Results 1 
7 of
7
On the power of correlated randomness in secure computation
 In Proc. TCC 2013
"... Abstract We investigate the extent to which correlated secret randomness can help in secure computation with no honest majority. It is known that correlated randomness can be used to evaluate any circuit of size s with perfect security against semihonest parties or statistical security against mal ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract We investigate the extent to which correlated secret randomness can help in secure computation with no honest majority. It is known that correlated randomness can be used to evaluate any circuit of size s with perfect security against semihonest parties or statistical security against malicious parties, where the communication complexity grows linearly with s. This leaves open two natural questions: (1) Can the communication complexity be made independent of the circuit size? (2) Is it possible to obtain perfect security against malicious parties? We settle the above questions, obtaining both positive and negative results on unconditionally secure computation with correlated randomness. Concretely, we obtain the following results. Minimizing communication. Any multiparty functionality can be realized, with perfect security against semihonest parties or statistical security against malicious parties, by a protocol in which the number of bits communicated by each party is linear in its input length. Our protocol
Lower Bounds in the Hardware Token Model
"... We study the complexity of secure computation in the tamperproof hardware token model. Our main focus is on noninteractive unconditional twoparty computation using bitOT tokens, but we also study computational security with stateless tokens that have more complex functionality. Our results can ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We study the complexity of secure computation in the tamperproof hardware token model. Our main focus is on noninteractive unconditional twoparty computation using bitOT tokens, but we also study computational security with stateless tokens that have more complex functionality. Our results can be summarized as follows: • We show that there exists a class of functions such that the number of bitOT tokens required to securely implement them is at least the size of the sender’s input. The same applies for receiver’s input size (with a different class of functionalities). • We investigate the existence of nonadaptive protocols in the hardware token model. In a nonadaptive protocol, the queries to the tokens are fixed in advance as against an adaptive protocol in which the queries can depend on the answers from the previously queried tokens. In this work, we show that the existence of nonadaptive protocols in the hardware token model imply efficient (decomposable) randomized encodings. Since, efficient decomposable randomized encodings are believed to not exist for all efficient functions, this result can be interpreted as an evidence to the impossibility of nonadaptive protocols for efficiently
1Assisted Common Information with an Application to Secure TwoParty Sampling
"... Abstract—An important subclass of secure multiparty computation is secure sampling: two parties output samples of a pair of jointly distributed random variables such that neither party learns more about the other party’s output than what its own output reveals. The parties make use of a setup — cor ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—An important subclass of secure multiparty computation is secure sampling: two parties output samples of a pair of jointly distributed random variables such that neither party learns more about the other party’s output than what its own output reveals. The parties make use of a setup — correlated random variables with a different distribution — as well as unlimited noiseless communication. An upperbound on the rate of producing samples of a desired distribution from a given setup is presented. The region of tension developed in this paper measures how well the dependence between a pair of random variables can be resolved by a piece of common information. The bounds on rate are a consequence of a monotonicity property: a protocol between two parties can only lower the tension between their “views”. Connections are drawn between the region of tension and the notion of common information. A generalization of the GácsKörner common information, called the Assisted Common Information, which takes into account “almost common ” information ignored by GácsKörner common information is defined. The region of tension is shown to be related to the rate regions of both the Assisted Common Information and the GrayWyner systems (and, a fortiori, Wyner’s common information). I.
On the Communication required for Unconditionally Secure Multiplication
"... Abstract. Many information theoretically secure protocols are known for general secure multiparty computation, both in the honest majority setting, and in the dishonest majority setting with preprocessing. All known protocols that are efficient in the circuit size of the evaluated function follow ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Many information theoretically secure protocols are known for general secure multiparty computation, both in the honest majority setting, and in the dishonest majority setting with preprocessing. All known protocols that are efficient in the circuit size of the evaluated function follow the same typical “gatebygate ” design pattern: we work our way through a boolean or arithmetic circuit, maintaining as an invariant that after we process a gate, the output of the gate is represented as a random secret sharing among the players. Finally, all shares for the outputs are revealed. This approach usually allows noninteractive processing of addition gates but requires communication for every multiplication gate. This means that while information theoretically secure protocols are very efficient in terms of computational work, they (seem to) require more communication and more rounds than computationally secure protocols. Whether this is inherent is an open and probably very hard problem. However, in this work we show that it is indeed inherent for protocols that follow the “gate by gate ” design pattern. In particular, we present the following results: – In the honest majority setting, any gatebygate protocol must communicate for every multiplication gate, even if only semihonest security is required. – For dishonest majority with preprocessing, a different proof technique is needed. We again show that any gatebygate protocol must communicate for every multiplication gate when the underlying secret sharing scheme is the additive one. We obtain similar results for arbitrary secret sharing schemes. – In the honest majority setting, we also show that amortising over several multiplication gates can at best save an O(n) factor on the computational work. All our lower bounds are met up to a constant factor by known protocols that follow the typical gatebygate paradigm. Our results imply that a fundamentally new approach must be found in order to improve the communication complexity of known protocols that are efficient in the circuit size of the function, such as GMW, SPDZ etc. 1