Efficiency Comparison

Table 3.1: Protocol Efficiency Comparison

Protocol [13] [21] [15] ΠEEQ Π^PEEQ

Preprocessing Phase

Communication O(ℓ²) O(ℓ²) O(ℓ²) ⊥ O(ℓlog(ℓ))

Computation O(ℓ³) O(ℓ³) O(ℓ³) ⊥ O(ℓlog(ℓ))

Rounds O(1) 9 2 ⊥ 1

Online Phase

Communication O(ℓ) O(ℓ) O(ℓ²) O(ℓlog(ℓ)) O(ℓ) Computation O(ℓ²) O(ℓ²) O(ℓ³) O(ℓlog(ℓ)) O(ℓ)

Rounds 2 2 6 2 2

Protocol [16] [15] [21] ΠBLT Π^PBLT

Preprocessing Phase

Communication O(ℓ²) O(ℓ²) O(ℓ²/log(ℓ)) ⊥ O(ℓlog(ℓ) log(log(ℓ))) Computation O(ℓ³) O(ℓ³) O(ℓ³/log(ℓ)) ⊥ O(ℓlog(ℓ) log(log(ℓ)))

Rounds 6 2 3 ⊥ 1

Online Phase

Communication O(ℓ²) O(ℓ²) O(ℓ²/log(ℓ)) O(ℓlog(ℓ) log(log(ℓ))) O(ℓlog(ℓ)) Computation O(ℓ³) O(ℓ³) O(ℓ³/log(ℓ)) O(ℓlog(ℓ) log(log(ℓ))) O(ℓlog(ℓ))

Rounds 3 6 4 3 3

Protocol [15] [19] [17] ΠBD ΠBD^′

Overall

Communication O(ℓ²·log(ℓ)) O(c·ℓ·log^∗(c)(ℓ)) O(ℓ²) O(ℓ³) O(ℓ²log(ℓ) log(log(ℓ))) Computation O(ℓ³·log(ℓ)) O(c·ℓ²·log^∗(c)(ℓ)) O(ℓ³) O(ℓ³) O(ℓ²log(ℓ) log(log(ℓ)))

Rounds (E) 25 (E) 23 +c (E) 12 2 3

(E) Specifies that a protocol only runs in expected constant rounds.

Source: Created by author.

Our results are presented in Table 3.1. We once more emphasize that our comparisons and conclusions are taken with respect to other 2-party protocols present in the literature, with unconditional perfect security.

Our protocol Π^PEEQ is the only 2-party protocol for secure equality test with unconditional, perfect security that communication and computational complexities linear inℓ. ΠEEQ is the only protocol that has 2 rounds in the online phase, without a preprocessing phase -at the cost of increasing the comput-ation and communic-ation complexities toO(ℓlog(ℓ)). Our protocols for private comparison, ΠBLT and Π^PBLT, are the only protocols that have three rounds with communication and computational complexities equal to O(ℓlog(ℓ) log(log(ℓ))).

Finally, our protocols for bit decomposition ΠBDand Π^′BDare the only ones in the literature that have three or less rounds.

Chapter 4 Conclusions

Protocols for secure equality tests, comparison, and bit decomposition are important re-search areas within cryptographic protocols, with their relevance becoming clearer because of the crucial role they play in privacy-preserving machine learning protocols [10, 7, 11].

In this work, we have shown how to build novel protocols for all these functions, improving on the efficiency of previous published solutions, specially on the number of communi-cations of rounds betweem the two parties. In order to do this, we make use of a new cryptographic primtive called Shared Oblivious Transfer, which we believe can be of inde-pendent interest, that can be seen as an extension of the widely known Oblivious Transfer primitive.

These new results lead to other interesting questions that are not answered in this work and that could be the focus of future ones. The protocols for equality, comparison and bit-decomposition are prove secure against semi-honest adversaries, that is, adversaries that follow the described protocol. A natural question is if we can modify these protocol to make them secure against adversaries that behave arbitrarily while sacrificing minimal performance.

We saw in this work how Shared OTs can be used to improve the efficiency of protocols for multiple interesting and useful functionalities. Another natural question that this leads to is if this new cryptographic primitive can be applied to improve the efficiency of other interesting functionalities, such as set intersection of secrets and elementwise comparison.

Future efforts could be dedicated to studying other functionalities that could benefit from Shared OT.

