research-article

MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer

Authors:
Marcel Keller

University of Bristol, Bristol, United Kingdom

University of Bristol, Bristol, United Kingdom
View Profile

,
Emmanuela Orsini

University of Bristol, Bristol, United Kingdom

University of Bristol, Bristol, United Kingdom
View Profile

,
Peter Scholl

University of Bristol, Bristol, United Kingdom

University of Bristol, Bristol, United Kingdom
View Profile

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityOctober 2016Pages 830–842https://doi.org/10.1145/2976749.2978357

Published:24 October 2016Publication History

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 830–842

ABSTRACT

We consider the task of secure multi-party computation of arithmetic circuits over a finite field. Unlike Boolean circuits, arithmetic circuits allow natural computations on integers to be expressed easily and efficiently. In the strongest setting of malicious security with a dishonest majority --- where any number of parties may deviate arbitrarily from the protocol --- most existing protocols require expensive public-key cryptography for each multiplication in the preprocessing stage of the protocol, which leads to a high total cost. We present a new protocol that overcomes this limitation by using oblivious transfer to perform secure multiplications in general finite fields with reduced communication and computation. Our protocol is based on an arithmetic view of oblivious transfer, with careful consistency checks and other techniques to obtain malicious security at a cost of less than 6 times that of semi-honest security. We describe a highly optimized implementation together with experimental results for up to five parties. By making extensive use of parallelism and SSE instructions, we improve upon previous runtimes for MPC over arithmetic circuits by more than 200 times.

