Atomic Secure Multi-party Multiplication with Low Communication
| Autor: | Ivan Damgård, Robbert de Haan, Ronald Cramer |
|---|---|
| Přispěvatelé: | Naor, Moni, Cryptology |
| Jazyk: | angličtina |
| Rok vydání: | 2007 |
| Předmět: |
Homomorphic secret sharing
Theoretical computer science Proactive secret sharing Computer science business.industry Cryptography Secret sharing Shamir's Secret Sharing Finite field Secure two-party computation Secure multi-party computation Multiplication Commitment scheme Verifiable secret sharing business |
| Zdroj: | Damgård, I B, Cramer, R & de Haan, R 2007, Atomic Secure Multi-party Multiplication with Low Communication . in M Naor (ed.), Advances in Cryptology-EUROCRYPT 2007 : 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007. Proceedings . Springer, Lecture Notes in Computer Science, vol. 4515, pp. 329-346, Barcelona, Spain, 20/05/2007 . https://doi.org/10.1007/978-3-540-72540-4_19 Advances in Cryptology-EUROCRYPT 2007 ISBN: 9783540725398 EUROCRYPT |
| DOI: | 10.1007/978-3-540-72540-4_19 |
| Popis: | We consider the standard secure multi-party multiplication protocol due to M. Rabin. This protocol is based on Shamir's secret sharing scheme and it can be viewed as a practical variation on one of the central techniques in the foundational results of Ben-Or, Goldwasser, and Wigderson and Chaum, Crepeau, and Damgaard on secure multi-party computation. Rabin's idea is a key ingredient to virtually all practical protocols in threshold cryptography. Given a passive t-adversary in the secure channels model with synchronous communication, for example, secure multiplication of two secret-shared elements from a finite field Kbased on this idea uses one communication round and has the network exchange O(n2) field elements, if t= ?(n) and t< n/2 and if nis the number of players. This is because each of O(n) players must perform Shamir secret sharing as part of the protocol. This paper demonstrates that under a few restrictions much more efficient protocols are possible; even at the level of a single multiplication. We demonstrate a twist on Rabin's idea that enables one-round secure multiplication with just O(n)bandwidthin certain settings, thus reducing it from quadratic to linear. The ideas involved can additionally be employed in the evaluation of arithmetic circuits, where under appropriate circumstances similar efficiency gains can be obtained. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|