Binary AMD circuits from secure multiparty computation

Daniel Genkin; Yuval Ishai; Mor Weiss

doi:10.1007/978-3-662-53641-4_14

Binary AMD circuits from secure multiparty computation

Daniel Genkin, Yuval Ishai, Mor Weiss

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

An AMD circuit over a finite field 𝔽 is a randomized arithmetic circuit that offers the “best possible protection” against additive attacks. That is, the effect of every additive attack that may blindly add a (possibly different) element of 𝔽 to every internal wire of the circuit can be simulated by an ideal attack that applies only to the inputs and outputs. Genkin et al. (STOC 2014, Crypto 2015) introduced AMD circuits as a means for protecting MPC protocols against active attacks, and showed that every arithmetic circuit C over 𝔽 can be transformed into an equivalent AMD circuit of size O(|C|) with O(1/|𝔽|) simulation error. However, for the case of the binary field 𝔽 = 𝔽₂, their constructions relied on a tamper-proof output decoder and could only realize a weaker notion of security. We obtain the first constructions of fully secure binary AMD circuits. Given a boolean circuit C and a statistical security parameter σ, we construct an equivalent binary AMD circuit C' of size |C| · polylog(|C|, σ) (ignoring lower order additive terms) with 2 ^−σ simulation error. That is, the effect of toggling an arbitrary subset of wires can be simulated by toggling only input and output wires. Our construction combines in a general way two types of “simple” honest-majority MPC protocols: protocols that only offer security against passive adversaries, and protocols that only offer correctness against active adversaries. As a corollary, we get a conceptually new technique for constructing active-secure two-party protocols in the OThybrid model, and reduce the open question of obtaining such protocols with constant computational overhead to a similar question in these simpler MPC models.

Original language	English
Title of host publication	Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings
Editors	Adam Smith, Martin Hirt
Publisher	Springer Verlag
Pages	336-366
Number of pages	31
ISBN (Print)	9783662536407
DOIs	https://doi.org/10.1007/978-3-662-53641-4_14
State	Published - 2016
Externally published	Yes
Event	14th International Conference on Theory of Cryptography, TCC 2016-B - Beijing, China Duration: 31 Oct 2016 → 3 Nov 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9985 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Theory of Cryptography, TCC 2016-B
Country/Territory	China
City	Beijing
Period	31/10/16 → 3/11/16

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2016.

Funding

The second author was supported by ERC starting grant 259426, ISF grant 1709/14, BSF grant 2012378, a DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, NSF grants 1228984, 1136174, 1118096, and 1065276. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government. The third author was supported by ERC starting grant 259426 and a Check Point Institute for Information Security grant for graduate students and post-doctoral fellows. The first author is a member of the Check Point Institute for Information Security and was supported by ERC starting grant 259426; by the Blavatnik Interdisciplinary Cyber Research Center; by the Israeli Centers of Research Excellence I-CORE program (center 4/11); by the Leona M. & Harry B. Helmsley Charitable Trust; and by NATO’s Public Diplomacy Division in the Framework of “Science for Peace".

Funders	Funder number
Check Point Institute for Information Security
Israeli Centers of Research Excellence I-CORE
NATO’s Public Diplomacy Division in the Framework of “Science for Peace
National Science Foundation	1228984, 1413955, 1065276, 1118096, 1136174
Defense Advanced Research Projects Agency	W911NF-15-C-0205
Army Research Laboratory
Leona M. and Harry B. Helmsley Charitable Trust
European Commission	259426
United States-Israel Binational Science Foundation	2012378
Israel Science Foundation	1709/14

Keywords

AMD circuits
Algebraic manipulation detection
Secure multiparty computation

Access to Document

10.1007/978-3-662-53641-4_14

Cite this

Genkin, D., Ishai, Y., & Weiss, M. (2016). Binary AMD circuits from secure multiparty computation. In A. Smith, & M. Hirt (Eds.), Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings (pp. 336-366). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9985 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-662-53641-4_14

Genkin, Daniel ; Ishai, Yuval ; Weiss, Mor. / Binary AMD circuits from secure multiparty computation. Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. editor / Adam Smith ; Martin Hirt. Springer Verlag, 2016. pp. 336-366 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{860f656d226d41d8a472c7795888f2a4,

title = "Binary AMD circuits from secure multiparty computation",

abstract = "An AMD circuit over a finite field 𝔽 is a randomized arithmetic circuit that offers the “best possible protection” against additive attacks. That is, the effect of every additive attack that may blindly add a (possibly different) element of 𝔽 to every internal wire of the circuit can be simulated by an ideal attack that applies only to the inputs and outputs. Genkin et al. (STOC 2014, Crypto 2015) introduced AMD circuits as a means for protecting MPC protocols against active attacks, and showed that every arithmetic circuit C over 𝔽 can be transformed into an equivalent AMD circuit of size O(|C|) with O(1/|𝔽|) simulation error. However, for the case of the binary field 𝔽 = 𝔽2, their constructions relied on a tamper-proof output decoder and could only realize a weaker notion of security. We obtain the first constructions of fully secure binary AMD circuits. Given a boolean circuit C and a statistical security parameter σ, we construct an equivalent binary AMD circuit C' of size |C| · polylog(|C|, σ) (ignoring lower order additive terms) with 2 −σ simulation error. That is, the effect of toggling an arbitrary subset of wires can be simulated by toggling only input and output wires. Our construction combines in a general way two types of “simple” honest-majority MPC protocols: protocols that only offer security against passive adversaries, and protocols that only offer correctness against active adversaries. As a corollary, we get a conceptually new technique for constructing active-secure two-party protocols in the OThybrid model, and reduce the open question of obtaining such protocols with constant computational overhead to a similar question in these simpler MPC models.",

keywords = "AMD circuits, Algebraic manipulation detection, Secure multiparty computation",

author = "Daniel Genkin and Yuval Ishai and Mor Weiss",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2016.; 14th International Conference on Theory of Cryptography, TCC 2016-B ; Conference date: 31-10-2016 Through 03-11-2016",

year = "2016",

doi = "10.1007/978-3-662-53641-4_14",

language = "אנגלית",

isbn = "9783662536407",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "336--366",

editor = "Adam Smith and Martin Hirt",

booktitle = "Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings",

address = "גרמניה",

}

Genkin, D, Ishai, Y & Weiss, M 2016, Binary AMD circuits from secure multiparty computation. in A Smith & M Hirt (eds), Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9985 LNCS, Springer Verlag, pp. 336-366, 14th International Conference on Theory of Cryptography, TCC 2016-B, Beijing, China, 31/10/16. https://doi.org/10.1007/978-3-662-53641-4_14

Binary AMD circuits from secure multiparty computation. / Genkin, Daniel; Ishai, Yuval; Weiss, Mor.
Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. ed. / Adam Smith; Martin Hirt. Springer Verlag, 2016. p. 336-366 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9985 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Binary AMD circuits from secure multiparty computation

AU - Genkin, Daniel

AU - Ishai, Yuval

AU - Weiss, Mor

N1 - Publisher Copyright: © International Association for Cryptologic Research 2016.

PY - 2016

Y1 - 2016

N2 - An AMD circuit over a finite field 𝔽 is a randomized arithmetic circuit that offers the “best possible protection” against additive attacks. That is, the effect of every additive attack that may blindly add a (possibly different) element of 𝔽 to every internal wire of the circuit can be simulated by an ideal attack that applies only to the inputs and outputs. Genkin et al. (STOC 2014, Crypto 2015) introduced AMD circuits as a means for protecting MPC protocols against active attacks, and showed that every arithmetic circuit C over 𝔽 can be transformed into an equivalent AMD circuit of size O(|C|) with O(1/|𝔽|) simulation error. However, for the case of the binary field 𝔽 = 𝔽2, their constructions relied on a tamper-proof output decoder and could only realize a weaker notion of security. We obtain the first constructions of fully secure binary AMD circuits. Given a boolean circuit C and a statistical security parameter σ, we construct an equivalent binary AMD circuit C' of size |C| · polylog(|C|, σ) (ignoring lower order additive terms) with 2 −σ simulation error. That is, the effect of toggling an arbitrary subset of wires can be simulated by toggling only input and output wires. Our construction combines in a general way two types of “simple” honest-majority MPC protocols: protocols that only offer security against passive adversaries, and protocols that only offer correctness against active adversaries. As a corollary, we get a conceptually new technique for constructing active-secure two-party protocols in the OThybrid model, and reduce the open question of obtaining such protocols with constant computational overhead to a similar question in these simpler MPC models.

AB - An AMD circuit over a finite field 𝔽 is a randomized arithmetic circuit that offers the “best possible protection” against additive attacks. That is, the effect of every additive attack that may blindly add a (possibly different) element of 𝔽 to every internal wire of the circuit can be simulated by an ideal attack that applies only to the inputs and outputs. Genkin et al. (STOC 2014, Crypto 2015) introduced AMD circuits as a means for protecting MPC protocols against active attacks, and showed that every arithmetic circuit C over 𝔽 can be transformed into an equivalent AMD circuit of size O(|C|) with O(1/|𝔽|) simulation error. However, for the case of the binary field 𝔽 = 𝔽2, their constructions relied on a tamper-proof output decoder and could only realize a weaker notion of security. We obtain the first constructions of fully secure binary AMD circuits. Given a boolean circuit C and a statistical security parameter σ, we construct an equivalent binary AMD circuit C' of size |C| · polylog(|C|, σ) (ignoring lower order additive terms) with 2 −σ simulation error. That is, the effect of toggling an arbitrary subset of wires can be simulated by toggling only input and output wires. Our construction combines in a general way two types of “simple” honest-majority MPC protocols: protocols that only offer security against passive adversaries, and protocols that only offer correctness against active adversaries. As a corollary, we get a conceptually new technique for constructing active-secure two-party protocols in the OThybrid model, and reduce the open question of obtaining such protocols with constant computational overhead to a similar question in these simpler MPC models.

KW - AMD circuits

KW - Algebraic manipulation detection

KW - Secure multiparty computation

UR - http://www.scopus.com/inward/record.url?scp=84994417355&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-53641-4_14

DO - 10.1007/978-3-662-53641-4_14

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84994417355

SN - 9783662536407

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 336

EP - 366

BT - Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings

A2 - Smith, Adam

A2 - Hirt, Martin

PB - Springer Verlag

T2 - 14th International Conference on Theory of Cryptography, TCC 2016-B

Y2 - 31 October 2016 through 3 November 2016

ER -

Genkin D, Ishai Y, Weiss M. Binary AMD circuits from secure multiparty computation. In Smith A, Hirt M, editors, Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. Springer Verlag. 2016. p. 336-366. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-662-53641-4_14

Binary AMD circuits from secure multiparty computation

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this