightweight tools such as garbling and secret-sharing
![Page 9: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/9.jpg)
Honest Majority MPCInformation-Theoretic security is possible.
[Ben-Or, Goldwasser, Widgerson’88]
Typically UC secureSimulation proofs are typically straight-line
Round complexity lower bounds for dishonest majority do not apply 4 rounds necessary for dishonest majority in the plain model [Garg- Mukherjee-Pandey-Polychroniadou16]
Clean ConstructionsUse lightweight tools such as garbling and secret-sharing
![Page 10: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/10.jpg)
Honest Majority MPC: Applications
Useful for constructing efficient ZK-protocols.
![Page 11: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/11.jpg)
Honest Majority MPC: Applications
(Courtesy: Sergey Gorbunov’s talk)
![Page 12: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/12.jpg)
History of IT-MPC
Round Complexity
Class of Functions
Corruption Threshold
Adversary
[BGW’88] > # of multiplications
P/Poly t<n/2 Malicious
[BB’89, IK’00, AIK’06]
constant NC1 t<n/2 Malicious
[IKP’10] 2 NC1 t<n/3 Malicious[GIS’18, ABT’18] 2 NC1 t<n/2 Semi-honest
Security with selective abort
![Page 13: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/13.jpg)
Our Results
Round Complexity Class of Functions Corruption Threshold Adversary2 NC1 t<n/2 Malicious
Security with Abort over Broadcast + P2P
Security with Selective Abort over P2P
![Page 14: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/14.jpg)
Our Results
Round Complexity Class of Functions Corruption Threshold Adversary2 NC1 t<n/2 Malicious
Security with Abort over Broadcast + P2P
Security with Selective Abort over P2P
Concurrent Work [ABT19]
Consider security with selective abort.
![Page 15: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/15.jpg)
This Talk
Round Complexity Class of Functions Corruption Threshold Adversary2 NC1 t<n/2 Malicious
Security with Abort over Broadcast + P2P
Security with Selective Abort over P2P
![Page 16: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/16.jpg)
Our Strategy
2 Round IT-MPC(Privacy with Knowledge of
Outputs)
2 Round IT-MPC(Security with Abort)
Broadcast + P2P
Broadcast + P2P
Constant Round IT-MPC(Security with Abort)
Broadcast + P2P
Round Compression
Security Upgrade
![Page 17: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/17.jpg)
Security with Abort
Party 1
Party 2
Party 3
Trusted Party
!
![Page 18: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/18.jpg)
Security with Abort
!1
!2
!3Party 1
Party 2
Party 3
Trusted Party
%
![Page 19: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/19.jpg)
Security with Abort
!1
!2
!3
% = '(!1, !2, !3)
Party 1
Party 2
Party 3
Trusted Party
'
![Page 20: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/20.jpg)
Security with Abort
!1
!2
!3
% = '(!1, !2, !3)
%’ = % ,- ⊥Party 1
Party 2
Party 3
Trusted Party
'
![Page 21: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/21.jpg)
Security with Abort
!1
!2
!3
% = '(!1, !2, !3)
%’ = % ,- ⊥
%’
%’Party 1
Party 2
Party 3
Trusted Party
'
![Page 22: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/22.jpg)
Security with Abort
Privacy!2 and !3 remain hidden
$
![Page 23: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/23.jpg)
Security with Abort
Privacy!2 and !3 remain hidden
Output CorrectnessHonest Parties either output
$ !%, !', !( or ⊥
$
![Page 24: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/24.jpg)
Privacy with Knowledge of Outputs
Privacy!2 and !3 remain hidden
Output CorrectnessHonest Parties either output
$ !%, !', !( or ⊥
$
![Page 25: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/25.jpg)
First Step
2 Round IT-MPC(Privacy with Knowledge of
Outputs)
2 Round IT-MPC(Security with Abort)
Broadcast + P2P
Broadcast + P2P
Constant Round IT-MPC(Security with Abort)
Broadcast + P2P
Round Compression
Security Upgrade
![Page 26: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/26.jpg)
Using Signed Outputs [IKP10]
!"1"2"3
& = ! ("), "+, ",)
![Page 27: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/27.jpg)
Using Signed Outputs [IKP10]
!′#1, &'(, )'(
* = ! (#(, #-, #.)
#-,&'-, )'-#., &'., )'.
(&'(,0( = 1234 (*, )'1))(&'-,0- = 1234 (*, )'-))(&'.,0. = 1234 (*, )'.))
