Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden.
powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden.
powered by
Abstract
We present the first two-round multiparty computation (MPC) protocols secure against malicious adaptive corruption in the common reference string (CRS) model, based on DDH, LWE, or QR. Prior two-round adaptively secure protocols were known only in the two-party setting against semi-honest adversaries, or in the general multiparty setting assuming the existence of indistinguishability obfuscation (iO).
Our protocols are constructed in two steps. First, we construct two-round oblivious transfer (OT) protocols secure against malicious adaptive corruption in the CRS model based on DDH, LWE, or QR. We achieve this by generically transforming any two-round OT that is only secure against static corruption but has certain oblivious sampleability properties, into a two-round adaptively secure OT. Prior constructions were only secure against semi-honest adversaries or based on iO.
Second, building upon recent constructions of two-round MPC from two-round OT in the weaker static corruption setting [Garg and Srinivasan, Benhamouda and Lin, Eurocrypt’18] and using equivocal garbled circuits from [Canetti, Poburinnaya and Venkitasubramaniam, STOC’17], we show how to construct two-round adaptively secure MPC from two-round adaptively secure OT and constant-round adaptively secure MPC, with respect to both malicious and semi-honest adversaries. As a corollary, we also obtain the first 2-round MPC secure against semi-honest adaptive corruption in the plain model based on augmented non-committing encryption (NCE), which can be based on a variety of assumptions, CDH, RSA, DDH, LWE, or factoring Blum integers. Finally, we mention that our OT and MPC protocols in the CRS model are, in fact, adaptively secure in the Universal Composability framework.
Anzeige
Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.
Actually, the protocol of [5] additionally relies on Non-Interactive Zero-Knowledge (NIZK) proofs in the CRS model. But as observed in [28] and this work, the use of NIZK can be removed.
Abdalla et al. [1] constructed a two-round OT protocol secure against the weaker semi-adaptive corruption model where the adversary corrupts one of the two parties at the beginning of the execution and the other party adaptively during or after the execution. It is known that such a protocol can be generically converted to become secure against adaptive corruption using NCE. However, the resulting protocol would be 3-round.
For example, the complexity of all equivocal garbled circuits can simply be proportional to the entropy of the secrets that need to be equivocated, which in the case of MPC are the inputs and randomness of the uncorrupted parties.
We emphasize that the CLOS model of single CRS should be differentiated from the global CRS model formalized in [11]. The key difference lies in that the latter allows the environment to access the global CRS (and hence the CRS cannot be programmed), whereas in the former all protocol execution can access the same CRS but not the environment.
Formally, we need a CRS \(\mathrm {crs}_{\mathsf {OT}}\) for each instantiation of the OT protocol. For the sake of simplicity, we assume that there is a single CRS.