## Efficient Secure Linear Algebra in the Presence of Covert or Computationally Unbounded Adversaries

### Cached

### Download Links

Citations: | 5 - 1 self |

### BibTeX

@MISC{Mohassel_efficientsecure,

author = {Payman Mohassel and Enav Weinreb},

title = {Efficient Secure Linear Algebra in the Presence of Covert or Computationally Unbounded Adversaries},

year = {}

}

### OpenURL

### Abstract

Abstract. In this work we study the design of secure protocols for linear algebra problems. All current solutions to the problem are either inefficient in terms of communication complexity or assume that the adversary is honest but curious. We design protocols for two different adversarial settings: First, we achieve security in the presence of a covert adversary, a notion recently introduced by [Aumann and Lindell, TCC 2007]. Roughly speaking, this guarantees that if the adversary deviates from the protocol in a way that allows him to cheat, then he will be caught with good probability. Second, we achieve security against arbitrary malicious behaviour in the presence of a computationally unbounded adversary that controls less than a third of the parties. Our main result is a new upper bound of O(n 2+1/t) communication for testing singularity of a shared n×n matrix in constant round, for any constant t in both of these adversarial environments. We use this construction to design secure protocols for computing the rank of a shared matrix and solving a shared linear system of equations with similar efficiency. We use different techniques from computer algebra, together with recent ideas from [Cramer, Kiltz, and Padró, CRYPTO 2007], to reduce the problem of securely deciding singularity to the problem of securely computing matrix product. We then design new and efficient protocols for secure matrix product in both adversarial settings. In the two-party setting, we combine cut-and-choose techniques on random additive decomposition of the input, with a careful use of the random strings of a homomorphic encryption scheme to achieve simulation-based security. Thus, our protocol avoids general zero-knowledge proofs and only makes a black-box use of a homomorphic encryption scheme. 1