![Page 28: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/28.jpg)
!", $%", &%"', (), $%) , (", $%" , ((+, $%+)
Party 2Trusted Party
Security with abort: Using Signed Outputs
-./01'(', (", $%")1’
-./01'(', (), $%))
-./01'(', (+, $%+)
![Page 29: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/29.jpg)
!", $%", &%"', (), $%) , (", $%" , ((+, $%+)
Party 2Trusted Party
Security with abort: Using Signed Outputs
-’
Accept if all 3 verify
./01-'(', (", $%")
./01-'(', (), $%))
./01-'(', (+, $%+)
![Page 30: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/30.jpg)
Security with abort: Using Signed Outputs
!", $%", &%"', (), $%) , (", $%" , ((+, $%+)
Party 2Trusted Party
-’
Accept if all 3 verify
./01-'(', (", $%")
./01-'(', (), $%))
./01-'(', (+, $%+)
Digital signatures require one-way functions
![Page 31: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/31.jpg)
Security with abort: Using Signed Outputs
!", $%", &%"', (), $%) , (", $%" , ((+, $%+)
Party 2Trusted Party
-’
Accept if all 3 verify
./01-'(', (", $%")
./01-'(', (), $%))
./01-'(', (+, $%+)
Digital signatures require one-way functions
MACs are not sufficient
![Page 32: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/32.jpg)
Security with abort: Using Signed Outputs
!", $%", &%"', (), $%) , (", $%" , ((+, $%+)
Party 2Trusted Party
-’
Accept if all 3 verify
./01-'(', (", $%")
./01-'(', (), $%))
./01-'(', (+, $%+)
Digital signatures require one-way functions
How can we do it information theoretically?
MACs are not sufficient
![Page 33: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/33.jpg)
Our Tool: Multi-Key MAC
!"
!#
!$%
![Page 34: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/34.jpg)
Our Tool: Multi-Key MAC
! = #. %&'( ), +,, +-, +.
+,
+-
+.)
![Page 35: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/35.jpg)
Our Tool: Multi-Key MAC
!
!
!
! = #. %&'( ), +,, +-, +.
)
![Page 36: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/36.jpg)
Our Tool: Multi-Key MAC!.#$%&'( (*, ,, -.)
!. #$%&'( (*, ,, -0)
!. #$%&'( (*, ,, -1)
,
,
,
, = !. 3&45 *, -., -0, -1
*
![Page 37: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/37.jpg)
Our Tool: Multi-Key MAC (Correctness)
YES
YES
YES
!.#$%&'( (*, ,, -.)
!. #$%&'( (*, ,, -0)
!. #$%&'( (*, ,, -1)
,
,
,
, = !. 3&45 *, -., -0, -1
*
![Page 38: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/38.jpg)
Our Tool: Multi-Key MAC (Security)
!, "#, "%& = (. *+,- !, "., "#, "%
&".
![Page 39: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/39.jpg)
Our Tool: Multi-Key MAC (Security)
!, "#, "%& = (. *+,- !, "., "#, "%
&".
"#
!/, &’
(.012+34 (!′, &′, "#)NO
![Page 40: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/40.jpg)
Our Tool: Multi-Key MAC (Security)
!, "#, "%& = ()*+ !, ",, "#, "%
&",
"#
!-, &’
..012)34 (!′, &′, "#)NO
An adversary cannot output any valid message-signature pair other than the
one it received
![Page 41: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/41.jpg)
Security with Abort: Using Multi-Key MAC
!′#1, &' ( = ! (#', #+, #,)#+, &+#,, &,
. = /. 1234 ((, &1, &2, &3)
![Page 42: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/42.jpg)
!", $"%, &
Party 2Trusted Party
Security with Abort: Using Multi-Key MAC
'.)*+,-%(%, &, $")
-’
![Page 43: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/43.jpg)
Security with abort: Using Multi-Key MAC
IF !, # = %′((()*)), ((,, *,), ((-, *-))
(,, *,
!, #
Honest Party 2Trusted Party
(-, *-
!, #
Honest Party 3
%′
![Page 44: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/44.jpg)
Security with abort: Using Multi-Key MAC
!.#$%&'(((, +, ,-)!. #$%&'(((, +, ,/ )
0-, ,-
(, +
Honest Party 2Trusted Party
0/, ,/
(, +
Honest Party 3
YES YES
IF (, + = '′((03,3), (0-, ,-), (0/, ,/))
'′
![Page 45: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/45.jpg)
