research-article

Cryptography with constant computational overhead

Authors:
Yuval Ishai

Technion and UCLA, Haifa, Israel

Technion and UCLA, Haifa, Israel
View Profile

,
Eyal Kushilevitz

Technion, Haifa, Israel

Technion, Haifa, Israel
View Profile

,
Rafail Ostrovsky

UCLA, Los Angeles, CA, USA

UCLA, Los Angeles, CA, USA
View Profile

,
Amit Sahai

UCLA, Los Angeles, CA, USA

UCLA, Los Angeles, CA, USA
View Profile

STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computingMay 2008Pages 433–442https://doi.org/10.1145/1374376.1374438

Published:17 May 2008Publication History

STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computing

Pages 433–442

ABSTRACT

Current constructions of cryptographic primitives typically involve a large multiplicative computational overhead that grows with the desired level of security. We explore the possibility of implementing basic cryptographic primitives, such as encryption, authentication, signatures, and secure two-party computation, while incurring only a constant computational overhead compared to insecure implementations of the same tasks. Here we make the usual security requirement that the advantage of any polynomial-time attacker must be negligible in the input length.

We obtain affirmative answers to this question for most central cryptographic primitives under plausible, albeit sometimes nonstandard, intractability assumptions. We start by showing that pairwise-independent hash functions can be computed by linear-size circuits, disproving a conjecture of Mansour, Nisan, and Tiwari (STOC 1990). This construction does not rely on any unproven assumptions and is of independent interest. Our hash functions can be used to construct message authentication schemes with constant overhead from any one-way function. Under an intractability assumption that generalizes a previous assumption of Alekhnovich (FOCS 2003), we get (public and private key) encryption schemes with constant overhead. Using an exponentially strong version of the previous assumption, we get signature schemes of similar complexity. Assuming the existence of pseudorandom generators in NC z with polynomial stretch together with the existence of an (arbitrary) oblivious transfer protocol, we get similar results for the seemingly very complex task of secure two-party computation. More concretely, we get general protocols for secure two-party computation in the semi-honest model in which the two parties can be implemented by circuits whose size is a constant multiple of the size s of the circuit to be evaluated. In the malicious model, we get protocols whose communication complexity is a constant multiple of s and whose computational complexity is slightly super-linear in s. For natural relaxations of security in the malicious model that are still meaningful in practice, we can also keep the computational complexity linear in s. These results extend to the case of a constant number of parties, where an arbitrary subset of the parties can be corrupted.

Our protocols rely on non-black-box techniques, and suggest the intriguing possibility that the ultimate efficiency in this area of cryptography can be obtained via such techniques.

