TY - JOUR

T1 - Graph coloring applied to secure computation in non-Abelian groups

AU - Desmedt, Yvo

AU - Pieprzyk, Josef

AU - Steinfeld, Ron

AU - Sun, Xiaoming

AU - Tartary, Christophe

AU - Wang, Huaxiong

AU - Yao, Andrew Chi Chih

PY - 2012/10

Y1 - 2012/10

N2 - We study the natural problem of secure n-party computation (in the computationally unbounded attack model) of circuits over an arbitrary finite non-Abelian group (G, ·), which we call G-circuits. Besides its intrinsic interest, this problem is also motivating by a completeness result of Barrington, stating that such protocols can be applied for general secure computation of arbitrary functions. For flexibility, we are interested in protocols which only require black-box access to the group G (i.e. the only computations performed by players in the protocol are a group operation, a group inverse, or sampling a uniformly random group element). Our investigations focus on the passive adversarial model, where up to t of the n participating parties are corrupted. Our results are as follows. We initiate a novel approach for the construction of black-box protocols for G-circuits based on k-of-k threshold secret-sharing schemes, which are efficiently implementable over any black-box (non-Abelian) group G. We reduce the problem of constructing such protocols to a combinatorial coloring problem in planar graphs. We then give three constructions for such colorings. Our first approach leads to a protocol with optimal resilience t < n/2, but it requires exponential communication complexity O((t/2t+1)2 ·Ng) group elements and round complexity O((t/2t+1)2 ·Ng), for a G-circuit of size Ng. Nonetheless, using this coloring recursively, we obtain another protocol to t-privately compute G-circuits with communication complexity Poly(n)-Ng for any t ∈ O(n1-∈) where ∈ is any positive constant. For our third protocol, there is a probability δ (which can be made arbitrarily small) for the coloring to be flawed in term of security, in contrast to the first two techniques, where the colorings are always secure (we call this protocol probabilistic, and those earlier protocols deterministic). This third protocol achieves optimal resilience t < n/2. It has communication complexity O(n5.056 (n +logδ-1) 2 · Ng) and the number of rounds is O(n 2.528· (n +logδ-1) · Ng).

AB - We study the natural problem of secure n-party computation (in the computationally unbounded attack model) of circuits over an arbitrary finite non-Abelian group (G, ·), which we call G-circuits. Besides its intrinsic interest, this problem is also motivating by a completeness result of Barrington, stating that such protocols can be applied for general secure computation of arbitrary functions. For flexibility, we are interested in protocols which only require black-box access to the group G (i.e. the only computations performed by players in the protocol are a group operation, a group inverse, or sampling a uniformly random group element). Our investigations focus on the passive adversarial model, where up to t of the n participating parties are corrupted. Our results are as follows. We initiate a novel approach for the construction of black-box protocols for G-circuits based on k-of-k threshold secret-sharing schemes, which are efficiently implementable over any black-box (non-Abelian) group G. We reduce the problem of constructing such protocols to a combinatorial coloring problem in planar graphs. We then give three constructions for such colorings. Our first approach leads to a protocol with optimal resilience t < n/2, but it requires exponential communication complexity O((t/2t+1)2 ·Ng) group elements and round complexity O((t/2t+1)2 ·Ng), for a G-circuit of size Ng. Nonetheless, using this coloring recursively, we obtain another protocol to t-privately compute G-circuits with communication complexity Poly(n)-Ng for any t ∈ O(n1-∈) where ∈ is any positive constant. For our third protocol, there is a probability δ (which can be made arbitrarily small) for the coloring to be flawed in term of security, in contrast to the first two techniques, where the colorings are always secure (we call this protocol probabilistic, and those earlier protocols deterministic). This third protocol achieves optimal resilience t < n/2. It has communication complexity O(n5.056 (n +logδ-1) 2 · Ng) and the number of rounds is O(n 2.528· (n +logδ-1) · Ng).

UR - http://www.scopus.com/inward/record.url?scp=84869499495&partnerID=8YFLogxK

U2 - 10.1007/s00145-011-9104-3

DO - 10.1007/s00145-011-9104-3

M3 - Article

AN - SCOPUS:84869499495

VL - 25

SP - 557

EP - 600

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 4

ER -