cispa_all_2937.pdf (543.06 kB)

# Laconic Conditional Disclosure of Secrets and Applications

conference contribution

posted on 2023-11-29, 18:11 authored by Nico DöttlingNico Döttling, Sanjam Garg, Vipul Goyal, Giulio MalavoltaIn a Conditional Disclosure of Secrets (CDS)
a verifier V wants to reveal a message m to a prover P
conditioned on the fact that x is an accepting instance
of some NP-language L. An honest prover (holding the
corresponding witness w) always obtains the message
m at the end of the interaction. On the other hand,
if x ∈ L / we require that no PPT P∗ can learn the
message m. We introduce laconic CDS, a two round CDS
protocol with optimal computational cost for the verifier
V and optimal communication cost. More specifically, the
verifier’s computation and overall communication grows
with poly(|x|, λ, log(T)), where λ is the security parameter
and T is the verification time for checking that x ∈ L
(given w). We obtain constructions of laconic CDS under
standard assumptions, such as CDH or LWE.
Laconic CDS serves as a powerful tool for maliciousifying semi-honest protocols while preserving their computational and communication complexities. To substantiate
this claim, we consider the setting of non-interactive
secure computation: Alice wants to publish a short digest
corresponding to a private large input x on her web page
such that (possibly many) Bob, with a private input y,
can send a short message to Alice allowing her to learn
C(x, y) (where C is a public circuit). The protocol must be
reusable in the sense that Bob can engage in arbitrarily
many executions on the same digest. In this context we
obtain the following new implications.
1) UC Secure Bob-optimized 2PC: We obtain a UC
secure protocol where Bob’s computational cost and
the communication cost of the protocol grows with
poly(|x|, |y|, λ, d), where d is the depth of the
computed circuit C.
2) Malicious Laconic Function Evaluation: Next, we
move on to the setting where Alice’s input x is
large. For this case, UC secure protocols must have
communication cost growing with |x|. Thus, with
the goal of achieving better efficiency, we consider a
weaker notion of malicious security. For this setting,
we obtain a protocol for which Bob’s computational
cost and the communication cost of the protocol
grows with poly(|y|, λ, d), where d is the depth of
the computed circuit C.

## History

## Preferred Citation

Nico Döttling, Sanjam Garg, Vipul Goyal and Giulio Malavolta. Laconic Conditional Disclosure of Secrets and Applications. In: IEEE Symposium on Foundations of Computer Science (FOCS). 2019.## Primary Research Area

- Algorithmic Foundations and Cryptography

## Name of Conference

IEEE Symposium on Foundations of Computer Science (FOCS)## Legacy Posted Date

2019-06-25## Open Access Type

- Unknown

## BibTeX

@inproceedings{cispa_all_2937, title = "Laconic Conditional Disclosure of Secrets and Applications", author = "Döttling, Nico and Garg, Sanjam and Goyal, Vipul and Malavolta, Giulio", booktitle="{IEEE Symposium on Foundations of Computer Science (FOCS)}", year="2019", }## Usage metrics

## Categories

No categories selected## Licence

## Exports

RefWorks

BibTeX

Ref. manager

Endnote

DataCite

NLM

DC