Presentation is loading. Please wait.

Presentation is loading. Please wait.

Two Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) Joint work with Pratyay Mukherjee.

Published byChristal King Modified over 9 years ago

Similar presentations

Presentation on theme: "Two Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) Joint work with Pratyay Mukherjee."— Presentation transcript:

1 Two Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) Joint work with Pratyay Mukherjee

2 Multi-Party Computation Goal: Correctness: Everyone computes f(x 1,…,x n ) Security: Nothing else revealed f(x 1,…,x n ) Arbitrary number of corruptions.

3 Motivating Questions Construct MPC with minimal round complexity. Construct MPC directly using FHE techniques.

4 Round Complexity Ideally: 2 is best we can hope for Know: 4 from OT [BMR90,KOS03,AIK05,…], 3 from LWE [AJLTVW12], 2 with iO [GGHR14]. This talk: 2 from LWE. * Results in CRS model, needed for malicious security. Results require NIZKs for malicious security.

5 MPC from FHE Parties run distributed key generation of FHE scheme: agree on a common public key pk, each party gets a secret-share of sk. Each party i broadcasts c i = Enc pk (x i ). The parties run homomorphic evaluation to get c* = Enc pk ( f(x 1,…,x n ) ). Parties run a distributed decryption to recover y = f(x 1,…,x n ). For the FHE schemes of [BV11,BGV12] we can directly construct distributed key generation and decryption in 1 round each. Yields a 3 round MPC [AJLTVW12].

6 MPC from Multi-Key FHE Each party i chooses pk i, sk i broadcasts c i = Enc pki (x i ). All parties run a multi-key FHE eval to get c* = Enc pk1,…,pkn ( f(x 1,…,x n ) ). Parties run a distributed decryption to recover y = f(x 1,…,x n ). Multi-key FHE defined by [Lopez Alt-Tromer-Vaikuntanathan 12], construction from NTRU. No “nice” distributed decryption. Recent: multi-key FHE from LWE [Clear-McGoldrick 14]. This work: simplify multi-key FHE from LWE construction and show 1 round distributed decryption. Get 2 round MPC.

7 Gentry-Sahai-Waters FHE Multi-Key FHE (variant of Clear-McGoldrick) 2-round MPC

8 The GSW FHE: Key Generation B b = sB+e n m Public Key: A =

9 The GSW FHE: Encryption

10 Gadget Matrix G [Micciancio-Peikert ’12]

11 The GSW FHE: Evaluation

12 Multi-Key Version of GSW

13 Ciphertext Expansion B b 2 = s 2 B+e 2 A 2 = B b 1 = s 1 B+e 1 A 1 =

14 Ciphertext Expansion B b 2 = s 2 B+e 2 A 2 = B b 1 = s 1 B+e 1 A 1 =

15 One-Round Distributed Decryption c1c1 nN … cNcN c =

16 Putting it all together Each party i chooses pk i, sk i broadcasts c i = Enc pki (x i ). All parties run a multi-key FHE eval to get c* = Enc pk1,…,pkn ( f(x 1,…,x n ) ). Parties run a distributed decryption to recover y = f(x 1,…,x n ). Secure for “all-but-one” corruption. Minor modifications are needed to prove security for arbitrary corruption. Need NIZKs for malicious security (but no coin flipping). Questions: Can we get rid of the CRS in honest-but-curious setting? Can we get 2 or even 3 rounds under different/weaker assumptions?

17 Thank you

Download ppt "Two Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) Joint work with Pratyay Mukherjee."

Similar presentations

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Private Inference Control

Private Inference Control
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Perfect Non-interactive Zero-Knowledge for NP

Perfect Non-interactive Zero-Knowledge for NP
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption

Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.

Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Paper by: Craig Gentry Presented By: Daniel Henneberger.

Paper by: Craig Gentry Presented By: Daniel Henneberger.
Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.

Lecturer: Moni Naor Foundations of Cryptography Lecture 15: Oblivious Transfer and Secure Function Evaluation.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE Bar-Ilan University Gilad Asharov UCLA Abhishek Jain NYU Adriana.

Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE Bar-Ilan University Gilad Asharov UCLA Abhishek Jain NYU Adriana.
Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.

Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
01101100101001001010011001011110010110101000101010010010110010100010100101010101010001101001010101001000101001011110011110100110 100100101010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101

Similar presentations

Ads by Google