Abstract
We present a new \({\text {OT}}\)-based two-party multiplication protocol that is almost as efficient as Gilboa’s semi-honest protocol (Crypto ’99), but has a high-level of security against malicious adversaries without further compilation. The achieved security suffices for many applications, and, assuming DDH, can be cheaply compiled into full security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Actually, most papers in the space focus on the related functionalities of OLE and VOLE, discussed later on.
- 2.
The \({\text {OT}}\)-based protocol of Ghosh, Nielsen, and Nilges [14] does achieve malicious security (without further compilation), but its security proof relies on an additional hardness assumption (a rather non-standard coding assumption). Interestingly, the security analysis in [14] is somewhat reminiscent of the security analysis of our protocol.
- 3.
The choice of \( \{-1,1 \}\) instead of \( \{0,1 \}\) significantly simplifies our security analysis, but it is also what limits it to fields of characteristic greater than two (see Theorem 2).
- 4.
It is not too hard to get convinced that our protocol does not realize the multiplication functionality with statistical security (in the \({\text {OT}}\)-hybrid model), but we defer the rather tedious proof of this fact to the next version of this paper. It seems plausible, however, that under the right Subset-Sum hardness assumption, the protocol does realize the multiplication functionality with computational security. Proving it is an intriguing open question.
- 5.
We discuss how our results extend to arbitrary fields of characteristic greater than two in Sect. 2.
- 6.
Without the oracle the penalty is rather noticeable, since there is a \((\ell \cdot m +\kappa ) \)-multiplicative blowup in the communication complexity.
- 7.
Since it is not the focus of our paper, we have not examined how to optimize the protocol or correctness-check when many triplets are being generated, and we speculate that several optimizations are possible.
- 8.
When using OT-extensions, this improvement automatically translates into an x2 improvement in communication complexity, which is the most expensive resource in [12].
- 9.
Given \(\mathsf {P} _1\)’s view and \(\mathsf {P} _2\)’s input.
- 10.
Actually, since the value of \(\boldsymbol{v}\) sent to \(\mathsf {P} _1\) is not uniform, but rather distributed according to \(\boldsymbol{V}^b:=\boldsymbol{V}|_{\langle \boldsymbol{V},\boldsymbol{T} \rangle = b}\), to argue about the security of the protocol one needs to argue about the min-entropy of \(\langle \boldsymbol{V}^b,{\boldsymbol{d}}* \boldsymbol{T} \rangle \) given \((b,\boldsymbol{V}^b)\). We ignore this subtlety in this informal exposition.
- 11.
This sampling can be done efficiently by sampling the two item uniformly, and then adjusting one coordinate of \(\boldsymbol{v}\).
- 12.
We note that the definition of \(\mathcal{F}_\mathsf {com}\) is reactive. This feature does not interfere with composition [9].
- 13.
Typically, \(\mathcal{F}_\mathsf {com}\) is realized via a hash function modelled as a random oracle.
References
Baum, C., Escudero, D., Pedrouzo-Ulloa, A., Scholl, P., Troncoso-Pastoriza, J.R.: Efficient protocols for oblivious linear function evaluation from ring-LWE. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 130–149. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57990-6_7
Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_34
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16
Boyle, E., Couteau, G., Gilboa, N., Ishai, Y.: Compressing vector OLE. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 896–912. ACM (2018)
Boyle, E., et al.: Efficient two-round OT extension and silent non-interactive secure computation. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. CCS 2019, pp. 291–308. ACM (2019)
Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_12
Boyle, E., Gilboa, N., Ishai, Y.: Breaking the circuit size barrier for secure computation under DDH. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 509–539. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_19
Boyle, E., Kohl, L., Scholl, P.: Homomorphic secret sharing from lattices without FHE. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 3–33. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_1
Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
Damgard, I., Orlandi, C.: Multiparty computation for dishonest majority: from passive to active security at low cost. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 558–576. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_30
Damgard, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38
Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Threshold ECDSA from ECDSA assumptions: the multiparty case. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, 19–23 May 2019, pp. 1051–1066. IEEE (2019)
Frederiksen, T.K., Pinkas, B., Yanai, A.: Committed MPC - maliciously secure multiparty computation from homomorphic commitments. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 587–619. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_20
Ghosh, S., Nielsen, J.B., Nilges, T.: Maliciously secure oblivious linear function evaluation with constant overhead. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 629–659. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_22
Gilboa, N.: Two party RSA key generation. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_8
Goldreich, O.: Foundations of Cryptography - Volume 2: Basic Applications. Cambridge University Press, Cambridge (2004)
Haitner, I., Makriyannis, N., Ranellucci, S., Tsfadia, E.: Highly efficient ot-based multiplication protocols. Cryptology ePrint Archive, Report 2021/1373 (2021). https://ia.cr/2021/1373
Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, pp. 12–24 (1989)
Ishai, Y., Prabhakaran, M., Sahai, A.: Secure arithmetic computation with no honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 294–314. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_18
Keller, M., Orsini, E., Scholl, P.: MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 830–842. ACM (2016)
Kiayias, A., Yung, M.: Cryptographic hardness based on the decoding of Reed-Solomon codes. IEEE Trans. Inf. Theory 54(6), 2752–2769 (2008)
Lindell, Y., Nof, A.: A framework for constructing fast MPC over arithmetic circuits with malicious adversaries and an honest-majority. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS 2017, pp. 259–276. ACM (2017)
Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 1837–1854. ACM (2018)
Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35(5), 1254–1281 (2006)
Rotaru, D., Smart, N.P., Tanguy, T., Vercauteren, F., Wood, T.: Actively secure setup for SPDZ. IACR Cryptology ePrint Archive, p. 1300 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Haitner, I., Makriyannis, N., Ranellucci, S., Tsfadia, E. (2022). Highly Efficient OT-Based Multiplication Protocols. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13275. Springer, Cham. https://doi.org/10.1007/978-3-031-06944-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-06944-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06943-7
Online ISBN: 978-3-031-06944-4
eBook Packages: Computer ScienceComputer Science (R0)