Bibliography

[1] Donald Beaver. Commodity-based cryptography (extended abstract). InProceedings of the Twenty-Ninth Annual ACM Symposium on Theory of Computing, STOC ’97, page 446–455, New York, NY, USA, 1997. Association for Computing Machinery.

[2] Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC ’88, page 1–10, New York, NY, USA, 1988. Association for Computing Machinery.

[3] Paul Bunn and Rafail Ostrovsky. Secure two-party k-means clustering. InProceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, page 486–497, New York, NY, USA, 2007. Association for Computing Machinery.

[4] R. Canetti. Universally composable security: a new paradigm for cryptographic pro-tocols. InProceedings 42nd IEEE Symposium on Foundations of Computer Science, pages 136–145, 2001.

[5] Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings 42nd IEEE Symposium on Foundations of Computer Sci-ence, pages 136–145. IEEE, 2001.

[6] David Chaum, Claude Crépeau, and Ivan Damgard. Multiparty unconditionally secure protocols. InProceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC ’88, page 11–19, New York, NY, USA, 1988. Association for Computing Machinery.

[7] Martine de Cock, Rafael Dowsley, Anderson CA Nascimento, and Stacey C Newman.

Fast, privacy preserving linear regression over distributed datasets based on pre-distributed data. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security, pages 3–14, 2015.

[8] Ronald Cramer, Ivan Damgård, and Jesper B. Nielsen. Multiparty computation from threshold homomorphic encryption. In Birgit Pfitzmann, editor, Advances in Cryptology — EUROCRYPT 2001, pages 280–300, Berlin, Heidelberg, 2001. Springer Berlin Heidelberg.

[9] Ivan Damgård, Matthias Fitzi, Eike Kiltz, Jesper Buus Nielsen, and Tomas Toft.

Unconditionally secure constant-rounds multi-party computation for equality,

com-parison, bits and exponentiation. In Shai Halevi and Tal Rabin, editors, Theory of Cryptography, pages 285–304, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg.

[10] Martine De Cock, Rafael Dowsley, Caleb Horst, Raj Katti, Anderson CA Nascimento, Wing-Sea Poon, and Stacey Truex. Efficient and private scoring of decision trees, support vector machines and logistic regression models based on pre-computation.

IEEE Transactions on Dependable and Secure Computing, 16(2):217–230, 2017.

[11] Martine De Cock, Rafael Dowsley, Anderson CA Nascimento, Davis Railsback, Jianwei Shen, and Ariel Todoki. High performance logistic regression for privacy-preserving genome analysis. BMC Medical Genomics, 14(1):1–18, 2021.

[12] Zekeriya Erkin, Thijs Veugen, Tomas Toft, and Reginald L. Lagendijk. Generating private recommendations efficiently using homomorphic encryption and data packing.

IEEE Transactions on Information Forensics and Security, 7(3):1053–1066, June 2012.

[13] Helger Lipmaa and Tomas Toft. Secure equality and greater-than tests with sub-linear online complexity. In Fedor V. Fomin, R¯usin^,š Freivalds, Marta Kwiatkowska, and David Peleg, editors, Automata, Languages, and Programming, pages 645–656, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.

[14] Anderson C. A. Nascimento, Joern Mueller-Quade, Akira Otsuka, Goichiro Hanaoka, and Hideki Imai. Unconditionally non-interactive verifiable secret sharing secure against faulty majorities in the commodity based model. In Markus Jakobsson, Moti Yung, and Jianying Zhou, editors,Applied Cryptography and Network Security, pages 355–368, Berlin, Heidelberg, 2004. Springer Berlin Heidelberg.

[15] Takashi Nishide and Kazuo Ohta. Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In Tatsuaki Okamoto and Xi-aoyun Wang, editors, Public Key Cryptography – PKC 2007, pages 343–360, Berlin, Heidelberg, 2007. Springer Berlin Heidelberg.

[16] Tord Reistad. Multiparty comparison - an improved multiparty protocol for compar-ison of secret-shared values. pages 325–330, 01 2009.

[17] Tord Reistad and Tomas Toft. Linear, constant-rounds bit-decomposition. In Donghoon Lee and Seokhie Hong, editors, Information, Security and Cryptology – ICISC 2009, pages 245–257, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.

[18] Ronald L. Rivest. Unconditionally secure commitment and oblivious transfer schemes using private channels and a trusted initializer. Technical report, 1999.