International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Round Complexity of Fully Secure Solitary MPC with Honest Majority

Authors:
Divya Ravi , Aarhus University
Saikrishna Badrinarayanan , LinkedIn
Peihan Miao , Brown University
Pratyay Mukherjee , Supra Research
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: TCC 2023
Abstract: We study the problem of secure multiparty computation for functionalities where only one party receives the output, to which we refer as solitary MPC. Recently, Halevi et al. (TCC 2019) studied fully secure (i.e., with guaranteed output delivery) solitary MPC and showed impossibility of such protocols for certain functionalities when there is no honest majority among the parties. In this work, we study the round complexity of fully secure solitary MPC in the honest majority setting and with computational security. We note that a broadcast channel or public key infrastructure (PKI) setup is necessary for an n-party protocol against malicious adversaries corrupting up to t parties where n/3 ≤ t < n/2. Therefore, we study the following settings and ask the question: Can fully secure solitary MPC be achieved in fewer rounds than fully secure standard MPC in which all parties receive the output? • When there is a broadcast channel and no PKI: – We start with a negative answer to the above question. In particular, we show that the exact round complexity of fully secure solitary MPC is 3, which is the same as fully secure standard MPC. – We then study the minimal number of broadcast rounds needed to design round optimal fully secure solitary MPC. We show that both the first and second rounds of broadcast are necessary when 2n/5t<n/2, whereas pairwise-private channels suffice in the last round. Notably, this result also applies to fully secure standard MPC in which all parties receive the output. • When there is a PKI and no broadcast channel, nevertheless, we show more positive results: – We show an upper bound of 5 rounds for any honest majority. This is superior to the super-constant lower bound for fully secure standard MPC in the exact same setting. – We complement this by showing a lower bound of 4 rounds when 3n/7t<n/2. – For the special case of t = 1, n = 3, when the output receiving party does not have an input to the function, we show an upper bound of 2 rounds, which is optimal. When the output receiving party has an input to the function, we show a lower bound of 3, which matches an upper bound from prior work. – For the special case of t = 2, n = 5, we show a lower bound of 3 rounds (an upper bound of 4 follows from prior work). All our results also assume the existence of a common reference string (CRS) and pairwise private channels. Our upper bounds use a decentralized threshold fully homomorphic encryption (dTFHE) scheme (which can be built from the learning with errors (LWE) assumption) as the main building block.
BibTeX
@inproceedings{tcc-2023-33488,
  title={On the Round Complexity of Fully Secure Solitary MPC with Honest Majority},
  publisher={Springer-Verlag},
  author={Divya Ravi and Saikrishna Badrinarayanan and Peihan Miao and Pratyay Mukherjee},
  year=2023
}