The Concrete Security of Two-Party Computation

Rishabh Ranjan
Tuesday | 7th January 2025| 4:00 PM
KR 225

This paper initiates a concrete-security treatment of two-party secure computation. The first step is to propose, as target, a simple, indistinguishability-based definition that we call InI. This could be considered a poor choice if it were weaker than standard simulation-based definitions, but it is not; we show that for functionalities satisfying a condition called invertibility, that we define and show is met by functionalities of practical interest like PSI and its variants, the twodefinitions are equivalent. Based on this, we move forward to study the concrete security of a canonical OPRF-based construction of PSI, giving a tight proof of InI security of the constructed PSI protocol based on the security of the OPRF. This leads us to the concrete security of OPRFs, where we show how different DH-style assumptions on the underlying group yield proofs of different degrees of tightness, including some that are tight, for the well-known and efficient 2H-DH OPRF, and thus for the corresponding DH PSI protocol. We then give a new PSI protocol, called salted-DH PSI, that is as efficient as DH-PSI, yet enjoys tighter proofs.

Speaker Biography

Rishabh Ranjan is a PhD student in the CryptoSec and Theory groups at University of California, San Diego. He is broadly interested in provable security and cryptography. Before deciding to pursue his interests, he worked as a software engineer at Microsoft for two years after graduating from BIT Mesra, Ranchi.

More about the speaker: https://cseweb.ucsd.edu/~riranjan