MPC-friendly commitments for publicly verifiable covert security

We address the problem of efficiently verifying a commitment in a two-party computation. This addresses the scenario where a party P1 commits to a value 𝑥 to be used in a subsequent secure computation with another party P2 that wants to receive assurance that P1 did not cheat, i.e. that 𝑥 was indeed...

Full description

Bibliographic Details
Main Authors: Agrawal, N, Bell, J, Gascón, A, Kusner, MJ
Format: Conference item
Language:English
Published: Association for Computer Machinery 2021
Description
Summary:We address the problem of efficiently verifying a commitment in a two-party computation. This addresses the scenario where a party P1 commits to a value 𝑥 to be used in a subsequent secure computation with another party P2 that wants to receive assurance that P1 did not cheat, i.e. that 𝑥 was indeed the value inputted into the secure computation. Our constructions operate in the publicly verifiable covert (PVC) security model, which is a relaxation of the malicious model of MPC appropriate in settings where P1 faces a reputational harm if caught cheating. We introduce the notion of PVC commitment scheme and indexed hash functions to build commitments schemes tailored to the PVC framework, and propose constructions for both arithmetic and Boolean circuits that result in very efficient circuits. From a practical standpoint, our constructions for Boolean circuits are 60× faster to evaluate securely, and use 36× less communication than baseline methods based on hashing. Moreover, we show that our constructions are tight in terms of required non-linear operations, by proving lower bounds on the nonlinear gate count of commitment verification circuits. Finally, we present a technique to amplify the security properties of our constructions that allows to efficiently recover malicious guarantees with statistical security