2 Round MPC via MultiKey FHE Daniel Wichs
![Fully Homomorphic Encryption (FHE) [RAD 78, Gentry 09, …]](https://slidetodoc.com/presentation_image_h/3761cc8791277453b12088aa194e9d5f/image-2.jpg "Fully Homomorphic Encryption (FHE) [RAD 78, Gentry 09, …]")
![Background on Multi-Key FHE • Proposed by [Lopez. Alt-Tromer-Vaikunatnathan ‘ 12] • construction based](https://slidetodoc.com/presentation_image_h/3761cc8791277453b12088aa194e9d5f/image-5.jpg "Background on Multi-Key FHE • Proposed by [Lopez. Alt-Tromer-Vaikunatnathan ‘ 12] • construction based")
![Learning with Errors (LWE) [R 05] + = LWE assumption stat. far from uniform!](https://slidetodoc.com/presentation_image_h/3761cc8791277453b12088aa194e9d5f/image-9.jpg "Learning with Errors (LWE) [R 05] + = LWE assumption stat. far from uniform!")
![Gadget Matrix G [Micciancio-Peikert ’ 12]](https://slidetodoc.com/presentation_image_h/3761cc8791277453b12088aa194e9d5f/image-14.jpg "Gadget Matrix G [Micciancio-Peikert ’ 12]")
- Slides: 22
2 Round MPC via Multi-Key FHE Daniel Wichs (Northeastern University) with: Pratyay Mukherjee @ UC Berkeley
Fully Homomorphic Encryption (FHE) [RAD 78, Gentry 09, …]
Multi-Key FHE …
Multi-Key FHE … Additional Goal: Distributed decryption
Background on Multi-Key FHE • Proposed by [Lopez. Alt-Tromer-Vaikunatnathan ‘ 12] • construction based on hard problems over ideal lattices • no distributed decryption • Construction from LWE [Clear-Mc. Goldrick ‘ 15] • complicated construction • no distributed decryption • Our Results: • simplified construction from LWE, adaptation of [GSW 13] FHE. • one round distributed decryption • application to multi-party computation
Multi-Party Computation f(x 1, …, xn) Goal: Correctness: Everyone computes f(x 1, …, xn) Security: Nothing else revealed
2 -Round MPC from Multi-Key FHE • Each party i chooses pki, ski broadcasts Encpki(xi). All parties run a multi-key FHE eval to get c* = Encpk 1, …, pkn( f(x 1, …, xn) ). • Parties run a distributed decryption to recover y = f(x 1, …, xn). • Semi-honest secure. To get malicious security add NIZK. • First 2 -round MPC (in CRS model) under LWE previously only known from i. O [GGHR 14].
Constructing Multi-Key FHE Gentry-Sahai-Waters FHE from LWE + few tricks Multi-Key FHE
Learning with Errors (LWE) [R 05] + = LWE assumption stat. far from uniform!
GSW FHE : Keys
GSW FHE: Encryption
GSW FHE: Encryption Security: LWE assumption Leftover Hash Lemma
The GSW FHE: Evaluation •
Gadget Matrix G [Micciancio-Peikert ’ 12]
The GSW FHE: Evaluation •
Noise grows during homomorphic evaluation
Extending GSW to Multi-Key Setting •
Ciphertext Expansion A 1 = B A 2 = b 1 = s 1 B+e 1 • B b 2 = s 2 B+e 2
Ciphertext Expansion A 1 = B A 2 = b 1 = s 1 B+e 1 • B b 2 = s 2 B+e 2
Distributed Decryption • c 1 … c. N n. N
Conclusions • Show: Multi-key FHE, 2 -round MPC from LWE Open questions: • Remove public parameters in Multi-Key FHE remove CRS in semi-honest 2 -round MPC • Improve efficiency (reduce expansion) • Non-compact multi-key FHE from other assumptions such as DDH? Good enough for 2 -round MPC.
Thank you
Two round multiparty computation via multi-key fhe
Daniel wichs
Daniel wichs
Lesion primera y segunda motoneurona
Via crucis via lucis
Via erudita e via popular
La via negativa
Que significa vialucis
Pickle in the tannenbaum
Gemini mpc
Mpc multiplier calculator
Mpc bratislava
Meertalige professionele communicatie studeren
Mpc library database
Mefi ejemplo
Maurine church coburn
Freescale mpc
Mpc in economics formula
Mpc trnava
Tax multiplier
Offset free mpc
Mpc
Demethanizer column
