TY - GEN
T1 - On Actively-Secure Elementary MPC Reductions
AU - Applebaum, Benny
AU - Goel, Aarushi
N1 - Publisher Copyright:
© 2021, International Association for Cryptologic Research.
PY - 2021
Y1 - 2021
N2 - We introduce the notion of elementary MPC reductions that allow us to securely compute a functionality f by making a single call to a constant-degree “non-cryptographic” functionality g without requiring any additional interaction. Roughly speaking, “non-cryptographic” means that g does not make use of cryptographic primitives, though the parties can locally call such primitives. Classical MPC results yield such elementary reductions in various cases including the setting of passive security with full corruption threshold t< n (Yao, FOCS’86; Beaver, Micali, and Rogaway, STOC’90), the setting of full active security against a corrupted minority t< n/ 2 (Damgård and Ishai, Crypto’05), and, for NC1 functionalities, even for the setting of full active (information-theoretic) security with full corruption threshold of t< n (Ishai and Kushilevitz, FOCS’00). This leaves open the existence of an elementary reduction that achieves full active security in the dishonest majority setting for all efficiently computable functions. Our main result shows that such a reduction is unlikely to exist. Specifically, the existence of a computationally secure elementary reduction that makes black-box use of a PRG and achieves a very weak form of partial fairness (e.g., that holds only when the first party is not corrupted) would allow us to realize any efficiently-computable function by a constant-round protocol that achieves a non-trivial notion of information-theoretic passive security. The existence of the latter is a well-known 3-decade old open problem in information-theoretic cryptography (Beaver, Micali, and Rogaway, STOC’90). On the positive side, we observe that this barrier can be bypassed under any of the following relaxations: (1) non-black-box use of a pseudorandom generator; (2) weaker security guarantees such as security with identifiable abort; or (3) an additional round of communication with the functionality g.
AB - We introduce the notion of elementary MPC reductions that allow us to securely compute a functionality f by making a single call to a constant-degree “non-cryptographic” functionality g without requiring any additional interaction. Roughly speaking, “non-cryptographic” means that g does not make use of cryptographic primitives, though the parties can locally call such primitives. Classical MPC results yield such elementary reductions in various cases including the setting of passive security with full corruption threshold t< n (Yao, FOCS’86; Beaver, Micali, and Rogaway, STOC’90), the setting of full active security against a corrupted minority t< n/ 2 (Damgård and Ishai, Crypto’05), and, for NC1 functionalities, even for the setting of full active (information-theoretic) security with full corruption threshold of t< n (Ishai and Kushilevitz, FOCS’00). This leaves open the existence of an elementary reduction that achieves full active security in the dishonest majority setting for all efficiently computable functions. Our main result shows that such a reduction is unlikely to exist. Specifically, the existence of a computationally secure elementary reduction that makes black-box use of a PRG and achieves a very weak form of partial fairness (e.g., that holds only when the first party is not corrupted) would allow us to realize any efficiently-computable function by a constant-round protocol that achieves a non-trivial notion of information-theoretic passive security. The existence of the latter is a well-known 3-decade old open problem in information-theoretic cryptography (Beaver, Micali, and Rogaway, STOC’90). On the positive side, we observe that this barrier can be bypassed under any of the following relaxations: (1) non-black-box use of a pseudorandom generator; (2) weaker security guarantees such as security with identifiable abort; or (3) an additional round of communication with the functionality g.
UR - http://www.scopus.com/inward/record.url?scp=85120037858&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-90459-3_24
DO - 10.1007/978-3-030-90459-3_24
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85120037858
SN - 9783030904586
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 717
EP - 749
BT - Theory of Cryptography - 19th International Conference, TCC 2021, Proceedings
A2 - Nissim, Kobbi
A2 - Waters, Brent
A2 - Waters, Brent
PB - Springer Science and Business Media Deutschland GmbH
T2 - 19th International Conference on Theory of Cryptography, TCC 2021
Y2 - 8 November 2021 through 11 November 2021
ER -