A New Approach to Practical Active-Secure Two-Party Computation (1202.3052v1)

Abstract: We propose a new approach to practical two-party computation secure against an active adversary. All prior practical protocols were based on Yao's garbled circuits. We use an OT-based approach and get efficiency via OT extension in the random oracle model. To get a practical protocol we introduce a number of novel techniques for relating the outputs and inputs of OTs in a larger construction. We also report on an implementation of this approach, that shows that our protocol is more efficient than any previous one: For big enough circuits, we can evaluate more than 20000 Boolean gates per second. As an example, evaluating one oblivious AES encryption (~34000 gates) takes 64 seconds, but when repeating the task 27 times it only takes less than 3 seconds per instance.

• The paper introduces a novel OT extension that converts a small number of seed OTs into numerous instances using symmetric cryptography.
• The paper achieves active security by integrating innovative safeguards against malicious adversaries with minimal efficiency loss.
• The paper demonstrates significant performance gains, processing over 20,000 Boolean gates per second compared to traditional Yao-based methods.

Overview of Active-Secure Two-Party Computation

The paper presents a practical approach to active-secure two-party computation (2PC), shifting from the traditional use of Yao's garbled circuits to an oblivious transfer (OT)-based methodology. This transition is motivated by the computational efficiency potentially offered by OT extensions in the random oracle model.

Key Contributions

The authors propose several novel techniques and report a new implementation, maintaining high efficiency and security standards:

1. Efficient OT Extension: The protocol transforms a reduced number of public-key-based seed OTs into a large number of OT instances using only symmetric cryptographic operations, dramatically improving computational efficiency.
2. Active Security: Novel modifications address potential vulnerabilities from malicious adversaries, achieving comparable complexity to previously established protocols but with enhanced practical viability.
3. Implementation Success: The demonstrated capability to process over 20,000 Boolean gates per second exceeds previous Yao-based implementations under similar conditions.
4. New Techniques: By relating inputs and outputs of OTs through information-theoretic tags, the authors introduce a new variant of committed OTs using only symmetric keys, facilitating an efficient protocol for secure computation.

Experimental Results

The implementation shows substantial performance advantages. For large circuits, the protocol evaluates more than 20,000 Boolean gates per second, handling the evaluation of an AES encryption in about 64 seconds for a single instance, and only 3 seconds per instance when repeated 27 times.

Comparison with Yao-based Techniques

The outlined approach offers significant improvements in processing time and efficiency when compared to established Yao-based methods, particularly for large-scale computations. Notably, the protocol maintains active security with only a minor efficiency trade-off against passive-secure alternatives.

Implications and Future Directions

The work outlines a promising direction for the practical adoption of OT-based secure computation, suggesting a pivot towards OT extension methods due to their improved computational performance and robustness against active adversaries. The results could influence future protocols that require scalable secure computation solutions in privacy-preserving applications.

Given the strong performance and modest computational overhead, integrating such protocols into privacy-preserving computation frameworks could significantly impact areas such as secure multi-party computation (SMPC), cryptographic protocols, and the broader domain of secure data processing.

Final Remarks

The paper effectively sets the stage for further research into the OT-based approach, emphasizing the importance of balancing theoretical security with computational practicality. This opens numerous avenues for both theoretical exploration and practical exploitation in secure computation fields.