TY - GEN
T1 - Tight Bounds on the Randomness Complexity of Secure Multiparty Computation
AU - Goyal, Vipul
AU - Ishai, Yuval
AU - Song, Yifan
N1 - Publisher Copyright: © 2022, International Association for Cryptologic Research.
PY - 2022
Y1 - 2022
N2 - We revisit the question of minimizing the randomness complexity of protocols for secure multiparty computation (MPC) in the setting of perfect information-theoretic security. Kushilevitz and Mansour (SIAM J. Discret. Math., 1997) studied the case of n-party semi-honest MPC for the XOR function with security threshold t< n, showing that O(t2log (n/ t) ) random bits are sufficient and Ω(t) random bits are necessary. Their positive result was obtained via a non-explicit protocol, whose existence was proved using the probabilistic method. We essentially close the question by proving an Ω(t2) lower bound on the randomness complexity of XOR, matching the previous upper bound up to a logarithmic factor (or constant factor when t= Ω(n) ). We also obtain an explicit protocol that uses O(t2· log2n) random bits, matching our lower bound up to a polylogarithmic factor. We extend these results from XOR to general symmetric Boolean functions and to addition over a finite Abelian group, showing how to amortize the randomness complexity over multiple additions. Finally, combining our techniques with recent randomness-efficient constructions of private circuits, we obtain an explicit protocol for evaluating a general circuit C using only O(t2· log | C| ) random bits, by employing additional “helper parties” who do not contribute any inputs. This upper bound too matches our lower bound up to a logarithmic factor.
AB - We revisit the question of minimizing the randomness complexity of protocols for secure multiparty computation (MPC) in the setting of perfect information-theoretic security. Kushilevitz and Mansour (SIAM J. Discret. Math., 1997) studied the case of n-party semi-honest MPC for the XOR function with security threshold t< n, showing that O(t2log (n/ t) ) random bits are sufficient and Ω(t) random bits are necessary. Their positive result was obtained via a non-explicit protocol, whose existence was proved using the probabilistic method. We essentially close the question by proving an Ω(t2) lower bound on the randomness complexity of XOR, matching the previous upper bound up to a logarithmic factor (or constant factor when t= Ω(n) ). We also obtain an explicit protocol that uses O(t2· log2n) random bits, matching our lower bound up to a polylogarithmic factor. We extend these results from XOR to general symmetric Boolean functions and to addition over a finite Abelian group, showing how to amortize the randomness complexity over multiple additions. Finally, combining our techniques with recent randomness-efficient constructions of private circuits, we obtain an explicit protocol for evaluating a general circuit C using only O(t2· log | C| ) random bits, by employing additional “helper parties” who do not contribute any inputs. This upper bound too matches our lower bound up to a logarithmic factor.
UR - http://www.scopus.com/inward/record.url?scp=85141707626&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-15985-5_17
DO - 10.1007/978-3-031-15985-5_17
M3 - منشور من مؤتمر
SN - 9783031159848
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 483
EP - 513
BT - Advances in Cryptology – CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Proceedings
A2 - Dodis, Yevgeniy
A2 - Shrimpton, Thomas
PB - Springer Science and Business Media Deutschland GmbH
T2 - 42nd Annual International Cryptology Conference, CRYPTO 2022
Y2 - 15 August 2022 through 18 August 2022
ER -