## CryptoDB

### Paper: The Price of Active Security in Cryptographic Protocols

Authors: Carmit Hazay , Bar-Ilan University Muthuramakrishnan Venkitasubramaniam , University of Rochester Mor Weiss , IDC Herzliya DOI: 10.1007/978-3-030-45724-2_7 (login may be required) Search ePrint Search Google EUROCRYPT 2020 We construct the first actively-secure Multi-Party Computation (MPC) protocols with an \emph{arbitrary} number of parties in the dishonest majority setting, for an \emph{arbitrary} field $\FF$ with \emph{constant communication overhead} over the passive-GMW'' protocol (Goldreich, Micali and Wigderson, STOC 87). Our protocols rely on passive implementations of Oblivious Transfer (OT) in the boolean setting and Oblivious Linear function Evaluation (OLE) in the arithmetic setting. Previously, such protocols were only known over sufficiently large fields (Genkin et al. STOC 14) or a constant number of parties (Ishai et al. CRYPTO 08). Conceptually, our protocols are obtained via a new compiler from a passively-secure protocol for a distributed multiplication functionality $\cF_\mult$, to an actively-secure protocol for general functionalities. Roughly, $\cF_\mult$ is parameterized by a linear-secret sharing scheme $\cS$, where it takes $\cS$-shares of two secrets and returns $\cS$-shares of their product. We show that our compilation is concretely efficient for sufficiently large fields, resulting in an overhead of 2 when securely computing natural circuits. Our compiler has two additional benefits: (1) it can rely on \emph{any} passive implementation of $\cF_\mult$, which, besides the standard implementation based on OT (for boolean) and OLE (for arithmetic) allows us to rely on implementations based on threshold cryptosystems (Cramer et al. Eurocrypt 01); and (2) it can rely on weaker-than-passive (i.e., imperfect/leaky) implementations, which in some parameter regimes yield actively-secure protocols with overhead less than 2. Instantiating this compiler with an honest-majority'' implementations of $\cF_\mult$, we obtain the first honest-majority protocol with optimal corruption threshold for boolean circuits with constant communication overhead over the best passive protocol (Damg{\aa}rd and Nielsen, CRYPTO 07).
##### BibTeX
@inproceedings{eurocrypt-2020-30221,
title={The Price of Active Security in Cryptographic Protocols},
booktitle={39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings},
series={Lecture Notes in Computer Science},
publisher={Springer},
keywords={Secure Multi-Party Computation;Constant Communication Overhead;Oblivious Transfer;Oblivious Linear Evaluation},
volume={12105},
doi={10.1007/978-3-030-45724-2_7},
author={Carmit Hazay and Muthuramakrishnan Venkitasubramaniam and Mor Weiss},
year=2020
}
`