Minimal-latency secure function evaluation

Abstract

Sander, Young and Yung recently exhibited a protocol for computing on encrypted inputs, for functions computable in NC1. In their variant of secure function evaluation, Bob (the “CryptoComputer”) accepts homomorphically-encrypted inputs (x) from client Alice, and then returns a string from which Alice can extract f(x, y) (where y is Bob’s input, or e.g. the function f itself). Alice must not learn more about y than what f(x, y) reveals by itself. We extend their result to encompass NLOGSPACE (nondeterministic log-space functions). In the domain of multiparty computations, constant-round protocols have been known for years [BB89, FKN95]. This paper introduces novel parallelization techniques that, coupled with the [SYY99] methods, reduce the constant to 1 with preprocessing. This resolves the conjecture that NLOGSPACE subcomputations (including log-slices of circuit computation) can be evaluated with latency 1 (as opposed to just O(1)).