Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Additive Randomized Encodings and Their Applications

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14081))

Included in the following conference series:

Abstract

Addition of n inputs is often the easiest nontrivial function to compute securely. Motivated by several open questions, we ask what can be computed securely given only an oracle that computes the sum. Namely, what functions can be computed in a model where parties can only encode their input locally, then sum up the encodings over some Abelian group \({\mathbb G}\), and decode the result to get the function output.

An additive randomized encoding (ARE) of a function \(f(x_1,\ldots ,x_n)\) maps every input \(x_i\) independently into a randomized encoding \(\hat{x}_i\), such that \(\sum _{i=1}^n\) \(\hat{x}_i\) reveals \(f(x_1,\ldots ,x_n)\) and nothing else about the inputs. In a robust ARE, the sum of any subset of the \(\hat{x}_i\) only reveals the residual function obtained by restricting the corresponding inputs.

We obtain positive and negative results on ARE. In particular:

  • Information-theoretic ARE. We fully characterize the 2-party functions \(f:X_1\times X_2\rightarrow \{0,1\}\) admitting a perfectly secure ARE. For \(n\ge 3\) parties, we show a useful “capped sum” function that separates statistical security from perfect security.

  • Computational ARE. We present a general feasibility result, showing that all functions can be computed in this model, under a standard hardness assumption in bilinear groups. We also describe a heuristic lattice-based construction.

  • Robust ARE. We present a similar feasibility result for robust computational ARE based on ideal obfuscation along with standard cryptographic assumptions.

We then describe several applications of ARE and the above results.

  • Under a standard cryptographic assumption, our computational ARE schemes imply the feasibility of general non-interactive secure computation in the shuffle model, where messages from different parties are shuffled. This implies a general utility-preserving compiler from differential privacy in the central model to computational differential privacy in the (non-robust) shuffle model.

  • The existence of information-theoretic robust ARE implies “best-possible” information-theoretic MPC protocols (Halevi et al., TCC 2018) and degree-2 multiparty randomized encodings (Applebaum et al., TCC 2018). This yields new positive results for specific functions in the former model, as well as a simple unifying barrier for obtaining negative results in both models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A combination of resettable MPC and ideal obfuscation was informally proposed in [26] in the related context of non-interactive MPC (see Sect. 1.3). It was recently used in [9] in a very different context: constructing a counterexample to a dream version of Yao’s XOR lemma.

  2. 2.

    In the following we will not refer to robustness, though all of our ARE constructions in the information-theoretic setting are in fact robust.

  3. 3.

    In the context of information-theoretic AREs it is often convenient to replace the notation \(\text{ Enc }(\textsf{pp}, i, x_i)\) by \(\text{ Enc}_i(x_i)\).

  4. 4.

    The notation \({\widehat{f}}\) is a standard notation for the Fourier representation of f and is used only in Sect. 4.2 of this paper. It is unrelated to the notation of encoding (e.g., \(\hat{x}_i\) denotes the encoding of \(x_i\)) that we use in other parts of the paper, and is standard in the randomized-encoding literature.

  5. 5.

    Actually, convolution can be defined not just for functions that correspond to distributions and also the theorem applies to the more general case, but in this paper we will only be interested in the restricted case of distributions.

  6. 6.

    Since this definition is used for proving negative results, weakening the definition only makes the results stronger.

  7. 7.

    In fact, the proof rules out even the case with \(D_1=\{0,1\},D_2=\{0,1,2\}\).

  8. 8.

    For standard internal-output MPRE, this can be improved to \(t\le 2n/3\).

  9. 9.

    The lemma from [3] applies to degree-2 polynomials. Here we replace each monomial by a 2-local function.

