TY - JOUR
T1 - EQUIVOCATING YAO
T2 - CONSTANT-ROUND ADAPTIVELY SECURE MULTIPARTY COMPUTATION IN THE PLAIN MODEL
AU - Canetti, Ran
AU - Poburinnaya, Oxana
AU - Venkitasubramaniam, Muthuramakrishnan
N1 - Publisher Copyright:
© 2022 Society for Industrial and Applied Mathematics.
PY - 2022
Y1 - 2022
N2 - Yao’s circuit garbling scheme is one of the basic building blocks of cryptographic protocol design. Originally designed to enable two-message, two-party secure computation, the scheme has been extended in many ways and has innumerable applications. Still, a basic question has remained open throughout the years: Can the scheme be extended to guarantee security in the face of an adversary that corrupts both parties, adaptively, as the computation proceeds? We answer this question in the affirmative. We define a new type of symmetric encryption, called functionally equivocal encryption (FEE), and show that when Yao’s scheme is implemented with FEE as the underlying encryption mechanism, it becomes secure against such adaptive adversaries. We then show how to implement FEE from any one-way function. Combining our scheme with noncommitting encryption, we obtain the first two-message, two-party computation protocol, and the first constant-round multiparty computation protocol, in the plain model, that are secure against semihonest adversaries who can adaptively corrupt all parties. Using standard techniques, this protocol can be made standalone secure against malicious corruptions in the plain model and universal composability secure in the common random string model. Additional applications include the first fully leakage-tolerant general multiparty computation protocol (with preprocessing), as well as a public-key version of FEE which can serve as a replacement for noncommitting encryption with better efficiency than what is possible for the latter.
AB - Yao’s circuit garbling scheme is one of the basic building blocks of cryptographic protocol design. Originally designed to enable two-message, two-party secure computation, the scheme has been extended in many ways and has innumerable applications. Still, a basic question has remained open throughout the years: Can the scheme be extended to guarantee security in the face of an adversary that corrupts both parties, adaptively, as the computation proceeds? We answer this question in the affirmative. We define a new type of symmetric encryption, called functionally equivocal encryption (FEE), and show that when Yao’s scheme is implemented with FEE as the underlying encryption mechanism, it becomes secure against such adaptive adversaries. We then show how to implement FEE from any one-way function. Combining our scheme with noncommitting encryption, we obtain the first two-message, two-party computation protocol, and the first constant-round multiparty computation protocol, in the plain model, that are secure against semihonest adversaries who can adaptively corrupt all parties. Using standard techniques, this protocol can be made standalone secure against malicious corruptions in the plain model and universal composability secure in the common random string model. Additional applications include the first fully leakage-tolerant general multiparty computation protocol (with preprocessing), as well as a public-key version of FEE which can serve as a replacement for noncommitting encryption with better efficiency than what is possible for the latter.
KW - adaptive security
KW - garbled circuits
KW - multiparty computation
UR - http://www.scopus.com/inward/record.url?scp=85129518807&partnerID=8YFLogxK
U2 - 10.1137/17M1151602
DO - 10.1137/17M1151602
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85129518807
SN - 0097-5397
VL - 51
JO - SIAM Journal on Computing
JF - SIAM Journal on Computing
IS - 2
ER -