<p>We present the first actively secure, practical protocol to generate the distributed secret keys needed in the SPDZ offline protocol. As an added bonus, our protocol results in the resulting distribution of the public and secret keys are such that the associated SHE ‘noise’ analysis is the same as if the distributed keys were generated by a trusted setup. We implemented the presented protocol for distributed BGV key generation within the <Emphasis FontCategory="NonProportional">SCALE-MAMBA</Emphasis>&#xa0; framework. Our method makes use of a new method for creating doubly (or even more) authenticated bits in different MPC engines, which has applications in other areas of MPC-based secure computation. We were able to generate keys for two parties and a plaintext size of 64 bits in around 5&#xa0;min and a little more than 18&#xa0;min for a 128-bit prime.</p><p>This version contains differences from the original version due to an attack on the method in the original version discovered by Victor Treinsoutrot. In this revised version, we describe a fix (due to Carsten Baum) which would result in a roughly twofold performance loss in our protocol. This revised version does not update the running times of the protocol precisely, but estimates the expected running time from extrapolating micro-benchmarks. The new expected run times are roughly two times slower than those in the previous version.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Correction to: Actively Secure Setup for SPDZ

  • Dragos Rotaru,
  • Nigel P. Smart,
  • Titouan Tanguy,
  • Frederik Vercauteren,
  • Tim Wood

摘要

We present the first actively secure, practical protocol to generate the distributed secret keys needed in the SPDZ offline protocol. As an added bonus, our protocol results in the resulting distribution of the public and secret keys are such that the associated SHE ‘noise’ analysis is the same as if the distributed keys were generated by a trusted setup. We implemented the presented protocol for distributed BGV key generation within the SCALE-MAMBA  framework. Our method makes use of a new method for creating doubly (or even more) authenticated bits in different MPC engines, which has applications in other areas of MPC-based secure computation. We were able to generate keys for two parties and a plaintext size of 64 bits in around 5 min and a little more than 18 min for a 128-bit prime.

This version contains differences from the original version due to an attack on the method in the original version discovered by Victor Treinsoutrot. In this revised version, we describe a fix (due to Carsten Baum) which would result in a roughly twofold performance loss in our protocol. This revised version does not update the running times of the protocol precisely, but estimates the expected running time from extrapolating micro-benchmarks. The new expected run times are roughly two times slower than those in the previous version.