Security with abort: Using Multi-Key MAC
!", $"
%, &
Honest Party 2Trusted Party
!', $'
%, &
Honest Party 3
IF %, & ≠ )′((!,$,), (!", $"), (!', $'))
)′
![Page 46: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/46.jpg)
Security with abort: Using Multi-Key MAC
Honest Party 2
!", $"
%, &
Honest Party 2Trusted Party
!', $'
%, &
Honest Party 3
NONO
(.*+,-.%(%, &, $")(. *+,-.%(%, &, $' ) IF %, & ≠ .′((!3$3), (!", $"), (!', $'))
.′
![Page 47: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/47.jpg)
Recall: Our Strategy
2 Round IT-MPC(Privacy with Knowledge of
Outputs)
2 Round IT-MPC(Security with Abort)
Broadcast + P2P
Broadcast + P2P
Constant Round IT-MPC(Security with Abort)
Broadcast + P2P
Using Multi-Key MAC
Round Compression
Security Upgrade
![Page 48: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/48.jpg)
Security Upgrade Using Multi-Key MAC
Second Step
2 Round IT-MPC(Privacy with Knowledge of
Outputs)
2 Round IT-MPC(Security with Abort)
Broadcast + P2P
Broadcast + P2P
Constant Round IT-MPC(Security with Abort)
Broadcast + P2P
Round Compression
![Page 49: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/49.jpg)
Technique: Round Compression
Interactive secure MPC
2 round secure MPC
[GGHR’13]Indistinguishability Obfuscation
[GLS’15]Witness Encryption + Garbled circuits
[GS’17]Bilinear Maps + Garbled circuits
[GS’18, BL’18]OT + Garbled Circuits
[ACGJ’18] Garbled circuits
![Page 50: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/50.jpg)
Initial Idea
Interactive secure MPC
2 round secure MPC
[GGHR’13]Indistinguishability Obfuscation
[GLS’15]Witness Encryption + Garbled circuits
[GS’17]Bilinear Maps + Garbled circuits
[GS’18, BL’18]OT + Garbled Circuits
[ACGJ’18] Garbled circuits
Replace garbled circuits with Information-theoretic garbled circuits
(IT-GC)
![Page 51: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/51.jpg)
Round Compression Template
!"#$
...
Interactive secure MPC 2 round secure MPC
!"#%!"#&
Commit Inputs
'( !"#$ , '( !"#% , . .
![Page 52: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/52.jpg)
Round Compression Template
!"#$
...
Interactive secure MPC 2 round secure MPC
!"#%!"#&
Commit Inputs
'( !"#$ , '( !"#% , . .
'( !"#%
After Round 2
'( !"#$
'( !"#%
'( !"#$
Party 1 Party 2
.
.
.
.
.
.
...
...
![Page 53: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/53.jpg)
Round Compression Template: After Round 2
!" #$%&
!" #$%' !" #$%'
Party 1 Party 2
![Page 54: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/54.jpg)
Round Compression Template: After Round 2!" #$%&
!" #$%' !" #$%'
Party 1 Party 2
Statistically secure multi-party helper protocol for
OT functionality
Wire Labels 1st Message of Party 2
Wire Labels for 1st Message of Party 2
![Page 55: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/55.jpg)
Initial Idea: Doesn’t Work
Interactive secure MPC
2 round secure MPC
[GGHR’13]Indistinguishability Obfuscation
[GLS’15]Witness Encryption + Garbled circuits
[GS’17]Bilinear Maps + Garbled circuits
[GS’18, BL’18]OT + Garbled Circuits
[ACGJ’18] Garbled circuits
Replace garbled circuits with Information-theoretic garbled circuits
(IT-GC)
ProblemSize of the input wire labels in IT-GC grows exponentially in the depth of
the circuit being garbled.
![Page 56: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/56.jpg)
Initial Idea: Doesn’t Work
Interactive secure MPC
2 round secure MPC
[GGHR’13]Indistinguishability Obfuscation
[GLS’15]Witness Encryption + Garbled circuits
[GS’17]Bilinear Maps + Garbled circuits
[GS’18, BL’18]OT + Garbled Circuits
[ACGJ’18] Garbled circuits
Replace garbled circuits with Information-theoretic garbled circuits
(IT-GC)
ProblemSize of the input wire labels in IT-GC grows exponentially in the depth of
the circuit being garbled.
