On the Round Complexity of Covert Computation

1
On the Round Complexity of Covert Computation
Vipul Goyal Abhishek Jain
UCLA UCLA
2
Covert Computation

• Strengthening of the notion of secure
  computation, introduced by Ahn-Hopper-Langford05
• Talk about privacy of not just input but also
  whether a party participated in the protocol or
  not
• Covert computation has similar relation to secure
  computation as stenographic communication has to
  encrypted communication

3
Example Secret Handshake

• Two (secret) hackers on the internet

I suspect he is a member of the hacker group as
well. Secure 2pc?
4
Example Secret Handshake
he is a hacker!!
Lets run 2pc to see if we are both hackers
5
Secret Handshake contd..
If only there was a better protocol
6
Ideally
Completely agree, helps me get good grades in
college
Internet is such a great resource, I learn so much
We are both hackers !!
7
Covert Computation

• Parties talk as usual and hide protocol messages
  in the normal innocent looking conversation
• In the end, if
• everyone participated
• output favorable (certificates matched)
• output and participation revealed to everyone
• Else, nobody knows who participated (parties just
  see normal messages)

8
More technically

• The protocol messages hidden in the innocent
  conversation need to look random (otherwise
  participation revealed) vAHL05
• Thus design an MPC protocol w/ messages
  indistinguishable from random (except when
  everyone participating and function output
  favorable, final messages will not look random)
• Various standard tools like ZK break down

9
Covert Computation

• Ahn-Hopper-Langford05 two party
• Chandran-Goyal-Ostrovsky-Sahai07 multi-party
  assuming a broadcast channel
• Polynomial number of rounds (in s.p., depth of
  circuit)
• This work focus on round complexity, feasibility
  for point to point channels

10
Covert MPC w/ point to point channels

• Point to point channel communication using,
  e.g., individual emails (as opposed to a mailing
  list)
• Standard techniques for MPC w/ point to point
  channels inherently break down

Internet is such a great resource, I learn so much
he said the same thing!!
Internet is such a great resource, I learn so much
11
Our Results

• We first consider the round complexity of covert
  computation
• w/ black-box simulation constant round covert
  two-party computation impossible
• non black-box simulation constant round covert
  multi-party computation. Techniques
• two slot simulation technique Pass04, Barak01
• crypto in NC0 Applebaum-Ishai-Kushilevitz04
• We observe that our constant round MPC protocol
  inherits bounded concurrency from Pass04
• use this to show feasibility for covert MPC w/
  point to point channels for a constant number of
  parties

12
Covert MPC w/ Point to Point Channels

• Recall we need protocol to run w/o more than 2
  parties agreeing on a message

(x1, x2)
x1
x3
x2
13
High level idea contd..
(x5, , x8)
(x1, , x4)
S
2-bounded
4-bounded
14

• Thank You!