References

M. Alekhnovich. More on average case vs approximation complexity. In Proc. 44th FOCS, pages 298--307, 2003.]] Google ScholarDigital Library
. Alon, J. Bruck, J. Naor, M. Naor, and R. M. Roth. Construction of asymptotically good low-rate error-correcting codes through pseudo-random graphs. IEEE Transactions on Information Theory 38(2) (1992).]]Google Scholar
B. Applebaum, Y. Ishai, and E. Kushilevitz. Cryptography in NC0. SIAM J. Comput., 36(4):845--888, 2006. Earlier versionin FOCS 2004.]] Google ScholarDigital Library
B. Applebaum, Y. Ishai, and E. Kushilevitz. Computationally private randomizing polynomials and their applications. Computional Complexity, 15(2):115--162, 2006. Earlier version in CCC 2005.]] Google ScholarDigital Library
B. Applebaum, Y. Ishai, and E. Kushilevitz. On pseudorandom generators with linear stretch in mathrmNC0. In Proc. 10th Random, 2006.]] Google ScholarDigital Library
B. Applebaum, Y. Ishai, and E. Kushilevitz. Cryptography with Constant Input Locality. In Proc. of Crypto, 2007.]] Google ScholarDigital Library
Y. Aumann and Yehuda Lindell. Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries. In Proc. TCC 2007, pages 137--156.]] Google ScholarDigital Library
D. Beaver. Precomputing oblivious transfer. In CRYPTO, pages 97--109, 1995.]] Google ScholarDigital Library
D. Beaver. Correlated pseudorandomness and the complexity of private computations. In 28th STOC, pages 479--488, 1996.]] Google ScholarDigital Library
M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proc. of 20th STOC, pages 1--10, 1988.]] Google ScholarDigital Library
A. Blum, A. Kalai, and H. Wasserman. Noise-tolerant learning, the parity problem, and the statistical query model. In Proc. of 32nd STOC, pages 435--440, 2000.]] Google ScholarDigital Library
M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput., 13:850--864, 1984. Preliminary version in FOCS 82.]] Google ScholarDigital Library
. L. Bordewijk. Inter-reciprocity applied to electrical networks. Applied Scientific Research B: Electrophysics, Acoustics, Optics, Mathematical Methods, 6: 1--74, 1956.]]Google Scholar
R. Canetti. Security and composition of multipartycryptographic protocols. In J. of Cryptology, 13(1), 2000.]]Google ScholarDigital Library
R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz, and A. Sahai. Exposure-Resilient Functions and All-or-Nothing Transforms. In Proc EUROCRYPT 2000, pages 453--469.]] Google ScholarDigital Library
M. R. Capalbo, O. Reingold, S. P. Vadhan, and A. Wigderson. Randomness conductors and constant-degree lossless expanders. In Proc. STOC 2002, pages 659--668.]] Google ScholarDigital Library
L. Carter and M. N. Wegman. Universal Classes of Hash Functions. J. Comput. Syst. Sci. 18(2): 143--154 (1979).]]Google ScholarCross Ref
B. Chor, O. Goldreich, J. Haastad, J. Friedman, S. Rudich, and R. Smolensky.The Bit Extraction Problem of t-Resilient Functions (Preliminary Version) In Proc. FOCS 1985, pages 396--407.]] Google ScholarDigital Library
M. Cryan and P. B. Miltersen. On pseudorandom generators in mathrmNC0. In Proc. 26th MFCS, 2001.]] Google ScholarDigital Library
R. L. Dobrushin, S. I. Gelfand, and M. S. Pinsker. On complexity of coding. In Proc. 2nd Internat. Symp. on Information Theory, pages 174-184, 1973.]]Google Scholar
D. Dolev, C. Dwork and M. Naor. Non-malleable Cryptography. SIAM Journal of Computing, 30(2):391--437, 2000.]] Google ScholarDigital Library
S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. Communications of the ACM, 28(6):637--647, 1985.]] Google ScholarDigital Library
U. Feige, J. Killian, and M. Naor. A minimal model for secure computation (extended abstract). In Proc. of the 26th STOC, pages 554--563, 1994.]] Google ScholarDigital Library
M. J. Freedman, K. Nissim, and B. Pinkas. Efficient Private Matching and Set Intersection. In EUROCRYPT 2004, pages 1-19.]]Google Scholar
O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001.]] Google ScholarCross Ref
O. Goldreich. Foundations of Cryptography: Basic Applications. Cambridge University Press, 2004.]] Google ScholarCross Ref
O. Goldreich. Candidate one-way functions based on expander graphs. Electronic Colloquium on Computational Complexity (ECCC), 7(090), 2000.]]Google Scholar
O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. J. ACM 33(4): 792--807, 1986.]] Google ScholarDigital Library
