This electronic thesis or dissertation has been downloaded from Explore Bristol Research, http://research-information.bristol.ac.uk Author: Rotaru, Dragos A Title: Optimizing Secure Multiparty Computation Protocols for Dishonest Majority General rights Access to the thesis is subject to the Creative Commons Attribution - NonCommercial-No Derivatives 4.0 International Public License. A copy of this may be found at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode This license sets out your rights and the restrictions that apply to your access to the thesis so it is important you read this before proceeding. Take down policy Some pages of this thesis may have been removed for copyright restrictions prior to having it been deposited in Explore Bristol Research. However, if you have discovered material within the thesis that you consider to be unlawful e.g. breaches of copyright (either yours or that of a third party) or any other law, including but not limited to those relating to patent, trademark, confidentiality, data protection, obscenity, defamation, libel, then please contact [email protected] and include the following information in your message: •Your contact details •Bibliographic details for the item, including a URL •An outline nature of the complaint Your claim will be investigated and, where appropriate, the item in question will be removed from public view as soon as possible. Optimizing Secure Multiparty Computation Protocols for Dishonest Majority Dragos, Alin Rotaru A dissertation submitted to the University of Bristol in accordance with the requirements for award of the degree of Doctor of Philosophy in the Faculty of Engineering Department of Computer Science January 2020 Word count: 65000 words i Abstract A set of parties want to compute a function F over their inputs without revealing them, learning only the output of F. This is the traditional scenario introduced to show what secure Multi-Party Computation (MPC) can achieve: computing on encrypted data. Due to the initial theoretical papers appearing in the beginning of 80s describing basic protocols to achieve MPC, it has now become a hot topic in the cryptographic community where we can see dozens of startups finding good use-cases such as machine learning on encrypted data as well as high quality research constantly pushing the field’s boundaries. The goal of this thesis is to improve on dishonest majority MPC where all but one of the parties can arbitrarily deviate from the protocol and still ensure input privacy of the honest parties. Many modern MPC protocols are realized in two stages: an input-independent but usually expen- sive preprocessing phase coupled with an input-dependent stage called online phase. The first contri- bution of this thesis is to revisit two popular protocols (SPDZ and BDOZ) based on Homomorphic Encryption (HE), and show that, with some improvements, the HE based protocols can perform better than the state-of-the-art preprocessing based on oblivious transfer. The second contribution of the thesis is to improve upon the TinyTable protocol which evaluates lookup tables on secret data. We then evaluate more complex algorithms such as AES using the lookup table approach within SPDZ framework, and make them competitive with their Boolean counterpart based on garbled circuits for dishonest majority. Next we build more efficient Pseudorandom Functions (PRF) protocols which have an efficient description when evaluated over an arithmetic circuit instead of binary circuits where AES shines. The resulted PRFs are then used to perform more efficient authenticated encryption using SPDZ protocol. These two applications are crucial when a set of MPC servers want to compute F based on inputs coming from external clients or storing outputs of F to an encrypted database where no party holds the decryption key but still allow them to operate on the encrypted data. Finally, we give efficient conversion procedures between different paradigms of MPC for dishonest majority. This allows us to split F into chunks and evaluate each chunk using our favorite MPC pro- tocols to then switch smoothly between each representation, realizing a more efficient evaluation of F overall. iii Acknowledgements Looking back at the last four years of my life it seems to me that I was extremely lucky to be constantly surrounded by many brilliant and kind people from which I could learn how to be a better researcher as well as a more thoughtful human being. First I want to thank my Ph.D. advisor Nigel Smart for his contagious enthusiasm and incredible work ethic. I am indebted for his guidance and continuous support throughout my Ph.D. journey as well as giving me enough freedom to pursue independent