References

  1. Agarwal, N., Anand, S., Prabhakaran, M.: Uncovering algebraic structures in the MPC landscape. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part II. LNCS, vol. 11477, pp. 381–406. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_14

    Chapter  MATH  Google Scholar 

  2. Applebaum, B.: Garbled circuits as randomized encodings of functions: a primer. In: Tutorials on the Foundations of Cryptography. ISC, pp. 1–44. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57048-8_1

    Chapter  Google Scholar 

  3. Applebaum, B., Brakerski, Z., Garg, S., Ishai, Y., Srinivasan, A.: Separating two-round secure computation from oblivious transfer. In: Vidick, T. (ed.) 11th Innovations in Theoretical Computer Science Conference, ITCS 2020(January), pp. 12–14 (2020). Seattle, Washington, USA. LIPIcs, vol. 151, pp. 71:1–71:18. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2020). https://doi.org/10.4230/LIPIcs.ITCS.2020.71, https://eprint.iacr.org/2020/116.pdf

  4. Applebaum, B., Brakerski, Z., Tsabary, R.: Perfect secure computation in two rounds. SIAM J. Comput. 50(1), 68–97 (2021). https://doi.org/10.1137/19M1272044

  5. Applebaum, B., Haramaty, N., Ishai, Y., Kushilevitz, E., Vaikuntanathan, V.: Low-complexity cryptographic hash functions. In: Papadimitriou, C.H. (ed.) 8th Innovations in Theoretical Computer Science Conference, ITCS 2017, 9–11 January 2017, Berkeley, CA, USA. LIPIcs, vol. 67, pp. 7:1–7:31. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2017). https://doi.org/10.4230/LIPIcs.ITCS.2017.7, https://doi.org/10.4230/LIPIcs.ITCS.2017.7

  6. Applebaum, B., Ishai, Y., Karni, O., Patra, A.: Quadratic multiparty randomized encodings beyond honest majority and their applications. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology - CRYPTO 2022–42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, 15–18 August 2022, Proceedings, Part IV. LNCS, vol. 13510, pp. 453–482. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15985-5_16

  7. Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC\({}^{\text{0}}\). SIAM J. Comput. 36(4), 845–888 (2006). https://doi.org/10.1137/S0097539705446950

  8. Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. SIAM J. Comput. 43(2), 905–929 (2014). https://doi.org/10.1137/120875193

  9. Badrinarayanan, S., Ishai, Y., Khurana, D., Sahai, A., Wichs, D.: Refuting the dream XOR lemma via ideal obfuscation and resettable MPC. In: ITC 2022, LIPIcs, vol. 230, pp. 10:1–10:21 (2022)

    Google Scholar 

  10. Balle, B., Bell, J., Gascón, A., Nissim, K.: Private summation in the multi-message shuffle model. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) CCS 2020: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, 9–13 November 2020, pp. 657–676. ACM (2020). https://doi.org/10.1145/3372297.3417242

  11. Barak, B., Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O., Sahai, A.: Obfuscation for evasive functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 26–51. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_2

    Chapter  Google Scholar 

  12. Barak, B., et al.: On the (IM)possibility of obfuscating programs. J. ACM 59(2), 6:1–6:48 (2012). https://doi.org/10.1145/2160158.2160159

  13. Beimel, A., Gabizon, A., Ishai, Y., Kushilevitz, E., Meldgaard, S., Paskin-Cherniavsky, A.: Non-interactive secure multiparty computation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 387–404. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_22

    Chapter  Google Scholar 

  14. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10 (1988)

    Google Scholar 

  15. Bonawitz, K.A., et al.: Practical secure aggregation for privacy-preserving machine learning. In: Thuraisingham, B., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30–November 03, 2017. pp. 1175–1191. ACM (2017). https://doi.org/10.1145/3133956.3133982

  16. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003). https://doi.org/10.1137/S0097539701398521

    Article  MathSciNet  MATH  Google Scholar 

  17. Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: ACM STOC (1988)

    Google Scholar 

  18. Cheu, A., Smith, A., Ullman, J., Zeber, D., Zhilyaev, M.: Distributed differential privacy via shuffling. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 375–403. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_13

    Chapter  Google Scholar 

  19. Corrigan-Gibbs, H., Boneh, D.: Prio: private, robust, and scalable computation of aggregate statistics. In: Akella, A., Howell, J. (eds.) 14th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2017, Boston, MA, USA, 27–29 March 2017, pp. 259–282. USENIX Association (2017). https://www.usenix.org/conference/nsdi17/technical-sessions/presentation/corrigan-gibbs

