Cryptography and Complexity

The project focuses on several questions in the borderline of cryptography, which studies methods for protecting the secrecy and integrity of data, and complexity theory, which studies the amount of resources required for carrying out useful computations on data.

Much of our research efforts are devoted to understanding the complexity of secure multiparty computation (MPC). MPC allows two or more mutually distrusting parties to perform joint computations on their sensitive data without compromising the secrecy of their inputs or the correctness of the outputs. One of the main goals of this project is to improve the efficiency of MPC by using techniques from the area of complexity theory.

A central question on which we obtained progress is that of minimizing the amount of interaction required by MPC protocols. In particular, we obtained the first efficient two-party protocols which consist of only two messages and yet offer full security against malicious parties who may arbitrarily deviate from the protocol. As it turned out, optimizing the efficiency of such protocols required us to design a new "robust" form of pseudo-random number generators which may be of independent interest. For some types of restricted interaction it is provably impossible to guarantee full security. We showed how to obtain the best possible security in these cases.

Another central efficiency measure of MPC protocols is their communication complexity, namely the total length of messages exchanged between the parties. We were also able to reduce the amount of communication in MPC protocols by relying on error-correcting codes which admit an efficient testing procedure for estimating the distance of a corrupted codeword from the code. Such codes have recently been a central object of study in complexity theory, and our work applies them for the first time in the field of cryptography. Another method we used for saving communication in secure computation is by shifting most of the communication to an off-line preprocessing phase, which may be executed before any inputs are known.

Finally, we introduced novel techniques for reducing the design of complex MPC protocols to the design of simpler ones. In particular, we showed how to construct protocols for many parties from protocols for just a few (3 or 4) parties by relying on results from the area of computational complexity theory, and how to construct protocols that offer security against malicious parties from protocols that are only secure against "curious" parties by applying a new kind of fault-tolerant circuits. These new techniques are not only useful for simplifying some of the main results in the area, but they also yield efficiency improvements for several types of MPC protocols.