Round-Optimal Secure Multiparty Computation from Minimal Assumptions

Akshayaram Srinivasan

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2020-45

May 13, 2020

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-45.pdf

Secure Multiparty Computation (MPC) allows a set of parties, each having its own private data, to compute a function of their joint data such that the parties only learn the output of this function and everything else about their data is hidden. MPC is a fundamental cryptographic abstraction that captures many other natural cryptographic primitives as special cases. It also has a wide range of practical applications such as conducting secure electronic auctions, delegating sensitive computation to untrusted cloud service providers, secure computation on genomic data and training machine learning models on private data.

A long-standing open problem in this area is to construct MPC protocols that have {\it optimal} (two-round) round complexity under the {\it weakest} possible cryptographic hardness assumptions.

We {\it completely resolve} this problem by showing lower bounds and matching upper bounds on the hardness assumptions required for constructing round-optimal MPC. Specifically, we obtain the following results.

\begin{itemize} \item \textbf{Black-Box Separation.} We show that there exists no construction of two-round semi-honest MPC protocol for general functions that makes black-box use of a two-round oblivious transfer. As a corollary, a similar separation holds when starting with any 2-party functionality other than oblivious transfer.

\item \textbf{Non-Black-Box Construction.} We show that the above negative result can be bypassed by making non-black-box use of a two-round oblivious transfer. Specifically, starting from a semi-honest (resp. malicious) secure two-round oblivious transfer protocol, we construct a two-round MPC protocol against semi-honest (resp. malicious) adversaries. \end{itemize} Since any two-round MPC protocol for general functionalities implies a two-round oblivious transfer as a special case, the above two results show that non-black-box use of oblivious transfer is {\it necessary and sufficient} to construct round-optimal MPC protocols.

Advisors: Sanjam Garg

BibTeX citation:

@phdthesis{Srinivasan:EECS-2020-45,
    Author= {Srinivasan, Akshayaram},
    Title= {Round-Optimal Secure Multiparty Computation from Minimal Assumptions},
    School= {EECS Department, University of California, Berkeley},
    Year= {2020},
    Month= {May},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-45.html},
    Number= {UCB/EECS-2020-45},
    Abstract= {Secure Multiparty Computation (MPC) allows a set of parties, each having its own private data, to compute a function of their joint data such that the parties only learn the output of this function and everything else about their data is hidden. MPC is a fundamental cryptographic abstraction that captures many other natural cryptographic primitives as special cases. It also has a wide range of practical applications such as conducting secure electronic auctions, delegating sensitive computation to untrusted cloud service providers, secure computation on genomic data and training machine learning models on private data.

A long-standing open problem in this area is to construct MPC protocols that have {\it optimal} (two-round) round complexity under the {\it weakest} possible cryptographic hardness assumptions.


We {\it completely resolve} this problem by showing lower bounds and matching upper bounds on the hardness assumptions required for constructing round-optimal MPC. Specifically, we obtain the following results.

\begin{itemize}
\item \textbf{Black-Box Separation.} We show that there exists no construction of two-round semi-honest MPC protocol for general functions that makes black-box use of a two-round oblivious transfer. As a corollary, a similar separation holds when starting with any 2-party functionality other than oblivious transfer. 

\item \textbf{Non-Black-Box Construction.} We show that the above negative result can be bypassed by making non-black-box use of a two-round oblivious transfer. Specifically, starting from a semi-honest (resp. malicious) secure two-round oblivious transfer protocol, we construct a two-round MPC protocol against semi-honest (resp. malicious) adversaries. 
\end{itemize}
Since any two-round MPC protocol for general functionalities implies a two-round oblivious transfer as a special case, the above two results show that non-black-box use of oblivious transfer is {\it necessary and sufficient} to construct round-optimal MPC protocols.},
}

EndNote citation:

%0 Thesis
%A Srinivasan, Akshayaram 
%T Round-Optimal Secure Multiparty Computation from Minimal Assumptions
%I EECS Department, University of California, Berkeley
%D 2020
%8 May 13
%@ UCB/EECS-2020-45
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-45.html
%F Srinivasan:EECS-2020-45