research projects whenever needed. I am convinced that some of his invaluable advice will stick with me for a long time from now on. Second I would like to thank all of my co-authors without whom this thesis would not have been possible: Martin R. Albrecht, Abdelrahaman Aly, Hao Chen, Lorenzo Grassi, Marcel Keller, Miran Kim, Reinhard Lüftenegger, Eleftheria Makri, Emmanuela Orsini, Valerio Pastro, Léo Perrin, Sebas- tian Ramacher, Ilya Razenshteyn, Christian Rechberger, Arnab Roy, Markus Schofnegger, Peter Scholl, Eduardo Soria-Vásquez, Nigel P. Smart, Yongsoo Song, Martijn Stam, Titouan Tanguy, Frederik Ver- cauteren, Srinivas Vivek, Sameer Wagh, Tim Wood. I have learned a lot from each of them and greatly enjoyed working and discussing ideas with all of them. Third I am grateful to have two amazing friends and collaborators whom I always perceived them as excellent mentors throughout these four years: Marcel Keller and Peter Scholl. I was very lucky to have them around when my Ph.D. started and I kept asking them technical questions even after they left Bristol. Thank you for your patience guys, your help was and still is greatly appreciated. Fourth I am grateful to Hao Chen for having me as an intern in the MSR crypto research team in the summer of 2019 and helping me understand how research is done within a large company as Microsoft. In Redmond I had the pleasure of meeting Sameer Wagh who proved to be a great friend and collaborator. I would like to thank Ilia and Irina for taking care of me while being in Redmond. It would be a pity to not tell the story of how I got to do a Ph.D in cryptography and mention the people encountered throughout and thank them for their support. During the summer of my first year of undergraduate studies I was getting bored so I decided to take a couple of online courses, one of which was the cryptography course offered by Dan Boneh. After the summer ended it was only a matter of time that I reached out to Ruxandra Olimid, a lecturer at University of Bucharest to be my thesis supervisor and introduce me to certain aspects of cryptography research. After finishing my bachelor’s degree I had the pleasure to work with Miruna Ros, ca and Radu T, it,iu studying cryptography in the research labs of Bitdefender Romania. I am thankful to these two kind people from whom I have v learned a lot and are now close friends. A few months before the end of the year I was contacted by Bogdan Warinschi whom I met the first time at a cryptography summer school in Bucharest. Bogdan told me there is a PhD opening at Bristol supervised by Nigel. From there to being in Bristol in January 2016 was just an interview with Nigel. Here I would also want to express my gratitude to the following professors at University of Bucharest who always encouraged me to pursue research: Prof. Gheorghe S, tefanescu˘ and Prof. Andrei Paun˘ and to, now lecturer, Marius Dumitran. Next I would like to thank the Bristol Crypto group for keeping me grounded for the two years spent there and the thoughtful discussions we had during the Friday pubs. Although there were few sunny days in Bristol, Marco made sure that Bristol is warm enough: he made sure I attend football every week as well inviting me to the awesome Italian dinners with him and Alessandra. Although I was far from Romania this made me feel like home. Meeting Avanthika a couple of months before I left Bristol certainly made the decision to go to Belgium even tougher but I am thankful to have her besides me a couple of weeks before submitting this manuscript. I am grateful to have worked in the COSIC group as it was full of fun and thoughtful activities filled with football, squash and dancing salsa. I am indebted to all the people in the COSIC group, I especially enjoyed the company of Marc, Ilia, Younes, Abdel, Jose, Cyprien who were close friends to me and played dozens of football and squash matches which kept me in good physical shape to do productive research. I am profoundly grateful to Ilaria and Abdel for convincing me to start taking dance classes since I have discovered an awesome community through this which certainly contributed to my well-being during my Ph.D. To my friends in Romania who were always eager to welcome me whenever I was back for a few days: Emil, Bogdan, Andrei, Cristina and Mihai. I am grateful for the algorithm puzzles Mihai kept throwing at me and the countless discussions we had where I would always learn something new. To some of my friends that left the country such as Andrei and Gabi but we always hanged out together when we found ourselves in the same city. Apologize to all the other friends who I am missing now. I would also like thank my middle school math teacher, Mr.