Concurrently Secure Computation in Constant Rounds

Abstract

We study the problem of constructing concurrently secure computation protocols in the plain model, where no trust is required in any party or setup. While the well established UC framework for concurrent security is impossible to achieve in this setting, meaningful relaxed notions of concurrent security have been achieved. The main contribution of our work is a new technique useful for designing protocols in the concurrent setting (in the plain model). The core of our technique is a new rewinding-based extraction procedure which only requires the protocol to have a constant number of rounds. We show two main applications of our technique. We obtain the first concurrently secure computation protocol in the plain model with super-polynomial simulation (SPS) security that uses only a constant number of rounds and requires only standard assumptions. In contrast, the only previously known result (Canetti et al., FOCS'10) achieving SPS security based on standard assumptions requires polynomial number of rounds. Our second contribution is a new definition of input indistinguishable computation (IIC) and a constant round protocols satisfying that definition. Our definition of input indistinguishable computation is a simplification and strengthening of the definition of Micali et al. (FOCS'06) in various directions. Most notably, our definition provides meaningful security guarantees even for randomized functionalities.