[Busec] busec next week: Pratyay Mukherjee (Wed 10am)

Leonid Reyzin reyzin at cs.bu.edu
Fri Apr 17 17:26:40 EDT 2015

At the Wednesday seminar (Apr 22), we will have Pratyay Mukherjee. Details
below. Lunch following the talk will be provided. Stay tuned for Siddharth
Garg the following week.


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


Title: Two Round MPC from LWE via Multi-Key FHE
Speaker: Pratyay Mukherjee, Aarhus Universitet and Northeastern University

Wednesday April 22, 10am, the Hariri Seminar room

Title: Two Round MPC from LWE via Multi-Key FHE

Abstract:  We construct a general multiparty computation (MPC) protocol in
the common random string (CRS) model with only two rounds of interaction,
which is known to be optimal. In the honest-but-curious setting we only
rely on the learning with errors (LWE) assumption, and in the fully
malicious setting we additionally assume the existence of non-interactive
zero knowledge arguments (NIZKs). Previously, Asharov et al. (EUROCRYPT
'12) showed how to achieve three rounds based on LWE and NIZKs, while Garg
et al. (TCC '14) showed how to achieve the optimal two rounds based on
indistinguishability obfuscation, but it was unknown if two rounds were
possible under simpler assumptions without obfuscation. Our approach relies
on multi-key fully homomorphic encryption (MFHE), introduced by Lopez-Alt
et al. (STOC '12), which enables homomorphic computation over data
encrypted under dierent keys. We use a recent construction of MFHE based on
LWE by Clear and McGoldrick (ePrint '14), and we give a simplied
stand-alone exposition of that scheme. We then extend this construction to
allow for a one-round distributed decryption of a multi-key ciphertext. Our
entire MPC protocol consists of the following two rounds:

1. Each party individually encrypts its input under its own key and
broadcasts the ciphertext. All parties can then homomorphically compute a
multi-key encryption of the output.

2. Each party broadcasts a partial decryption of the output using its
secret key. The partial decryptions can be combined to recover the output
in plaintext.

A joint work with Daniel Wichs. Available at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20150417/6d43e20a/attachment.html>

More information about the Busec mailing list