International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Dishonest Majority Multiparty Computation over Matrix Rings

Authors:
Hongqing Liu , Shanghai Jiao Tong University, Shanghai, China
Chaoping Xing , Shanghai Jiao Tong University, Shanghai, China
Chen Yuan , Shanghai Jiao Tong University, Shanghai, China
Taoxu Zou , Shanghai Jiao Tong University, Shanghai, China
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2024
Abstract: The privacy-preserving machine learning (PPML) has gained growing importance over the last few years. One of the biggest challenges is to improve the efficiency of PPML so that the communication and computation costs of PPML are affordable for large machine learning models such as deep learning. As we know, linear algebra such as matrix multiplication occupies a significant part of the computation in deep learning such as deep convolutional neural networks (CNN). Thus, it is desirable to propose the MPC protocol specialized for the matrix operations. In this work, we propose a dishonest majority MPC protocol over matrix rings which supports matrix multiplication and addition. Our MPC protocol can be seen as a variant of SPDZ protocol, i.e., the MAC and global key of our protocol are vectors of length m and the secret of our protocol is an $m \times m$ matrix. Compared to the classic SPDZ protocol, our MPC protocol reduces the communication complexity by at least m times to securely compute a matrix multiplication. We also show that the communication complexity of our MPC protocol is asymptotically as good as [16] which also presented a dishonest majority MPC protocol specialized for matrix operations, i.e., the communication complexity of securely computing a multiplication gate is $O(m^2 n^2 log q)$ in the preprocessing phase and $O(m^2 n log q)$ in the online phase. The share size and the number of multiplications of our protocol are reduced by around 50% and 40% of [16], respectively. However, we take a completely different approach. The protocol in [16] uses a variant of BFV scheme to embed a whole matrix into a single ciphertext and then treats the matrix operation as the entry-wise operation in the ciphertext while our approach resorts to a variant of vector linear oblivious evaluation (VOLE) called the subfield VOLE [33] which can securely compute the additive sharing of $v\bm{x}$ for $v \in F_{q^b}, \bm{x}\in F_q^a$ with sublinear communication complexity. Finally, we note that our MPC protocol can be easily extended to small fields.
BibTeX
@inproceedings{asiacrypt-2024-34611,
  title={Dishonest Majority Multiparty Computation over Matrix Rings},
  publisher={Springer-Verlag},
  author={Hongqing Liu and Chaoping Xing and Chen Yuan and Taoxu Zou},
  year=2024
}