No. of garbled circuits generated per-party ≥ |#|
![Page 57: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/57.jpg)
Initial Idea: Doesn’t Work
Interactive secure MPC
2 round secure MPC
[GGHR’13]Indistinguishability Obfuscation
[GLS’15]Witness Encryption + Garbled circuits
[GS’17]Bilinear Maps + Garbled circuits
[GS’18, BL’18]OT + Garbled Circuits
[ACGJ’18] Garbled circuits
Replace garbled circuits with Information-theoretic garbled circuits
(IT-GC)
ProblemSize of the input wire labels in IT-GC grows exponentially in the depth of
the circuit being garbled.
No. of garbled circuits generated per-party ≥ |#|
Size of bottom-most garbled circuits is exp( # )
![Page 58: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/58.jpg)
Our Approach!" #$%&
!" #$%' !" #$%'
Party 1 Party 2
Statistically secure multi-party helper protocol for
OT functionality
Wire Labels1st Message of Party 2
Wire Labels for 1st Message of Party 2
(&
Inspired by the approach used in [BL’18]
![Page 59: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/59.jpg)
Our Approach!" #$%&
!" #$%' !" #$%'
Party 1 Party 2
Statistically secure multi-party helper protocol forOT functionality OT
functionality
Wire Labels
Wire Labels for 1st Message of Party 2
() *', #$%' *&
*&
![Page 60: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/60.jpg)
Our ApproachDesign a 2 round helper protocol for
!" #$, &'($ #)*+ &'()
*+ &'($ *+ &'($
Party 1 Party 2
Helper Protocol for OT functionality
Wire Labels
Wire Labels for 1st Message of Party 2
!" #$, &'() #)
#)
Statistically secure multi-party helper protocol forOT functionality OT
functionality!" #$, &'($ #)
![Page 61: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/61.jpg)
Challenges in Designing such a protocol
2 Round MPC Template using a 2 Round Helper Protocol
1st round of Helper Protocol (implicitly commits to inputs)
2nd round of Helper Protocol & !" #$%& , !" #$%( , . .R 2
R 1
![Page 62: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/62.jpg)
Challenges in Designing such a protocol
R 1
R 2
Inputs of Adversary
Output y
Trusted Party
Simulator
Adversary
A
A
Malicious Security
![Page 63: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/63.jpg)
Challenges in Designing such a protocol
R 1
R 2
Inputs of Adversary
Output y
Trusted Party
Outer Simulator
OuterAdversary
Inner Simulator
A
BA
InnerAdversary
B
Malicious Security using helper protocol
![Page 64: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/64.jpg)
Challenges in Designing such a protocol
R 1
R 2
Inputs of Adversary
Output y
Trusted Party
Outer Simulator
OuterAdversary
Inner Simulator
A
BA
InnerAdversary
B
Need to extract the inputs from inner adversary
Malicious Security using helper protocol
![Page 65: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/65.jpg)
Challenges in Designing such a protocol
R 1
R 2
Inputs of Adversary
Output y
Trusted Party
Outer Simulator
OuterAdversary
Inner Simulator
A
BA
InnerAdversary
B
Need to extract the inputs from inner adversary
For Malicious Security
How to design a 2 round maliciously secure helper protocol for this functionality?
![Page 66: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/66.jpg)
Our Solution
Properties:!"#$ is not known in the first round.
Party 1 Party 2
HONEST Nothing beyond the output is leaked Nothing beyond !"#%('$) is leaked
CORRUPT Simulator can extract '% Simulator can extract !"#%('$)
A two-round helper MPC protocol for 2 input delayed-function )* '%, !"#% '$
This asymmetric weaker security suffices!
![Page 67: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/67.jpg)
Conclusion
2 Round IT-MPC(Privacy with Knowledge of
Outputs)
2 Round IT-MPC(Security with Abort)
Broadcast + P2P
Broadcast + P2P
Constant Round IT-MPC(Security with Abort)
Broadcast + P2P
![Page 68: Two Round Information-Theoretic MPC with Malicious Securityu.cs.biu.ac.il/~lindell/TPMPC2019/Aarushi_Goel_TPMPC2019.pdf · PrabhanjanAnanth ArkaRai Choudhuri Aarushi Goel Abhishek](https://reader034.fdocuments.us/reader034/viewer/2022052023/6038b496f326866b1253caf2/html5/thumbnails/68.jpg)
Conclusion
2 Round IT-MPC(Security with Selective Abort)
P2P
2 Round IT-MPC(Privacy with Knowledge of
Outputs)
2 Round IT-MPC(Security with Abort)
Broadcast + P2P
Broadcast + P2P
Constant Round IT-MPC(Security with Abort)
Broadcast + P2P