The notion of covert computation, an enhanced form of secure multiparty computation, allows parties to jointly compute a function, while ensuring that participating parties cannot distinguish their counterparties from a random noise generator, until the end of the protocol, when the output of the function is revealed, if favorable to all parties. Previous works on covert computation achieved super-constant round protocols for general functionalities [5,16], with efficiency at least linear in the size of the circuit representation of the computed function. Indeed, [9] showed that constant-round covert computation of any non-trivial functionality with black-box simulation is impossible in the plain model. In this work we construct the first practical constant-round covert protocol for a non-trivial functionality, namely the set-intersection functionality, in the Random Oracle Model. Our construction demonstrates the usefulness of covert subprotocols as building blocks in constructing larger protocols: We show how to compile a concurrently covert protocol for a single-input functionality, e.g. string equality, into an efficient secure and covert protocol for a corresponding multi-input functionality, e.g. set intersection. Our main contributions are summarized as follows: (1) We upgrade the notion of covert computation of [5] to concurrent covert computation. (2) We provide a general compiler that converts concurrent covert protocols for single-input functionalities to concurrent covert protocols for corresponding multi-input counterparts of these functionalities, at linear cost, in the Random Oracle Model. (3) To demonstrate the usefulness of our compiler, we construct a concurrently covert string equality protocol and then apply our compiler to achieve a two-message concurrent covert protocol for Set Intersection (SI) with a linear cost in the Random Oracle Model.
展开▼
