Two Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) Joint work with Pratyay Mukherjee.

Slides:



Advertisements
Similar presentations
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Advertisements

Private Inference Control
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Perfect Non-interactive Zero-Knowledge for NP
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
Secure Evaluation of Multivariate Polynomials
Paper by: Craig Gentry Presented By: Daniel Henneberger.
Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE Bar-Ilan University Gilad Asharov UCLA Abhishek Jain NYU Adriana.
Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Oblivious Transfer based on the McEliece Assumptions
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Paillier Threshold Encryption WebService by Brett Wilson.
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
ON THE PROVABLE SECURITY OF HOMOMORPHIC ENCRYPTION Andrej Bogdanov Chinese University of Hong Kong Bertinoro Summer School | July 2014 based on joint work.
Simons Institute, Cryptography Boot Camp
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.
Public-Key Encryption with Lazy Parties Kenji Yasunaga Institute of Systems, Information Technologies and Nanotechnologies (ISIT), Japan Presented at SCN.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh.
ON CONTINUAL LEAKAGE OF DISCRETE LOG REPRESENTATIONS Shweta Agrawal IIT, Delhi Joint work with Yevgeniy Dodis, Vinod Vaikuntanathan and Daniel Wichs Several.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits (cont.), fully homomorphic encryption Eran Tromer.
Page 1 Efficient Two-Party Secure Computation on Committed Inputs Stanislaw Jarecki, UC Irvine Vitaly Shmatikov, UT Austin.
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.
Succinct Functional Encryption: d Reusable Garbled Circuits and Beyond
Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
Polynomially Homomorphic Signatures Dan Boneh Stanford University Joint work with David Freeman.
China Summer School on Lattices and Cryptography Craig Gentry and Shai Halevi June 4, 2014 Homomorphic Encryption over Polynomial Rings.
Obfuscation of Probabilistic Circuits Ran Canetti, Huijia Lin Stefano Tessaro, Vinod Vaikuntanathan.
1 Information Security – Theory vs. Reality , Winter Lecture 11: Fully homomorphic encryption Lecturer: Eran Tromer Including presentation.
Based on work with: Sergey Gorbunov and Vinod Vaikuntanathan Homomorphic Commitments & Signatures Daniel Wichs Northeastern University.
Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
China Summer School on Lattices and Cryptography Craig Gentry and Shai Halevi June 3, 2014 Fully Homomorphic Encryption and Bootstrapping.
Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.
China Summer School on Lattices and Cryptography Craig Gentry and Shai Halevi June 3, 2014 Somewhat Homomorphic Encryption.
Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.
Secret computation of purchase history data using somewhat homomorphic encryption Date: Reporter: 許哲毓.
Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.
On Public Key Encryption from Noisy Codewords Yuval Ishai Technion & UCLA Eli Ben-Sasson (Technion) Iddo Ben-Tov (Technion) Ivan Damgård (Aarhus) Noga.
The Many Faces of Garbled Circuits MIT Vinod Vaikuntanathan.
Fully Homomorphic Encryption (FHE) By: Matthew Eilertson.
Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.
Packing Techniques for Homomorphic Encryption Schemes Scott Thompson CSCI-762 4/28/2016.
Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.
The Exact Round Complexity of Secure Computation
The Exact Round Complexity of Secure Computation
Carmit Hazay (Bar-Ilan University, Israel)
Adaptively Secure Multi-Party Computation from LWE (via Equivocal FHE)
TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.
Committed MPC Multiparty Computation from Homomorphic Commitments
Laconic Oblivious Transfer and its Applications
Verifiable Oblivious Storage
Four-Round Secure Computation without Setup
Cryptography for Quantum Computers
Rishab Goyal Venkata Koppula Brent Waters
Two-Round Adaptively Secure Protocols from Standard Assumptions
Helen: Maliciously Secure Coopetitive Learning for Linear Models
Presentation transcript:

Two Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) Joint work with Pratyay Mukherjee

Multi-Party Computation Goal: Correctness: Everyone computes f(x 1,…,x n ) Security: Nothing else revealed f(x 1,…,x n ) Arbitrary number of corruptions.

Motivating Questions Construct MPC with minimal round complexity. Construct MPC directly using FHE techniques.

Round Complexity Ideally: 2 is best we can hope for Know: 4 from OT [BMR90,KOS03,AIK05,…], 3 from LWE [AJLTVW12], 2 with iO [GGHR14]. This talk: 2 from LWE. * Results in CRS model, needed for malicious security. Results require NIZKs for malicious security.

MPC from FHE Parties run distributed key generation of FHE scheme: agree on a common public key pk, each party gets a secret-share of sk. Each party i broadcasts c i = Enc pk (x i ). The parties run homomorphic evaluation to get c* = Enc pk ( f(x 1,…,x n ) ). Parties run a distributed decryption to recover y = f(x 1,…,x n ). For the FHE schemes of [BV11,BGV12] we can directly construct distributed key generation and decryption in 1 round each. Yields a 3 round MPC [AJLTVW12].

MPC from Multi-Key FHE Each party i chooses pk i, sk i broadcasts c i = Enc pki (x i ). All parties run a multi-key FHE eval to get c* = Enc pk1,…,pkn ( f(x 1,…,x n ) ). Parties run a distributed decryption to recover y = f(x 1,…,x n ). Multi-key FHE defined by [Lopez Alt-Tromer-Vaikuntanathan 12], construction from NTRU. No “nice” distributed decryption. Recent: multi-key FHE from LWE [Clear-McGoldrick 14]. This work: simplify multi-key FHE from LWE construction and show 1 round distributed decryption. Get 2 round MPC.

Gentry-Sahai-Waters FHE Multi-Key FHE (variant of Clear-McGoldrick) 2-round MPC

The GSW FHE: Key Generation B b = sB+e n m Public Key: A =

The GSW FHE: Encryption

Gadget Matrix G [Micciancio-Peikert ’12]

The GSW FHE: Evaluation

Multi-Key Version of GSW

Ciphertext Expansion B b 2 = s 2 B+e 2 A 2 = B b 1 = s 1 B+e 1 A 1 =

Ciphertext Expansion B b 2 = s 2 B+e 2 A 2 = B b 1 = s 1 B+e 1 A 1 =

One-Round Distributed Decryption c1c1 nN … cNcN c =

Putting it all together Each party i chooses pk i, sk i broadcasts c i = Enc pki (x i ). All parties run a multi-key FHE eval to get c* = Enc pk1,…,pkn ( f(x 1,…,x n ) ). Parties run a distributed decryption to recover y = f(x 1,…,x n ). Secure for “all-but-one” corruption. Minor modifications are needed to prove security for arbitrary corruption. Need NIZKs for malicious security (but no coin flipping). Questions: Can we get rid of the CRS in honest-but-curious setting? Can we get 2 or even 3 rounds under different/weaker assumptions?

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.