[Resource Topic] 2024/568: Communication-Efficient Multi-Party Computation for RMS Programs

Resource Cryptographic protocols
#1

Welcome to the resource topic for 2024/568

Title:
Communication-Efficient Multi-Party Computation for RMS Programs

Authors: Thomas Attema, Aron van Baarsen, Stefan van den Berg, Pedro Capitão, Vincent Dunning, Lisa Kohl

Abstract:

Despite much progress, general-purpose secure multi-party computation (MPC) with active security may still be prohibitively expensive in settings with large input datasets. This particularly applies to the secure evaluation of graph algorithms, where each party holds a subset of a large graph.

Recently, Araki et al. (ACM CCS '21) showed that dedicated solutions may provide significantly better efficiency if the input graph is sparse. In particular, they provide an efficient protocol for the secure evaluation of “message passing” algorithms, such as the PageRank algorithm. Their protocol’s computation and communication complexity are both \tilde{O}(M\cdot B) instead of the O(M^2) complexity achieved by general-purpose MPC protocols, where M denotes the number of nodes and B the (average) number of incoming edges per node. On the downside, their approach achieves only a relatively weak security notion; 1-out-of-3 malicious security with selective abort.

In this work, we show that PageRank can instead be captured efficiently as a restricted multiplication straight-line (RMS) program, and present a new actively secure MPC protocol tailored to handle RMS programs. In particular, we show that the local knowledge of the participants can be leveraged towards the first maliciously-secure protocol with communication complexity linear in M, independently of the sparsity of the graph. We present two variants of our protocol. In our communication-optimized protocol, going from semi-honest to malicious security only introduces a small communication overhead, but results in quadratic computation complexity O(M^2). In our balanced protocol, we still achieve a linear communication complexity O(M), although with worse constants, but a significantly better computational complexity scaling with O(M\cdot B). Additionally, our protocols achieve security with identifiable abort and can tolerate up to n-1 corruptions.

ePrint: https://eprint.iacr.org/2024/568

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .