On the power of secure two-party computation

Carmit Hazay, Muthuramakrishnan Venkitasubramaniam

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

19 Scopus citations

Abstract

Ishai, Kushilevitz, Ostrovsky and Sahai (STOC 2007, SIAM JoC 2009) introduced the powerful “MPC-in-the-head” technique that provided a general transformation of information-theoretic MPC protocols secure against passive adversaries to a ZK proof in a “blackbox” way. In this work, we extend this technique and provide a generic transformation of any semi-honest secure two-party computation (2PC) protocol (with mild adaptive security guarantees) in the so called oblivious-transfer hybrid model to an adaptive ZK proof for any NPlanguage, in a “black-box” way assuming only one-way functions. Our basic construction based on Goldreich-Micali-Wigderson’s 2PC protocol yields an adaptive ZK proof with communication complexity proportional to quadratic in the size of the circuit implementing the NP relation. Previously such proofs relied on an expensive Karp reduction of the NP language to Graph Hamiltonicity (Lindell and Zarosim (TCC 2009, Journal of Cryptology 2011)). We also improve our basic construction to obtain the first linear-rate adaptive ZK proofs by relying on efficient maliciously secure 2PC protocols. Core to this construction is a new way of transforming 2PC protocols to efficient (adaptively secure) instance-dependent commitment schemes. As our second contribution, we provide a general transformation to construct a randomized encoding of a function f from any 2PC protocol that securely computes a related functionality (in a black-box way). We show that if the 2PC protocol has mild adaptive security guarantees then the resulting randomized encoding (RE) can be decomposed to an offline/online encoding. As an application of our techniques, we show how to improve the construction of Lapidot and Shamir (Crypto 1990) to obtain a four-round ZK proof with an “input-delayed” property. Namely, the honest prover’s algorithm does not require the actual statement to be proved until the last round. We further generalize this to obtain a four-round “commit and prove” zero-knowledge with the same property where the prover commits to a witness w in the second message and proves a statement x regarding the witness w that is determined only in the fourth round.

Original languageEnglish
Title of host publicationAdvances in Cryptology - 36th Annual International Cryptology Conference, CRYPTO 2016, Proceedings
EditorsMatthew Robshaw, Jonathan Katz
PublisherSpringer Verlag
Pages397-429
Number of pages33
ISBN (Print)9783662530078
DOIs
StatePublished - 2016
Event36th Annual International Cryptology Conference, CRYPTO 2016 - Santa Barbara, United States
Duration: 14 Aug 201618 Aug 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9815
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference36th Annual International Cryptology Conference, CRYPTO 2016
Country/TerritoryUnited States
CitySanta Barbara
Period14/08/1618/08/16

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2016.

Funding

M. Venkitasubramaniam—Research supported by Google Faculty Research Grant and NSF Award CNS-1526377. C. Hazay—Research was partially supported by the European Research Council under the ERC consolidators grant agreement n. 615172 (HIPS), and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office.

FundersFunder number
National Science FoundationCNS-1526377
Google
European Commission615172

    Keywords

    • Adaptive zero-knowledge proofs
    • Instance-dependent commitments
    • Interactive hashing
    • Randomized encoding
    • Secure two-party computation

    Fingerprint

    Dive into the research topics of 'On the power of secure two-party computation'. Together they form a unique fingerprint.

    Cite this