UWSpace is currently experiencing technical difficulties resulting from its recent migration to a new version of its software. These technical issues are not affecting the submission and browse features of the site. UWaterloo community members may continue submitting items to UWSpace. We apologize for the inconvenience, and are actively working to resolve these technical issues.
 

Laconic Evaluation of Branching Programs from the Diffie-Hellman Assumption

Thumbnail Image

Files

Murphy_Alice.pdf (1.77 MB)

Date

2024-05-02

Authors

Murphy, Alice

Journal Title

Journal ISSN

Volume Title

Publisher

University of Waterloo

Abstract

Secure two-party computation (2PC) enables two parties to compute a function f on their joint inputs while keeping their inputs private. Laconic cryptography is a special type of 2PC in which this is done with asymptotically optimal communication in only two rounds of communication. The party who sends the first message is called the receiver and the party who replies with the second message is called the sender. Laconic cryptography considers the case of asymmetric input sizes, where the receiver's input is much larger than the sender's input or vice versa. As such, the size of the messages sent cannot depend on the size of the larger input. For example, if x_R is the receiver's input, x_S is the sender's input, and |x_R| >> |x_S|, then the protocol's communication cost cannot depend on |x_R|, but it may depend on |x_S|. Previous works have shown protocols can be built for laconic oblivious transfer (OT) [Cho et al. CRYPTO 2017] and laconic private set intersection (PSI) [Alamati et al. TCC 2021] from the Diffie-Hellman assumption. Quach, Wee, and Wichs [FOCS 2018] give a construction for laconic 2PC for general functionalities based on the Learning with Errors (LWE) assumption. In this work, we bridge the gap by giving a laconic protocol for the evaluation of branching programs (BPs) from the Diffie-Hellman assumption. In this setting, the receiver holds a large branching program BP and the sender holds a short input x. Our protocol allows the receiver to learn x if and only if BP(x) =1, and nothing more. The communication cost only grows with the size of x and the depth of BP, and does not further depend on the size of BP. Our construction can be used to realize PSI and private set union (PSU) functionalities and can handle unbalanced BPs and BPs with wildcards.

Description

Keywords

laconic cryptography, branching programs, unbalanced secure computation

LC Keywords

Citation

URI

http://hdl.handle.net/10012/20535

Collections

Theses
Computer Science