## CryptoDB

### Nishanth Chandran

#### Publications

**Year**

**Venue**

**Title**

2024

TCC

Adaptive Security, Erasures, and Network Assumptions in Communication-Local MPC
Abstract

The problem of reliable/secure all-to-all communication over low-degree networks has been
essential for communication-local (CL) n-party MPC (i.e., MPC protocols where every party directly
communicates only with a few, typically polylogarithmic in n, parties) and more recently for com-
munication over ad hoc networks, which are used in blockchain protocols. However, a limited number
of adaptively secure solutions exist, and they all make relatively strong assumptions on the ability of
parties to act in some specific manner before the adversary can corrupt them. Two such assumptions
were made in the work of Chandran et al. [ITCS ’15]---parties can (a) multisend messages to several
receivers simultaneously; and (b) securely erase the message and the identities of the receivers, before the adversary gets a chance to corrupt the sender (even if a receiver is corrupted).
A natural question to ask is: Are these assumptions necessary for adaptively secure CL MPC? In this
paper, we characterize the feasibility landscape for all-to-all reliable message transmission (RMT) under these two assumptions, and use this characterization to obtain (asymptotically) tight feasibility results for CL MPC.
– First, we prove a strong impossibility result for a broad class of RMT protocols, termed here
store-and-forward protocols, which includes all known communication protocols for CL MPC from
standard cryptographic assumptions. Concretely, we show that no such protocol with a certain
expansion rate can tolerate a constant fraction of parties being corrupted.
– Next, under the assumption of only a PKI, we show that assuming secure erasures, we can obtain
an RMT protocol between all pairs of parties with polylogarithmic locality (even without assuming
multisend) for the honest majority setting. We complement this result by showing a negative result
for the setting of dishonest majority.
– Finally, and somewhat surprisingly, under stronger assumptions (i.e., trapdoor permutations
with a reverse domain sampler, and compact and malicious circuit-private FHE), we construct a
polylogarithmic-locality all-to-one RMT protocol, which is adaptively secure and tolerates any
constant fraction of corruptions, without assuming either secure erasures or multisend. This last
result uses a novel combination of adaptively secure (e.g., non-committing) encryption and (static)
FHE to bypass the impossibility of compact adaptively secure FHE by Katz et al. [PKC’13], which
we believe may be of independent interest. Intriguingly, even such assumptions do not allow reduc-
ing all-to-all RMT to all-to-one RMT (a reduction which is trivial in the non-CL setting). Still, we
can implement what we call sublinear output-set RMT (SOS-RMT for short). We show how SOS-
RMT can be used for SOS-MPC under the known bounds for feasibility of MPC in the standard
(i.e., non-CL) setting assuming, in addition to SOS-RMT, an anonymous PKI.

2022

CRYPTO

Short Leakage Resilient and Non-malleable Secret Sharing Schemes
📺
Abstract

Leakage resilient secret sharing (LRSS) allows a dealer to share a secret amongst $n$ parties such that any authorized subset of the parties can recover the secret from their shares, while an adversary that obtains shares of any unauthorized subset of parties along with bounded leakage from the other shares learns no information about the secret. Non-malleable secret sharing (NMSS) provides a guarantee that even shares that are tampered by an adversary will reconstruct to either the original message or something independent of it.
The most important parameter of LRSS and NMSS schemes is the size of each share. For LRSS, in the "local leakage model" (i.e., when the leakage functions on each share are independent of each other and bounded), Srinivasan and Vasudevan (CRYPTO 2019), gave a scheme for threshold access structures with a share size of approximately 3.((message length) + $\mu$), where $\mu$ is the number of bits of leakage tolerated from every share. For the case of NMSS, the best-known result (again due to the above work) has a share size of 11.(message length).
In this work, we build LRSS and NMSS schemes with much improved share size. Additionally, our LRSS scheme obtains optimal share and leakage size. In particular, we get the following results:
-We build an information-theoretic LRSS scheme for threshold access structures with a share size of (message length + $\mu$).
-As an application of the above result, we obtain an NMSS with a share size of 4.(message length). Further, for the special case of sharing random messages, we obtain a share size of 2.(message length).

2021

EUROCRYPT

Function Secret Sharing for Mixed-Mode and Fixed-Point Secure Computation
📺
Abstract

