CISPA
Browse
cispa_all_2937.pdf (543.06 kB)

Laconic Conditional Disclosure of Secrets and Applications

Download (543.06 kB)
conference contribution
posted on 2023-11-29, 18:11 authored by Nico DöttlingNico Döttling, Sanjam Garg, Vipul Goyal, Giulio Malavolta
In a Conditional Disclosure of Secrets (CDS) a verifier V wants to reveal a message m to a prover P conditioned on the fact that x is an accepting instance of some NP-language L. An honest prover (holding the corresponding witness w) always obtains the message m at the end of the interaction. On the other hand, if x ∈ L / we require that no PPT P∗ can learn the message m. We introduce laconic CDS, a two round CDS protocol with optimal computational cost for the verifier V and optimal communication cost. More specifically, the verifier’s computation and overall communication grows with poly(|x|, λ, log(T)), where λ is the security parameter and T is the verification time for checking that x ∈ L (given w). We obtain constructions of laconic CDS under standard assumptions, such as CDH or LWE. Laconic CDS serves as a powerful tool for maliciousifying semi-honest protocols while preserving their computational and communication complexities. To substantiate this claim, we consider the setting of non-interactive secure computation: Alice wants to publish a short digest corresponding to a private large input x on her web page such that (possibly many) Bob, with a private input y, can send a short message to Alice allowing her to learn C(x, y) (where C is a public circuit). The protocol must be reusable in the sense that Bob can engage in arbitrarily many executions on the same digest. In this context we obtain the following new implications. 1) UC Secure Bob-optimized 2PC: We obtain a UC secure protocol where Bob’s computational cost and the communication cost of the protocol grows with poly(|x|, |y|, λ, d), where d is the depth of the computed circuit C. 2) Malicious Laconic Function Evaluation: Next, we move on to the setting where Alice’s input x is large. For this case, UC secure protocols must have communication cost growing with |x|. Thus, with the goal of achieving better efficiency, we consider a weaker notion of malicious security. For this setting, we obtain a protocol for which Bob’s computational cost and the communication cost of the protocol grows with poly(|y|, λ, d), where d is the depth of the computed circuit C.

History

Preferred Citation

Nico Döttling, Sanjam Garg, Vipul Goyal and Giulio Malavolta. Laconic Conditional Disclosure of Secrets and Applications. In: IEEE Symposium on Foundations of Computer Science (FOCS). 2019.

Primary Research Area

  • Algorithmic Foundations and Cryptography

Name of Conference

IEEE Symposium on Foundations of Computer Science (FOCS)

Legacy Posted Date

2019-06-25

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_2937, title = "Laconic Conditional Disclosure of Secrets and Applications", author = "Döttling, Nico and Garg, Sanjam and Goyal, Vipul and Malavolta, Giulio", booktitle="{IEEE Symposium on Foundations of Computer Science (FOCS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC