2 Round MPC via MultiKey FHE Daniel Wichs

  • Slides: 22
Download presentation
2 Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) with: Pratyay Mukherjee @

2 Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) with: Pratyay Mukherjee @ UC Berkeley

Fully Homomorphic Encryption (FHE) [RAD 78, Gentry 09, …]

Fully Homomorphic Encryption (FHE) [RAD 78, Gentry 09, …]

Multi-Key FHE …

Multi-Key FHE …

Multi-Key FHE … Additional Goal: Distributed decryption

Multi-Key FHE … Additional Goal: Distributed decryption

Background on Multi-Key FHE • Proposed by [Lopez. Alt-Tromer-Vaikunatnathan ‘ 12] • construction based

Background on Multi-Key FHE • Proposed by [Lopez. Alt-Tromer-Vaikunatnathan ‘ 12] • construction based on hard problems over ideal lattices • no distributed decryption • Construction from LWE [Clear-Mc. Goldrick ‘ 15] • complicated construction • no distributed decryption • Our Results: • simplified construction from LWE, adaptation of [GSW 13] FHE. • one round distributed decryption • application to multi-party computation

Multi-Party Computation f(x 1, …, xn) Goal: Correctness: Everyone computes f(x 1, …, xn)

Multi-Party Computation f(x 1, …, xn) Goal: Correctness: Everyone computes f(x 1, …, xn) Security: Nothing else revealed

2 -Round MPC from Multi-Key FHE • Each party i chooses pki, ski broadcasts

2 -Round MPC from Multi-Key FHE • Each party i chooses pki, ski broadcasts Encpki(xi). All parties run a multi-key FHE eval to get c* = Encpk 1, …, pkn( f(x 1, …, xn) ). • Parties run a distributed decryption to recover y = f(x 1, …, xn). • Semi-honest secure. To get malicious security add NIZK. • First 2 -round MPC (in CRS model) under LWE previously only known from i. O [GGHR 14].

Constructing Multi-Key FHE Gentry-Sahai-Waters FHE from LWE + few tricks Multi-Key FHE

Constructing Multi-Key FHE Gentry-Sahai-Waters FHE from LWE + few tricks Multi-Key FHE

Learning with Errors (LWE) [R 05] + = LWE assumption stat. far from uniform!

Learning with Errors (LWE) [R 05] + = LWE assumption stat. far from uniform!

GSW FHE : Keys

GSW FHE : Keys

GSW FHE: Encryption

GSW FHE: Encryption

GSW FHE: Encryption Security: LWE assumption Leftover Hash Lemma

GSW FHE: Encryption Security: LWE assumption Leftover Hash Lemma

The GSW FHE: Evaluation •

The GSW FHE: Evaluation •

Gadget Matrix G [Micciancio-Peikert ’ 12]

Gadget Matrix G [Micciancio-Peikert ’ 12]

The GSW FHE: Evaluation •

The GSW FHE: Evaluation •

Noise grows during homomorphic evaluation

Noise grows during homomorphic evaluation

Extending GSW to Multi-Key Setting •

Extending GSW to Multi-Key Setting •

Ciphertext Expansion A 1 = B A 2 = b 1 = s 1

Ciphertext Expansion A 1 = B A 2 = b 1 = s 1 B+e 1 • B b 2 = s 2 B+e 2

Ciphertext Expansion A 1 = B A 2 = b 1 = s 1

Ciphertext Expansion A 1 = B A 2 = b 1 = s 1 B+e 1 • B b 2 = s 2 B+e 2

Distributed Decryption • c 1 … c. N n. N

Distributed Decryption • c 1 … c. N n. N

Conclusions • Show: Multi-key FHE, 2 -round MPC from LWE Open questions: • Remove

Conclusions • Show: Multi-key FHE, 2 -round MPC from LWE Open questions: • Remove public parameters in Multi-Key FHE remove CRS in semi-honest 2 -round MPC • Improve efficiency (reduce expansion) • Non-compact multi-key FHE from other assumptions such as DDH? Good enough for 2 -round MPC.

Thank you

Thank you

Homomorphic Commitments Signatures Daniel Wichs Northeastern University basedHomomorphic Commitments Signatures Daniel Wichs Northeastern University based
Outsourcing Private RAM Computation Daniel Wichs Northeastern UniversityOutsourcing Private RAM Computation Daniel Wichs Northeastern University
Signatures Homomorphic Daniel Wichs Northeastern University based onSignatures Homomorphic Daniel Wichs Northeastern University based on
TAMPER DETECTION AND NONMALLEABLE CODES Daniel Wichs NortheasternTAMPER DETECTION AND NONMALLEABLE CODES Daniel Wichs Northeastern
MPC in Statoil Stig Strand specialist MPC StatoilMPC in Statoil Stig Strand specialist MPC Statoil
MPC in Statoil 2 MPC in Statoil InhouseMPC in Statoil 2 MPC in Statoil Inhouse
NGC 4254 16 8 Mpc 16 8 MpcNGC 4254 16 8 Mpc 16 8 Mpc
Multipliers Fiscal Policy MPC MPS Multiplier Analysis MPCMultipliers Fiscal Policy MPC MPS Multiplier Analysis MPC
MPC 555 Queued Serial Module 1 MPC 555MPC 555 Queued Serial Module 1 MPC 555
Matrices DOFA MEFE MPC MEFI FABIAN DANIEL ROJASMatrices DOFA MEFE MPC MEFI FABIAN DANIEL ROJAS
October 2015 FHEMMAPs Summer School Paris PRACTICAL FHEOctober 2015 FHEMMAPs Summer School Paris PRACTICAL FHE
October 2015 FHEMMAPs Summer School Paris PRACTICAL FHEOctober 2015 FHEMMAPs Summer School Paris PRACTICAL FHE
WICKED PROBLEMS CLUMSY INSTITUTIONS AND BRICOLAGE IN FHEWICKED PROBLEMS CLUMSY INSTITUTIONS AND BRICOLAGE IN FHE
WICKED PROBLEMS CLUMSY INSTITUTIONS AND BRICOLAGE IN FHEWICKED PROBLEMS CLUMSY INSTITUTIONS AND BRICOLAGE IN FHE
Gorce Amandine Kervarec Elodie Perrier LiseMarine FHE FivreGorce Amandine Kervarec Elodie Perrier LiseMarine FHE Fivre
October 2015 FHEMMAPs Summer School Paris PRACTICAL FHEOctober 2015 FHEMMAPs Summer School Paris PRACTICAL FHE
Homomorphic Encryption Part II Bootstrapping FHE and MoreHomomorphic Encryption Part II Bootstrapping FHE and More
1The only piece of fhe has in his1The only piece of fhe has in his
Campus Sustainability Programme Developing an FHE Climate ChangeCampus Sustainability Programme Developing an FHE Climate Change
Climate Change Legislation Impact on FHE Stephen BoyleClimate Change Legislation Impact on FHE Stephen Boyle
Daniel Chapter 1 Daniel Introduction Why Daniel PersonalDaniel Chapter 1 Daniel Introduction Why Daniel Personal
Doha Development Round Doha Development Round The DohaDoha Development Round Doha Development Round The Doha
Rounding Round 4 7 4 Objective To roundRounding Round 4 7 4 Objective To round
Round 1 Ultimate Question Round 2 Winston ChurchillRound 1 Ultimate Question Round 2 Winston Churchill
The while loop round and round we goThe while loop round and round we go
Round 1 Round 2 Final Jeopardy Geography NativeRound 1 Round 2 Final Jeopardy Geography Native
The while loop round and round we goThe while loop round and round we go
December Round the World Its December round theDecember Round the World Its December round the
Round every corner round every corner repeated xRound every corner round every corner repeated x
Round One Lincolns Round Two Grants Ultimate QuestionRound One Lincolns Round Two Grants Ultimate Question
NERVOUS SYSTEM JEOPARDY Round 1 Round 2 SourcesNERVOUS SYSTEM JEOPARDY Round 1 Round 2 Sources
Sample Round 1 Round 2 Not Available forSample Round 1 Round 2 Not Available for
Round 1 Ultimate Question Round 2 Lincolns GrantsRound 1 Ultimate Question Round 2 Lincolns Grants
con Jos Manuel Ochoa PRIMER ROUND SEGUNDO ROUNDcon Jos Manuel Ochoa PRIMER ROUND SEGUNDO ROUND
Round and Round Using 360 Feedback for ImprovedRound and Round Using 360 Feedback for Improved
Sparring Combinations 1 2 3 4 Round RoundSparring Combinations 1 2 3 4 Round Round
The while loop round and round we goThe while loop round and round we go
Trivia Review Round 1 The Renaissance Round 1Trivia Review Round 1 The Renaissance Round 1
The while loop round and round we goThe while loop round and round we go
Round One Carnegie Round Two Rockefeller Ultimate QuestionRound One Carnegie Round Two Rockefeller Ultimate Question