References

The Sharemind project. http://sharemind.cs.ut.ee, 2007.Google Scholar
Asharov, G., Lindell, Y., Schneider, T., and Zohner, M. More efficient oblivious transfer and extensions for faster secure computation. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), ACM, pp. 535--548. Google ScholarDigital Library
Baum, C., Damgård, I., Toft, T., and Zakarias, R. Better preprocessing for secure multiparty computation. IACR Cryptology ePrint Archive (2016).Google Scholar
Beaver, D. Efficient multiparty protocols using circuit randomization. Advances in Cryptology - CRYPTO 1991 (1992). Google ScholarDigital Library
Beaver, D. Correlated pseudorandomness and the complexity of private computations. In Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing (1996), G. L. Miller, Ed., ACM, pp. 479--488. Google ScholarDigital Library
Bendlin, R., Damgård, I., Orlandi, C., and Zakarias, S. Semi-homomorphic encryption and multiparty computation. In Advances in Cryptology - EUROCRYPT 2011 (2011), pp. 169--188. Google ScholarCross Ref
Black, J., Rogaway, P., Shrimpton, T., and Stam, M. An analysis of the blockcipher-based hash functions from PGV. J. Cryptology 23, 4 (2010), 519--545. Google ScholarDigital Library
Bogdanov, D., J\ oemets, M., Siim, S., and Vaht, M. How the Estonian tax and customs board evaluated a tax fraud detection system based on secure multi-party computation. In Financial Cryptography and Data Security - 19th International Conference, FC 2015, Revised Selected Papers (2015), pp. 227--234.Google Scholar
Bogdanov, D., Kamm, L., Kubo, B., Rebane, R., Sokk, V., and Talviste, R. Students and taxes: a privacy-preserving social study using secure computation. IACR Cryptology ePrint Archive (2015).Google Scholar
Burra, S. S., Larraia, E., Nielsen, J. B., Nordholt, P. S., Orlandi, C., Orsini, E., Scholl, P., and Smart, N. P. High performance multi-party computation for binary circuits based on oblivious transfer. Cryptology ePrint Archive, Report 2015/472, 2015. http://eprint.iacr.org/.Google Scholar
Canetti, R. Universally composable security: A new paradigm for cryptographic protocols. In 42nd Annual Symposium on Foundations of Computer Science, FOCS (2001), pp. 136--145. Google ScholarDigital Library
Chou, T., and Orlandi, C. The simplest protocol for oblivious transfer. In Progress in Cryptology - LATINCRYPT 2015 - 4th International Conference on Cryptology and Information Security in Latin America (2015), pp. 40--58. Google ScholarDigital Library
Damgård, I., Damgård, K., Nielsen, K., Nordholt, P. S., and Toft, T. Confidential benchmarking based on multiparty computation. In Financial Cryptography (2016).Google Scholar
Damgård, I., Keller, M., Larraia, E., Miles, C., and Smart, N. P. Implementing AES via an actively/covertly secure dishonest-majority MPC protocol. In SCN (2012), I. Visconti and R. D. Prisco, Eds., vol. 7485 of Lecture Notes in Computer Science, Springer, pp. 241--263. Google ScholarDigital Library
Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., and Smart, N. P. Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits. In ESORICS (2013), J. Crampton, S. Jajodia, and K. Mayes, Eds., vol. 8134 of Lecture Notes in Computer Science, Springer, pp. 1--18.Google ScholarCross Ref
Damgård, I., and Orlandi, C. Multiparty computation for dishonest majority: From passive to active security at low cost. In Advances in Cryptology - CRYPTO (2010), pp. 558--576. Google ScholarDigital Library
Damgård, I., Pastro, V., Smart, N. P., and Zakarias, S. Multiparty computation from somewhat homomorphic encryption. In Advances in Cryptology -- CRYPTO 2012 (2012), R. Safavi-Naini and R. Canetti, Eds., vol. 7417 of Lecture Notes in Computer Science, Springer, pp. 643--662. Google ScholarDigital Library
Demmler, D., Schneider, T., and Zohner, M. ABY - A framework for efficient mixed-protocol secure two-party computation. In 22nd Annual Network and Distributed System Security Symposium, NDSS (2015), The Internet Society.Google ScholarCross Ref
Frederiksen, T. K., Keller, M., Orsini, E., and Scholl, P. A unified approach to MPC with preprocessing using OT. In Advances in Cryptology -- ASIACRYPT 2015, Part I (2015), T. Iwata and J. H. Cheon, Eds., vol. 9452 of Lecture Notes in Computer Science, Springer, pp. 711--735.Google ScholarDigital Library
Gilboa, N. Two party RSA key generation. In Advances in Cryptology - CRYPTO (1999), pp. 116--129. Google ScholarDigital Library
Goldreich, O., Micali, S., and Wigderson, A. How to play any mental game or A completeness theorem for protocols with honest majority. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing (1987), pp. 218--229. Google ScholarDigital Library
Intel. Intel intrinsics guide. https://software.intel.com/sites/landingpage/IntrinsicsGuide, 2016. Online; accessed February 2016.Google Scholar
Ishai, Y., Kilian, J., Nissim, K., and Petrank, E. Extending oblivious transfers efficiently. In Advances in Cryptology - CRYPTO (2003), pp. 145--161.Google ScholarCross Ref
Ishai, Y., Prabhakaran, M., and Sahai, A. Secure arithmetic computation with no honest majority. In ReingoldciteDBLP:conf/tcc/2009, pp. 294--314. Google ScholarDigital Library
Kamm, L., and Willemson, J. Secure floating point arithmetic and private satellite collision analysis. International Journal of Information Security 14, 6 (2015), 531--548. Google ScholarDigital Library
Keller, M., Orsini, E., and Scholl, P. Actively secure OT extension with optimal overhead. In Advances in Cryptology - CRYPTO 2015, Part I (2015), pp. 724--741.Google Scholar
Keller, M., Orsini, E., and Scholl, P. MASCOT: Faster malicious arithmetic secure computation with oblivious transfer. Cryptology ePrint Archive, Report 2016/505, 2016. http://eprint.iacr.org/2014/505.Google Scholar
Keller, M., Scholl, P., and Smart, N. P. An architecture for practical actively secure MPC with dishonest majority. In ACM Conference on Computer and Communications Security (2013), pp. 549--560. Google ScholarDigital Library
Kreuter, B., Shelat, A., and Shen, C. Billion-gate secure computation with malicious adversaries. In Proceedings of the 21st USENIX conference on Security symposium (2012), USENIX Association, pp. 14--14. Google ScholarDigital Library
Larraia, E., Orsini, E., and Smart, N. P. Dishonest majority multi-party computation for binary circuits. In Advances in Cryptology - CRYPTO 2014, Part II (2014), pp. 495--512.Google Scholar
Lindell, Y., and Riva, B. Blazing fast 2pc in the offline/online setting with security for malicious adversaries. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015), pp. 579--590. Google ScholarDigital Library
Matyas, S. M., Meyer, C. H., and Oseas, J. Generating strong one-way functions with cryptographic algorithm. IBM Technical Disclosure Bulletin 27, 10A (1985), 5658--5659.Google Scholar
mischasan. What is sse !@# good for? transposing a bit matrix. https://mischasan.wordpress.com/2011/07/24/what-is-sse-good-for-transposing-a-bit-matrix, 2011. Online; accessed February 2016.Google Scholar
Nielsen, J. B., Nordholt, P. S., Orlandi, C., and Burra, S. S. A new approach to practical active-secure two-party computation. In Advances in Cryptology--CRYPTO 2012. Springer, 2012, pp. 681--700. Google ScholarDigital Library
Nielsen, J. B., and Orlandi, C. LEGO for two-party secure computation. In ReingoldciteDBLP:conf/tcc/2009, pp. 368--386. Google ScholarDigital Library
Peikert, C., Vaikuntanathan, V., and Waters, B. A framework for efficient and composable oblivious transfer. In Advances in Cryptology - CRYPTO (2008), pp. 554--571. Google ScholarDigital Library
Pinkas, B., Schneider, T., Segev, G., and Zohner, M. Phasing: Private set intersection using permutation-based hashing. In 24th USENIX Security Symposium, USENIX Security 15 (2015), pp. 515--530. Google ScholarDigital Library
Pinkas, B., Schneider, T., and Zohner, M. Faster private set intersection based on OT extension. In Proceedings of the 23rd USENIX Security Symposium (2014), pp. 797--812. Google ScholarDigital Library
Reingold, O., Ed. Theory of Cryptography, 6th Theory of Cryptography Conference, TCC (2009), vol. 5444 of Lecture Notes in Computer Science, Springer. Google ScholarDigital Library
The MPIR team. Multiple precision integers and rationals. https://www.mpir.org, 2016. Online; accessed February 2016.Google Scholar
Yao, A. C. How to generate and exchange secrets (extended abstract). In 27th Annual Symposium on Foundations of Computer Science (1986). Google ScholarDigital Library

