A secret-shared shuffle (SSS) protocol permutes a secret-shared vector using a random secret permutation. Chase et al.(Asiacrypt'20) recently proposed a highly efficient semi-honest two-party SSS protocol known as the CGP protocol. It utilizes purposely designed pseudorandom correlations that facilitate a communication-efficient online shuffle phase. That said, semi-honest security is insufficient in many real-world application scenarios since shuffle is usually used for highly sensitive applications. Recent works (CANS'21, NDSS'22) attempted to enhance the CGP protocol with malicious security over authenticated secret sharings. However, we find that these attempts are flawed, and malicious adversaries can still learn private information via malicious deviations. This is demonstrated with concrete attacks. Then the question is how to fill the gap and design a maliciously secure CGP shuffle protocol. We answer this question by introducing a set of lightweight correlation checks and a leakage reduction mechanism. Then we apply our techniques with authenticated secret sharings to achieve malicious security. Our protocol, while increasing security, is also efficient. In the two-party setting, experiment results show that our maliciously secure protocol introduces an acceptable overhead compared to its semi-honest version and is more efficient than the state-of-the-art maliciously secure SSS protocol from the MP-SPDZ library.

Click the link below to join the seminar at the following time
Melbourne (AEDT)        : 21 May 2024 11:00 AM
Japan (JST)                  : 21 May 2024 9:00 AM
China (CST)                  : 21 May 2024 8:00 AM
India (IST)                     : 21 May 2024 5:30 AM
Central Europe (CET)   : 21 May 2024 1:00 AM
New York (EDT)            : 20 May 2024 8:00 PM
Los Angeles (PDT)        : 20 May 2024 5:00 PM

Join seminar

Webinar passcode: 451420 (if asked when joining the seminar)

About the speaker