CryptoDB
Ankit Kumar Misra
Publications
Year
Venue
Title
2024
ASIACRYPT
Dishonest Majority Constant-Round MPC with Linear Communication from DDH
Abstract
In this work, we study constant round multiparty computation (MPC) for Boolean circuits against a fully malicious adversary who may control up to $n-1$ out of $n$ parties. Without relying on fully homomorphic encryption (FHE), the best-known results in this setting are achieved by Wang et al. (CCS 2017) and Hazay et al. (ASIACRYPT 2017) based on garbled circuits, which require a quadratic communication in the number of parties $O(|C|\cdot n^2)$. In contrast, for non-constant round MPC, the recent result by Rachuri and Scholl (CRYPTO 2022) has achieved linear communication $O(|C|\cdot n)$.
In this work, we present the first concretely efficient constant round MPC protocol in this setting with linear communication in the number of parties $O(|C|\cdot n)$. Our construction can be based on any public-key encryption scheme that is linearly homomorphic for public keys. Our work gives a concrete instantiation from a variant of the El-Gamal Encryption Scheme assuming the DDH assumption. The analysis shows that when the computational security parameter $\lambda=128$ and statistical security parameter $\kappa=80$, our protocol achieves a smaller communication than Wang et al. (CCS 2017) when there are $16$ parties for AES circuit, and $8$ parties for general Boolean circuits (where we assume that the numbers of AND gates and XOR gates are the same). When comparing with the recent work by Beck et al. (CCS 2023) that achieves constant communication complexity $O(|C|)$ in the strong honest majority setting ($t<(1/2-\epsilon)n$ where $\epsilon$ is a constant), our protocol is better as long as $n<3500$ (when $t=n/4$ for their work).
2024
TCC
Adaptive Security, Erasures, and Network Assumptions in Communication-Local MPC
Abstract
The problem of reliable/secure all-to-all communication over low-degree networks has been
essential for communication-local (CL) n-party MPC (i.e., MPC protocols where every party directly
communicates only with a few, typically polylogarithmic in n, parties) and more recently for com-
munication over ad hoc networks, which are used in blockchain protocols. However, a limited number
of adaptively secure solutions exist, and they all make relatively strong assumptions on the ability of
parties to act in some specific manner before the adversary can corrupt them. Two such assumptions
were made in the work of Chandran et al. [ITCS ’15]---parties can (a) multisend messages to several
receivers simultaneously; and (b) securely erase the message and the identities of the receivers, before the adversary gets a chance to corrupt the sender (even if a receiver is corrupted).
A natural question to ask is: Are these assumptions necessary for adaptively secure CL MPC? In this
paper, we characterize the feasibility landscape for all-to-all reliable message transmission (RMT) under these two assumptions, and use this characterization to obtain (asymptotically) tight feasibility results for CL MPC.
– First, we prove a strong impossibility result for a broad class of RMT protocols, termed here
store-and-forward protocols, which includes all known communication protocols for CL MPC from
standard cryptographic assumptions. Concretely, we show that no such protocol with a certain
expansion rate can tolerate a constant fraction of parties being corrupted.
– Next, under the assumption of only a PKI, we show that assuming secure erasures, we can obtain
an RMT protocol between all pairs of parties with polylogarithmic locality (even without assuming
multisend) for the honest majority setting. We complement this result by showing a negative result
for the setting of dishonest majority.
– Finally, and somewhat surprisingly, under stronger assumptions (i.e., trapdoor permutations
with a reverse domain sampler, and compact and malicious circuit-private FHE), we construct a
polylogarithmic-locality all-to-one RMT protocol, which is adaptively secure and tolerates any
constant fraction of corruptions, without assuming either secure erasures or multisend. This last
result uses a novel combination of adaptively secure (e.g., non-committing) encryption and (static)
FHE to bypass the impossibility of compact adaptively secure FHE by Katz et al. [PKC’13], which
we believe may be of independent interest. Intriguingly, even such assumptions do not allow reduc-
ing all-to-all RMT to all-to-one RMT (a reduction which is trivial in the non-CL setting). Still, we
can implement what we call sublinear output-set RMT (SOS-RMT for short). We show how SOS-
RMT can be used for SOS-MPC under the known bounds for feasibility of MPC in the standard
(i.e., non-CL) setting assuming, in addition to SOS-RMT, an anonymous PKI.
2022
TCC
Secure Non-Interactive Reducibility is Decidable
Abstract
Secure Non-Interactive Reductions (SNIR) is a recently introduced, but fundamental cryp- tographic primitive. The basic question about SNIRs is how to determine if there is a SNIR from one 2-party correlation to another. While prior work provided answers for several pairs of correlations, the possibility that this is an undecidable problem in general was left open. In this work we show that the existence of a SNIR between any pair of correlations can be determined by an algorithm.
At a high-level, our proof follows the blueprint of a similar (but restricted) result by Khorasgani et al. But combining the spectral analysis of SNIRs by Agrawal et al. (Eurocrypt 2022) with a new variant of a “junta theorem” by Kindler and Safra, we obtain a complete resolution of the decidability question for SNIRs. The new junta theorem that we identify and prove may be of independent interest.
Coauthors
- Kaartik Bhushan (1)
- Nishanth Chandran (1)
- Juan A. Garay (1)
- Vipul Goyal (1)
- Junru Li (1)
- Ankit Kumar Misra (3)
- Varun Narayanan (1)
- Rafail Ostrovsky (2)
- Manoj Prabhakaran (1)
- Yifan Song (1)
- Chenkai Weng (1)
- Vassilis Zikas (1)