Recently Boyle et al. (TCC 2019) proposed a new approach for secure computation in the {\em preprocessing model} building on {\em function secret sharing} (FSS). This approach can be used to realize any circuit containing gates that admit efficient FSS schemes. In this work, we make the following three technical contributions:
{\bf Improved Key Size.} The complexity of the preprocessing phase directly depends on the FSS key size. We improve the size of FSS keys for several existing FSS constructions through two important steps. First, we present a roughly $4\times$ reduction in FSS key size for the Distributed Comparison Function (DCF), i.e. ($f_\alpha(x) = \beta$ for all $x < \alpha$ and $0$, otherwise). Second, prior FSS schemes for many important function classes are obtained via reductions to multiple instances of DCF; for example, 2 instances for interval containment and $2m$ for splines with $m$ pieces. We significantly improve these reductions for public intervals and obtain {\em optimal} FSS schemes, i.e., through a {\em single instance of DCF}, thereby reducing the key sizes by up to $6-22\times$ for commonly used functions in mixed-mode secure computation such as ReLU and sigmoid.
{\bf FSS for New Function Families.} We present the first constructions of FSS schemes for arithmetic and logical right shift, as well as for bit-decomposition, where the output bits must be secret shared in a larger ring. These functions are crucial for many applications such as fixed-point arithmetic and machine learning.
{\bf FSS for Fixed-Point Arithmetic and Barrier.} One of the important functions in the realization of secure fixed-point arithmetic is that of multiply-then-truncate. While our work shows how to obtain a construction for this function in 2 rounds using sequential calls to FSS schemes for multiply and shift, we demonstrate a barrier towards improving this via FSS beyond what we achieve. Specifically, we show that a 1-round solution would require settling a major open problem in the area of FSS: namely, building an FSS for the class of bit-conjunction functions based on only symmetric-key cryptographic assumptions.

2021

CRYPTO

Adaptive Extractors and their Application to Leakage Resilient Secret Sharing
📺
Abstract

We introduce Adaptive Extractors, which unlike traditional randomness extractors, guarantee security even when an adversary obtains leakage on the source \textit{after} observing the extractor output. We make a compelling case for the study of such extractors by demonstrating their use in obtaining adaptive leakage in secret sharing schemes.
Specifically, at FOCS 2020, Chattopadhyay, Goodman, Goyal, Kumar, Li, Meka, Zuckerman, built an adaptively secure leakage resilient secret sharing scheme (LRSS) with both rate and leakage rate being $\mathcal{O}(1/n)$, where $n$ is the number of parties. In this work, we build an adaptively secure LRSS that offers an interesting trade-off between rate, leakage rate, and the total number of shares from which an adversary can obtain leakage. As a special case, when considering $t$-out-of-$n$ secret sharing schemes for threshold $t = \alpha n$ (constant $0<\alpha<1$), we build a scheme with constant rate, constant leakage rate, and allow the adversary leakage from all but $t-1$ of the shares, while giving her the remaining $t-1$ shares completely in the clear. (Prior to this, constant rate LRSS scheme tolerating adaptive leakage was unknown for \textit{any} threshold.)
Finally, we show applications of our techniques to both non-malleable secret sharing and secure message transmission.

2019

CRYPTO

Universally Composable Secure Computation with Corrupted Tokens
📺
Abstract

We introduce the corrupted token model. This model generalizes the tamper-proof token model proposed by Katz (EUROCRYPT ’07) relaxing the trust assumption on the honest behavior of tokens. Our model is motivated by the real-world practice of outsourcing hardware production to possibly corrupted manufacturers. We capture the malicious behavior of token manufacturers by allowing the adversary to corrupt the tokens of honest players at the time of their creation.We show that under minimal complexity assumptions, i.e., the existence of one-way functions, it is possible to UC-securely realize (a variant of) the tamper-proof token functionality of Katz in the corrupted token model with n stateless tokens assuming that the adversary corrupts at most $$n-1$$ of them (for any $$n>0$$). We apply this result to existing multi-party protocols in Katz’s model to achieve UC-secure MPC in the corrupted token model assuming only the existence of one-way functions. Finally, we show how to obtain the above results using tokens of small size that take only short inputs. The technique in this result can also be used to improve the assumption of UC-secure hardware obfuscation recently proposed by Nayak et al. (NDSS ’17). While their construction requires the existence of collision-resistant hash functions, we can obtain the same result from only one-way functions. Moreover using our main result we can improve the trust assumption on the tokens as well.

2009

EUROCRYPT

#### Program Committees

- Asiacrypt 2024
- Eurocrypt 2023
- Eurocrypt 2020
- Asiacrypt 2019
- PKC 2019
- TCC 2018
- PKC 2017
- TCC 2016
- Crypto 2016
- Crypto 2015

#### Coauthors

- N. Nalla Anandakumar (1)
- Prabhanjan Ananth (1)
- Elette Boyle (1)
- Harry Buhrman (1)
- Jan Camenisch (1)
- Nishanth Chandran (16)
- Melissa Chase (2)
- Wutichai Chongchitmate (1)
- Serge Fehr (1)
- Juan A. Garay (2)
- Ran Gelles (1)
- Niv Gilboa (1)
- Vipul Goyal (4)
- Divya Gupta (1)
- Yuval Ishai (1)
- Bhavana Kanukurthi (5)
- Feng-Hao Liu (1)
- Ankit Kumar Misra (1)
- Ryan Moriarty (1)
- Ryo Nishimaki (1)
- Sai Lakshmi Bhavana Obbattu (2)
- Rafail Ostrovsky (7)
- Srinivasan Raghuraman (2)
- Mayank Rathee (1)
- Amit Sahai (1)
- Christian Schaffner (1)
- Sruthi Sekar (2)
- Victor Shoup (1)
- Vinod Vaikuntanathan (1)
- Dhinakaran Vinayagamurthy (1)
- Ivan Visconti (1)
- Keita Xagawa (1)
- Vassilis Zikas (1)