Index Terms

MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer
1. Security and privacy
  1. Cryptography
    1. Information-theoretic techniques

Recommendations

Formalising oblivious transfer in the semi-honest and malicious model in CryptHOL
CPP 2020: Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs

Multi-Party Computation (MPC) allows multiple parties to compute a function together while keeping their inputs private. Large scale implementations of MPC protocols are becoming practical thus it is important to have strong guarantees for the whole ...
Read More
Efficient Multi-Party Private Set Intersection Against Malicious Adversaries
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

Private set intersection (PSI) enables parties to compute the intersection of their inputs without leaking any additional information. Recently, there have been significant advances in the two-party settings with malicious security, making two-party PSI ...
Read More
Two-round Multiparty Secure Computation from Minimal Assumptions
We provide new two-round multiparty secure computation (MPC) protocols in the dishonest majority setting assuming the minimal assumption that two-round oblivious transfer (OT) exists. If the assumed two-round OT protocol is secure against semi-honest ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
multi-party computation
oblivious transfer
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '16 Paper Acceptance Rate137of831submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 235
  Total Citations
  View Citations
- 1,152
  Total Downloads
- Downloads (Last 12 months)155
- Downloads (Last 6 weeks)20
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Formalising oblivious transfer in the semi-honest and malicious model in CryptHOL

Efficient Multi-Party Private Set Intersection Against Malicious Adversaries

Two-round Multiparty Secure Computation from Minimal Assumptions