Efficient protocols for oblivious linear function evaluation from ring-LWE1

An oblivious linear function evaluation protocol, or OLE, is a two-party protocol for the function f ( x ) = a x + b, where a sender inputs the field elements a, b, and a receiver inputs x and learns f ( x ). OLE can be used to build secret-shared multiplication, and is an essential component of many secure computation applications including general-purpose multi-party computation, private set intersection and more. In this work, we present several efficient OLE protocols from the ring learning with errors (RLWE) assumption. Technically, we build two new passively secure protocols, which build upon recent advances in homomorphic secret sharing from (R)LWE (Boyle et al. in: EUROCRYPT 2019, Part II (2019) 3–33 Springer), with optimizations tailored to the setting of OLE. We upgrade these to active security using efficient amortized zero-knowledge techniques for lattice relations (Baum et al. in: CRYPTO 2018, Part II (2018) 669–699 Springer), and design new variants of zero-knowledge arguments that are necessary for some of our constructions. Our protocols offer several advantages over existing constructions. Firstly, they have the lowest communication complexity amongst previous, practical protocols from RLWE and other assumptions; secondly, they are conceptually very simple, and have just one round of interaction for the case of OLE where b is randomly chosen. We demonstrate this with an implementation of one of our passively secure protocols, which can perform more than 1 million OLEs per second over the ring Z m , for a 120-bit modulus m, on standard hardware.

Download Full-text

Multiparty Homomorphic Encryption from Ring-Learning-with-Errors

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2021-0071 ◽

2021 ◽

Vol 2021 (4) ◽

pp. 291-311

Author(s):

Christian Mouchet ◽

Juan Troncoso-Pastoriza ◽

Jean-Philippe Bossuat ◽

Jean-Pierre Hubaux

Keyword(s):

Private Information ◽

Communication Complexity ◽

Homomorphic Encryption ◽

Secure Computation ◽

Evaluation Procedure ◽

Input Selection ◽

Set Intersection ◽

Broad Variety ◽

Learning With Errors ◽

Number Of Parties

Abstract We propose and evaluate a secure-multiparty-computation (MPC) solution in the semi-honest model with dishonest majority that is based on multiparty homomorphic encryption (MHE). To support our solution, we introduce a multiparty version of the Brakerski-Fan-Vercauteren homomorphic cryptosystem and implement it in an open-source library. MHE-based MPC solutions have several advantages: Their transcript is public, their o~ine phase is compact, and their circuit-evaluation procedure is noninteractive. By exploiting these properties, the communication complexity of MPC tasks is reduced from quadratic to linear in the number of parties, thus enabling secure computation among potentially thousands of parties and in a broad variety of computing paradigms, from the traditional peer-to-peer setting to cloud-outsourcing and smart-contract technologies. MHE-based approaches can also outperform the state-of-the-art solutions, even for a small number of parties. We demonstrate this for three circuits: private input selection with application to private-information retrieval, component-wise vector multiplication with application to private-set intersection, and Beaver multiplication triples generation. For the first circuit, privately selecting one input among eight thousand parties’ (of 32 KB each) requires only 1.31 MB of communication per party and completes in 61.7 seconds. For the second circuit with eight parties, our approach is 8.6 times faster and requires 39.3 times less communication than the current methods. For the third circuit and ten parties, our approach generates 20 times more triples per second while requiring 136 times less communication per-triple than an approach based on oblivious transfer. We implemented our scheme in the Lattigo library and open-sourced the code at github.com/ldsec/lattigo.

Download Full-text

Multiquadratic Rings and Walsh-Hadamard Transforms for Oblivious Linear Function Evaluation

2020 IEEE International Workshop on Information Forensics and Security (WIFS) ◽

10.1109/wifs49906.2020.9360891 ◽

2020 ◽

Author(s):

Alberto Pedrouzo-Ulloa ◽

Juan Ramon Troncoso-Pastoriza ◽

Nicolas Gama ◽

Mariya Georgieva ◽

Fernando Perez-Gonzalez

Keyword(s):

Linear Function ◽

Function Evaluation ◽

Hadamard Transforms

Download Full-text

Noninteractive Zero Knowledge for NP from (Plain) Learning with Errors

Advances in Cryptology – CRYPTO 2019 - Lecture Notes in Computer Science ◽

10.1007/978-3-030-26948-7_4 ◽

2019 ◽

pp. 89-114 ◽

Cited By ~ 35

Author(s):

Chris Peikert ◽

Sina Shiehian

Keyword(s):

Zero Knowledge ◽

Learning With Errors

Download Full-text

Efficient Fully Secure Computation via Distributed Zero-Knowledge Proofs

Advances in Cryptology – ASIACRYPT 2020 - Lecture Notes in Computer Science ◽

10.1007/978-3-030-64840-4_9 ◽

2020 ◽

pp. 244-276

Author(s):

