Susumu Kiyoshima

Constant-Round Black-Box Construction of Composable Multi-Party Computation Protocol

We present the first general MPC protocol that satisfies the following: (1) the construction is black-box, (2) the protocol is universally composable in the plain model, and (3) the number of rounds is constant. The security of our protocol is proven in angel-based UC security under the assumption of the existence of one-way functions that are secure against sub-exponential-time adversaries and constant-round semi-honest oblivious transfer protocols that are secure against quasi-polynomial-time adversaries. We obtain the MPC protocol by constructing a constant-round CCA-secure commitment scheme in a black-box way under the assumption of the existence of one-way functions that are secure against sub-exponential-time adversaries. To justify the use of such a sub-exponential hardness assumption in obtaining our constant-round CCA-secure commitment scheme, we show that if black-box reductions are used, there does not exist any constant-round CCA-secure commitment scheme under any falsifiable polynomial-time hardness assumptions.

Round-Efficient Black-Box Construction of Composable Multi-Party Computation

We present a round-efficient black-box construction of a general MPC protocol that satisfies composability in the plain model. The security of our protocol is proven in angel-based UC framework under the minimal assumption of the existence of semi-honest oblivious transfer protocols. When the round complexity of the underlying oblivious transfer protocol is r OT (n), the round complexity of our protocol is max\((\tilde{O}(\log^2n), O(r_{OT}(n)))\). Since constant-round semi-honest oblivious transfer protocols can be constructed under standard assumptions (such as the existence of enhanced trapdoor permutations), our result gives \(\tilde{O}(\log^2n)\)-round protocol under these assumptions. Previously, only an O(max(n e , r OT (n)))-round protocol was shown, where e > 0 is an arbitrary constant.

Constant-Time approximation algorithms for the knapsack problem

In this paper, we give a constant-time approximation algorithm for the knapsack problem. Using weighted sampling, with which we can sample items with probability proportional to their profits, our algorithm runs with query complexity O (e −4 loge −1), and it approximates the optimal profit with probability at least 2/3 up to error at most an e -fraction of the total profit. For the subset sum problem, which is a special case of the knapsack problem, we can improve the query complexity to O (e −1 loge −1).

Garbling Scheme for Formulas with Constant Size of Garbled Gates

We provide a garbling scheme which creates garbled circuits of a very small constant size four bits per gate for circuits with fan-out one formulas. For arbitrary fan-out, we additionally need only two ciphertexts per additional connection of each gate output wire. We make use of a trapdoor permutation for which we define a generalized notion of correlation robustness. We show that our notion is implied by PRIV-security, a notion for deterministic searchable encryption. We prove our scheme secure in the programmable random oracle model.

An Alternative Approach to Non-black-box Simulation in Fully Concurrent Setting

We give a new proof of the existence of public-coin concurrent zero-knowledge arguments for \(\mathcal{NP}\) in the plain model under standard assumptions (the existence of one-to-one one-way functions and collision-resistant hash functions), which was originally proven by Goyal (STOC’13).

Statistical Concurrent Non-malleable Zero-Knowledge from One-Way Functions

Concurrent non-malleable zero-knowledge (\(\mathrm {CNMZK}\)) protocols are zero-knowledge protocols that are secure even when the adversary interacts with multiple provers and verifiers simultaneously. Recently, the first statistical \(\mathrm {CNMZK}\) argument for \(\mathcal {NP}\) was constructed by Orlandi et al. (TCC’14) under the DDH assumption.

Efficient Concurrent Oblivious Transfer in Super-Polynomial-Simulation Security

In this paper, we show a concurrent oblivious transfer protocol in super-polynomial-simulation (SPS) security. Our protocol does not require any setup and does not assume any independence among the inputs. In addition, our protocol is efficient since it does not use any inefficient primitives such as general zero-knowledge proofs for all NP statements. This is the first concurrent oblivious transfer protocol that achieves both of these properties simultaneously. The security of our protocol is based on the decisional Diffie-Hellman (DDH) assumption.