On the Round Complexity of Covert Computation Vipul Goyal Abhishek Jain UCLA UCLA
Covert Computation Strengthening of the notion of secure computation, introduced by Ahn-Hopper-Langford’05 Talk about privacy of not just input but also whether a party participated in the protocol or not Covert computation has similar relation to secure computation as stenographic communication has to encrypted communication
Example: Secret Handshake Two (secret) hackers on the internet I suspect he is a member of the hacker group as well. Secure 2pc?
Example: Secret Handshake he is a hacker!! Lets run 2pc to see if we are both hackers
Secret Handshake contd.. If only there was a better protocol
Ideally Completely agree, helps me get good grades in college Internet is such a great resource, I learn so much We are both hackers !!
Covert Computation Parties talk as usual and hide protocol messages in the normal “innocent looking” conversation In the end, if: everyone participated output favorable (certificates matched) output and participation revealed to everyone Else, nobody knows who participated (parties just see normal messages)
More technically The protocol messages “hidden” in the innocent conversation need to look random (otherwise participation revealed) [vAHL05] Thus: design an MPC protocol w/ messages indistinguishable from random (except when everyone participating and function output favorable, final messages will not look random) Various standard tools like ZK break down
Covert Computation Ahn-Hopper-Langford’05: two party Chandran-Goyal-Ostrovsky-Sahai’07: multi-party assuming a broadcast channel Polynomial number of rounds (in s.p., depth of circuit) This work: focus on round complexity, feasibility for point to point channels
Covert MPC w/ point to point channels Point to point channel: communication using, e.g., individual emails (as opposed to a mailing list) Standard techniques for MPC w/ point to point channels inherently break down Internet is such a great resource, I learn so much he said the same thing!! Internet is such a great resource, I learn so much
Our Results We first consider the round complexity of covert computation: w/ black-box simulation: constant round covert two-party computation impossible non black-box simulation: constant round covert multi-party computation. Techniques: two slot simulation technique [Pass’04, Barak’01] crypto in NC0 [Applebaum-Ishai-Kushilevitz’04] We observe that our constant round MPC protocol inherits bounded concurrency from Pass’04 use this to show feasibility for covert MPC w/ point to point channels for a constant number of parties
Covert MPC w/ Point to Point Channels Recall: we need protocol to run w/o more than 2 parties agreeing on a message (x1, x2) x1 x3 x2
High level idea contd.. D C B A (x5, …, x8) (x1, …, x4) S 2-bounded 4-bounded