S. Goldwasser, S. Micali, and P. Tong. Why and How to Establish a Private Code on a Public Network. In FOCS 1982, pages 134-144.]] Google ScholarDigital Library
O. Goldreich, S. Micali, and A. Wigderson.How to Prove all NP-Statements in Zero-Knowledge, and a Methodology of Cryptographic Protocol Design. In CRYPTO 1986, pages 171-185.%]] Google ScholarDigital Library
O. Goldreich and R. Vainish. How to solve any protocol problem - an efficiency improvement. In CRYPTO ’87, LNCS, volume 293, pages 73--86. Springer, 1987.]] Google ScholarDigital Library
. Guruswami and P. Indyk. Expander-Based Constructions of Efficiently Decodable Codes. In Proc. FOCS 2001, pages 658-667.]] Google ScholarDigital Library
R. Impagliazzo, L. A. Levin, and M. Luby. Pseudo-random generation from one-way functions. In Proc. STOC 1989, pages 12-24.]] Google ScholarDigital Library
Y. Ishai and E. Kushilevitz. Perfect constant-round secure computation via perfect randomizing polynomials. In Proc. 29th ICALP, pages 244--256, 2002.]] Google ScholarDigital Library
Y. Ishai, E. Kushilevitz, R. Ostrovsky, and A. Sahai. Zero-Knowledge from Secure Multiparty Computation. In Proc. STOC 2007.]] Google ScholarDigital Library
J. Kilian. Founding cryptography on oblivious transfer. In 20th STOC, pages 20--31, 1988.]] Google ScholarDigital Library
V. Lyubashevsky. The Parity Problem in the Presence of Noise, Decoding Random Linear Codes, and the Subset Sum Problem. In Proc. APPROX-RANDOM 2005, pages 378--389.]] Google ScholarDigital Library
Y. Mansour, N. Nisan, and P. Tiwari. The Computational Complexity of Universal Hashing. In Proc. STOC 1990, pages 235--243.]] Google ScholarDigital Library
E. Mossel, A. Shpilka, and L. Trevisan. On ε-biased generators in $\mathrmNC^0$. In Proc. 44th FOCS, pages 136--145, 2003.]] Google ScholarDigital Library
J. Naor and M. Naor. Small-bias probability spaces: Efficient constructions and applications. SIAM J. Comput., 22(4):838--856, 1993.%\full Preliminary version in Proc. STOC ’90.]] Google ScholarDigital Library
M. Naor and K. Nissim. Communication preserving protocols for secure function evaluation. In Proc. 33rd STOC, pages 590--599, 2001.]] Google ScholarDigital Library
Moni Naor, Moti Yung. Universal One-Way Hash Functions and their Cryptographic Applications. In Proc. STOC 1989, pages 33-43.]] Google ScholarDigital Library
M.O. Rabin. How to exchange secrets by oblivious transfer. TR-81, Harvard, 1981.]]Google Scholar
M. Sipser and D. A. Spielman. Expander Codes. In Proc. FOCS 1994, pages 566-576.]] Google ScholarDigital Library
W. D. Smith. 1. AES seems weak. 2. Linear time secure cryptography. Cryplology ePrint report 2007/248.]]Google Scholar
D. A. Spielman. Linear-time encodable and decodable error-correcting codes. STOC 1995: 388-397]] Google ScholarDigital Library
A. C. Yao. Theory and application of trapdoor functions. In Proc. 23rd FOCS, pages 80--91, 1982.]] Google ScholarCross Ref
A. C. Yao. How to generate and exchange secrets. In Proc. 27th FOCS, pages 162--167, 1986.]] Google ScholarDigital Library

Index Terms

Cryptography with constant computational overhead
1. Theory of computation
  1. Design and analysis of algorithms

Recommendations

Nonmalleable Cryptography

The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext ...
Read More
Nonmalleable Cryptography

The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so ...
Read More
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computing
May 2008
712 pages
ISBN:9781605580470
DOI:10.1145/1374376
General Chair:
Richard Ladner
University of Washington
,
Program Chair:
Cynthia Dwork
Microsoft Research, Silicon Valley
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 May 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
constant computational overhead
cryptography
universal hashing
Qualifiers
- research-article
Conference

Acceptance Rates
STOC '08 Paper Acceptance Rate80of325submissions,25%Overall Acceptance Rate1,469of4,586submissions,32%
More
Upcoming Conference
STOC '24

Sponsor:

sigact

56th Annual ACM Symposium on Theory of Computing (STOC 2024)

June 24 - 28, 2024

Vancouver , BC , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 108
  Total Citations
  View Citations
- 830
  Total Downloads
- Downloads (Last 12 months)38
- Downloads (Last 6 weeks)8
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.