International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Communication-Efficient Multi-Party Computation for RMS Programs

Authors:
Thomas Attema , TNO, Applied Cryptography and Quantum Algorithms, CWI, Cryptology Group
Aron van Baarsen , CWI, Cryptology Group, Leiden University, Mathematical Institute
Stefan van den Berg , TNO, Applied Cryptography and Quantum Algorithms
Pedro Capitão , CWI, Cryptology Group, Leiden University, Mathematical Institute
Vincent Dunning , TNO, Applied Cryptography and Quantum Algorithms
Lisa Kohl , CWI, Cryptology Group
Download:
DOI: 10.62056/ab0lmp-3y
URL: https://cic.iacr.org//p/1/2/10
Search ePrint
Search Google
Abstract:

Despite much progress, general-purpose secure multi-party computation (MPC) with active security may still be prohibitively expensive in settings with large input datasets. This particularly applies to the secure evaluation of graph algorithms, where each party holds a subset of a large graph. Recently, Araki et al. (ACM CCS '21) showed that dedicated solutions may provide significantly better efficiency if the input graph is sparse. In particular, they provide an efficient protocol for the secure evaluation of “message passing” algorithms, such as the PageRank algorithm. Their protocol's computation and communication complexity are both $\tilde{O}(M\cdot B)$ instead of the $O(M^2)$ complexity achieved by general-purpose MPC protocols, where $M$ denotes the number of nodes and $B$ the (average) number of incoming edges per node. On the downside, their approach achieves only a relatively weak security notion; $1$-out-of-$3$ malicious security with selective abort.

In this work, we show that PageRank can instead be captured efficiently as a restricted multiplication straight-line (RMS) program, and present a new actively secure MPC protocol tailored to handle RMS programs. In particular, we show that the local knowledge of the participants can be leveraged towards the first maliciously-secure protocol with communication complexity linear in $M$, independently of the sparsity of the graph. We present two variants of our protocol. In our communication-optimized protocol, going from semi-honest to malicious security only introduces a small communication overhead, but results in quadratic computation complexity $O(M^2)$. In our balanced protocol, we still achieve a linear communication complexity $O(M)$, although with worse constants, but a significantly better computational complexity scaling with $O(M\cdot B)$. Additionally, our protocols achieve security with identifiable abort and can tolerate up to $n-1$ corruptions.

BibTeX
@article{cic-2024-34403,
  title={Communication-Efficient Multi-Party Computation for RMS Programs},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 2},
  url={https://cic.iacr.org//p/1/2/10},
  doi={10.62056/ab0lmp-3y},
  author={Thomas Attema and Aron van Baarsen and Stefan van den Berg and Pedro Capitão and Vincent Dunning and Lisa Kohl},
  year=2024
}