Elette Boyle ◽

Niv Gilboa ◽

Yuval Ishai ◽

Ariel Nof

Keyword(s):

Secure Computation ◽

Zero Knowledge

Download Full-text

Communication complexity of functions related to set intersection

2016 Information Theory and Applications Workshop (ITA) ◽

10.1109/ita.2016.7888182 ◽

2016 ◽

Author(s):

Ulrich Tamm

Keyword(s):

Communication Complexity ◽

Set Intersection

Download Full-text

Efficient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings

Computer Security -- ESORICS 2015 - Lecture Notes in Computer Science ◽

10.1007/978-3-319-24174-6_16 ◽

2015 ◽

pp. 305-325 ◽

Cited By ~ 26

Author(s):

Fabrice Benhamouda ◽

Stephan Krenn ◽

Vadim Lyubashevsky ◽

Krzysztof Pietrzak

Keyword(s):

Zero Knowledge ◽

Learning With Errors

Download Full-text

SIFO: Secure Computational Infrastructure Using FPGA Overlays

International Journal of Reconfigurable Computing ◽

10.1155/2019/1439763 ◽

2019 ◽

Vol 2019 ◽

pp. 1-18 ◽

Cited By ~ 2

Author(s):

Xin Fang ◽

Stratis Ioannidis ◽

Miriam Leeser

Keyword(s):

Code Generation ◽

Heterogeneous Computing ◽

Computational Cost ◽

Personal Data ◽

Secure Computation ◽

Coarse Grained ◽

Function Evaluation ◽

Fpga Design ◽

Computing Platform ◽

Garbled Circuits

Secure Function Evaluation (SFE) has received recent attention due to the massive collection and mining of personal data, but remains impractical due to its large computational cost. Garbled Circuits (GC) is a protocol for implementing SFE which can evaluate any function that can be expressed as a Boolean circuit and obtain the result while keeping each party’s input private. Recent advances have led to a surge of garbled circuit implementations in software for a variety of different tasks. However, these implementations are inefficient, and therefore GC is not widely used, especially for large problems. This research investigates, implements, and evaluates secure computation generation using a heterogeneous computing platform featuring FPGAs. We have designed and implemented SIFO: secure computational infrastructure using FPGA overlays. Unlike traditional FPGA design, a coarse-grained overlay architecture is adopted which supports mapping SFE problems that are too large to map to a single FPGA. Host tools provided include SFE problem generator, parser, and automatic host code generation. Our design allows repurposing an FPGA to evaluate different SFE tasks without the need for reprogramming and fully explores the parallelism for any GC problem. Our system demonstrates an order of magnitude speedup compared with an existing software platform.

Download Full-text

Zero-Knowledge Proofs for Finite Field Arithmetic or: Can Zero-Knowledge be for Free?

BRICS Report Series ◽

10.7146/brics.v4i27.18953 ◽

1997 ◽

Vol 4 (27) ◽

Author(s):

Ronald Cramer ◽

Ivan B. Damgård

Keyword(s):

Finite Field ◽

Prime Order ◽

Error Probability ◽

Communication Complexity ◽

Boolean Circuit ◽

Interactive Proof ◽

Zero Knowledge ◽

Order Group ◽

Prime Fields ◽

Interactive Proof System

We present zero-knowledge proofs and arguments for arithmetic circuits over finite prime fields, namely given a circuit, show in zero-knowledge that inputs can be selected leading to a given output. For a field GF(q), where q is an n-bit prime, a circuit of size O(n), and error probability 2^−n, our protocols require communication of O(n^2) bits. This is the same worst-cast complexity as the trivial (non zero-knowledge) interactive proof where the prover just reveals the input values. If the circuit involves n multiplications, the best previously known methods would in general require communication of Omega(n^3 log n) bits. Variations of the technique behind these protocols lead to other interesting applications. We first look at the Boolean Circuit Satisfiability problem and give zero-knowledge proofs and arguments for a circuit of size n and error probability 2^−n in which there is an interactive preprocessing phase requiring communication of O(n^2) bits. In this phase, the statement to be proved later need not be known. Later the prover can non-interactively prove any circuit he wants, i.e. by sending only one message, of size O(n) bits. As a second application, we show that Shamirs (Shens) interactive proof system for the (IP-complete) QBF problem can be transformed to a zero-knowledge proof system with the same asymptotic communication complexity and number of rounds. The security of our protocols can be based on any one-way group homomorphism with a particular set of properties. We give examples of special assumptions sufficient for this, including: the RSA assumption, hardness of discrete log in a prime order group, and polynomial security of Die-Hellman encryption. We note that the constants involved in our asymptotic complexities are small enough for our protocols to be practical with realistic choices of parameters.

Download Full-text