  20. Erlingsson, Ú., et al.: Encode, shuffle, analyze privacy revisited: Formalizations and empirical evaluation. CoRR abs/2001.03618 (2020). https://arxiv.org/abs/2001.03618

  21. Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation (extended abstract). In: Leighton, F.T., Goodrich, M.T. (eds.) Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, 23–25 May 1994, Montréal, Québec, Canada, pp. 554–563. ACM (1994). https://doi.org/10.1145/195058.195408

  22. Ghazi, B., Manurangsi, P., Pagh, R., Velingker, A.: Private aggregation from fewer anonymous messages. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 798–827. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_27

    Chapter  Google Scholar 

  23. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pp. 307–328. ACM (2019)

    Google Scholar 

  24. Goyal, V., Maji, H.K.: Stateless cryptographic protocols. In: Ostrovsky, R. (ed.) IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011. pp. 678–687. IEEE Computer Society (2011). https://doi.org/10.1109/FOCS.2011.74

  25. Goyal, V., Sahai, A.: Resettably secure computation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 54–71. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_3

    Chapter  Google Scholar 

  26. Halevi, S., Ishai, Y., Jain, A., Komargodski, I., Sahai, A., Yogev, E.: Non-interactive multiparty computation without correlated randomness. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part III. LNCS, vol. 10626, pp. 181–211. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_7

    Chapter  Google Scholar 

  27. Halevi, S., Ishai, Y., Kushilevitz, E., Rabin, T.: Best possible information-theoretic MPC. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 255–281. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_10

    Chapter  Google Scholar 

  28. Halevi, S., Ishai, Y., Kushilevitz, E., Rabin, T.: Additive randomized encodings and their applications. IACR Cryptology ePrint Archive (2023). https://eprint.iacr.org/

  29. Ishai, Y.: Randomization techniques for secure computation. In: Prabhakaran, M., Sahai, A. (eds.) Secure Multi-Party Computation, Cryptology and Information Security Series, vol. 10, pp. 222–248. IOS Press (2013). https://doi.org/10.3233/978-1-61499-169-4-222

  30. Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, 12–14 November 2000, Redondo Beach, California, USA, pp. 294–304. IEEE Computer Society (2000). https://doi.org/10.1109/SFCS.2000.892118

  31. Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Eidenbenz, S., Triguero, F., Morales, R., Conejo, R., Hennessy, M. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45465-9_22

    Chapter  Google Scholar 

  32. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography from anonymity. In: 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2006), pp. 239–248. IEEE Computer Society (2006). https://doi.org/10.1109/FOCS.2006.25

  33. Jain, A., Lin, H., Luo, J., Wichs, D.: The pseudorandom oracle model and ideal obfuscation. IACR Cryptol. ePrint Arch, p. 1204 (2022). https://eprint.iacr.org/2022/1204

  34. O’Donnell, R.: Analysis of Boolean Functions. Cambridge University Press, Cambridge (2014). https://arxiv.org/abs/2105.10386

  35. Yao, A.C.C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167 (1986)

    Google Scholar 

Download references

Acknowledgements

We thank Jonathan Ullman for helpful discussions on differential privacy in the shuffle model and the anonymous reviewers for their comments. Y. Ishai and E. Kushilevitz were supported by ISF grant 2774/20 and BSF grant 2018393. Y. Ishai was additionally supported by ERC Project NTSC (742754).

Author information

Authors and Affiliations

  1. Algorand, New York, USA

    Shai Halevi

  2. Technion - Israel Institute of Technology, Haifa, Israel

    Yuval Ishai & Eyal Kushilevitz

  3. University of Pennsylvania, Philadelphia, USA

    Tal Rabin

Authors
  1. Shai Halevi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuval Ishai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eyal Kushilevitz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tal Rabin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuval Ishai .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Halevi, S., Ishai, Y., Kushilevitz, E., Rabin, T. (2023). Additive Randomized Encodings and Their Applications. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14081. Springer, Cham. https://doi.org/10.1007/978-3-031-38557-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38557-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38556-8

  • Online ISBN: 978-3-031-38557-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation