Concrete mathematics, a foundation for computer science, by Ronald L. Graham, Donald E. Knuth and Oren Patashnik. Pp 625. £24·95. 1989. ISBN 0-201-14236-8 (Addison-Wesley)

SPDZ denotes a multiparty computation scheme in the preprocessing model based on somewhat homomorphic encryption (SHE) in the form of BGV. At CCS ’16, Keller et al. presented MASCOT, a replacement of the preprocessing phase using oblivious transfer instead of SHE, improving by two orders of magnitude on the SPDZ implementation by Damgard et al. (ESORICS ’13). In this work, we show that using SHE is faster than MASCOT in many aspects:

1.

We present a protocol that uses semi-homomorphic (addition-only) encryption. For two parties, our BGV-based implementation is six times faster than MASCOT on a LAN and 20 times faster in a WAN setting. The latter is roughly the reduction in communication.




2.

We show that using the proof of knowledge in the original work by Damgard et al. (Crypto ’12) is more efficient in practice than the one used in the implementation mentioned above by about one order of magnitude.




3.

We present an improvement to the verification of the aforementioned proof of knowledge that increases the performance with a growing number of parties, doubling it for 16 parties.

Overdrive: Making SPDZ Great Again

/pdf/overdrive-making-spdz-great-again-5dwycnimj8.pdf

Overdrive: Making SPDZ Great Again.

Locally repairable codes (LRCs) are considered with equal or unequal localities, local distances, and local field sizes. An explicit two-layer architecture with a sum-rank outer code is obtained, having disjoint local groups and achieving maximal recoverability (MR) for all families of local linear codes (MDS or not) simultaneously, up to a specified maximum locality $r $ . Furthermore, the local linear codes (thus the localities, local distances, and local fields) can be efficiently and dynamically modified without global recoding or changes in architecture or outer code, while preserving the MR property, easily adapting to new configurations in storage or new hot and cold data. In addition, local groups and file components can be added, removed or updated without global recoding. The construction requires global fields of size roughly $g^{r} $ , for $g $ local groups and maximum or specified locality $r $ . For equal localities, these global fields are smaller than those of previous MR-LRCs when $r \leq h $ (global parities). For unequal localities, they provide an exponential field size reduction on all previous best known MR-LRCs. For bounded localities and a large number of local groups, the global erasure-correction complexity of the given construction is comparable to that of Tamo–Barg codes or Reed–Solomon codes with local replication, while local repair is as efficient as for the Cartesian product of the local codes. Reed–Solomon codes with local replication and Cartesian products are recovered from the given construction when $r=1 $ and $h = 0 $ , respectively. The given construction can also be adapted to provide hierarchical MR-LRCs for all types of hierarchies and parameters. Finally, subextension subcodes and sum-rank alternant codes are introduced to obtain further exponential field size reductions, at the expense of lower information rates.

Universal and Dynamic Locally Repairable Codes With Maximal Recoverability via Sum-Rank Codes

In a distributed storage system, code symbols are dispersed across space in nodes or storage units as opposed to time. In settings such as that of a large data center, an important consideration is the efficient repair of a failed node. Efficient repair calls for erasure codes that in the face of node failure, are efficient in terms of minimizing the amount of repair data transferred over the network, the amount of data accessed at a helper node as well as the number of helper nodes contacted. Coding theory has evolved to handle these challenges by introducing two new classes of erasure codes, namely regenerating codes and locally recoverable codes as well as by coming up with novel ways to repair the ubiquitous Reed-Solomon code. This survey provides an overview of the efforts in this direction that have taken place over the past decade.

Erasure coding for distributed storage: an overview

Like classical block codes, a locally repairable code also obeys the Singleton-type bound (we call a locally repairable code optimal if it achieves the Singleton-type bound). In the breakthrough work of Tamo and Barg, several classes of optimal locally repairable codes were constructed via subcodes of Reed–Solomon codes. Thus, the lengths of the codes given by Tamo and Barg are upper bounded by the code alphabet size $q$ . Recently, it was proved through the extension of construction by Tamo and Barg that the length of $q$ -ary optimal locally repairable codes can be $q+1$ by Jin et al . Surprisingly, Barg et al. presented a few examples of $q$ -ary optimal locally repairable codes of small distance and locality with code length achieving roughly $q^{2}$ . Very recently, it was further shown in the work of Li et al. that there exist $q$ -ary optimal locally repairable codes with the length bigger than $q+1$ and the distance proportional to $n$ . Thus, it becomes an interesting and challenging problem to construct new families of $q$ -ary optimal locally repairable codes of length bigger than $q+1$ . In this paper, we construct a class of optimal locally repairable codes of distances 3 and 4 with unbounded length (i.e., length of the codes is independent of the code alphabet size). Our technique is through cyclic codes with particular generator and parity-check polynomials that are carefully chosen.

Optimal Locally Repairable Codes of Distance 3 and 4 via Cyclic Codes

A locally repairable code (LRC) with locality ${r}$ allows for the recovery of any erased codeword symbol using only ${r}$ other codeword symbols. A Singleton-type bound dictates the best possible tradeoff between the dimension and distance of LRCs—an LRC attaining this tradeoff is deemed optimal . Such optimal LRCs have been constructed over alphabets growing linearly in the block length. Unlike the classical Singleton bound, however, it was not known if such a linear growth in the alphabet size is necessary or, for that matter, even if the alphabet needs to grow at all with the block length. Indeed, for small code distances 3 and 4, arbitrarily long optimal LRCs were known over fixed alphabets. Here, we prove that for distances $ {d} { \geqslant } {5}$ , the code length $ {n}$ of an optimal LRC over an alphabet of size $ {q}$ must be at most roughly $ {O}{(}{{dq}}^{{3}}{)}$ . For the case $ {d} = {5}$ , our upper bound is $ {O}( {q}^{{2}})$ . We complement these bounds by showing the existence of optimal LRCs of length $ {\Omega }_{ {d}, {r}}( {q}^{ {1+1}/\lfloor ( {d}- {3})/ {2}\rfloor }{)}$ when $ {d} \leqslant {r}+ {2}$ . These bounds match when $ {d} = {5}$ , thus pinning down $ {n} = {\Theta }( {q}^{{2}})$ as the asymptotically largest length of an optimal LRC for this case.

/pdf/how-long-can-optimal-locally-repairable-codes-be-2h1d6qeqs2.pdf

How Long Can Optimal Locally Repairable Codes Be

A fundamental and widely-applied paradigm due to Franklin and Yung (STOC 1992) on Shamir-secret-sharing based general n-player MPC shows how one may trade the adversary threshold t against amortized communication complexity, by using a so-called packed version of Shamir’s scheme. For e.g. the BGW-protocol (with active security), this trade-off means that if $t + 2k -2 < n/3$, then k parallel evaluations of the same arithmetic circuit on different inputs can be performed at the overall cost corresponding to a single BGW-execution.

/pdf/amortized-complexity-of-information-theoretically-secure-mpc-mqv7mqi5or.pdf

Amortized complexity of information-theoretically secure MPC revisited

A locally repairable code (LRC) with locality $r$ allows for the recovery of any erased codeword symbol using only $r$ other codeword symbols. A Singleton-type bound dictates the best possible trade-off between the dimension and distance of LRCs --- an LRC attaining this trade-off is deemed \emph{optimal}. Such optimal LRCs have been constructed over alphabets growing linearly in the block length. Unlike the classical Singleton bound, however, it was not known if such a linear growth in the alphabet size is necessary, or for that matter even if the alphabet needs to grow at all with the block length. Indeed, for small code distances $3,4$, arbitrarily long optimal LRCs were known over fixed alphabets. 
Here, we prove that for distances $d \ge 5$, the code length $n$ of an optimal LRC over an alphabet of size $q$ must be at most roughly $O(d q^3)$. For the case $d=5$, our upper bound is $O(q^2)$. We complement these bounds by showing the existence of optimal LRCs of length $\Omega_{d,r}(q^{1+1/\lfloor(d-3)/2\rfloor})$ when $d \le r+2$. These bounds match when $d=5$, thus pinning down $n=\Theta(q^2)$ as the asymptotically largest length of an optimal LRC for this case.

How long can optimal locally repairable codes be

At CRYPTO 2018, Cramer et al. introduced a secret-sharing based protocol called SPD$\mathbb {Z}_{2^k}$ that allows for secure multiparty computation (MPC) in the dishonest majority setting over the ring of integers modulo $2^k$, thus solving a long-standing open question in MPC about secure computation over rings in this setting. In this paper we study this problem in the information-theoretic scenario. More specifically, we ask the following question: Can we obtain information-theoretic MPC protocols that work over rings with comparable efficiency to corresponding protocols over fields? We answer this question in the affirmative by presenting an efficient protocol for robust Secure Multiparty Computation over $\mathbb {Z}/p^{k}\mathbb {Z}$ (for any prime p and positive integer k) that is perfectly secure against active adversaries corrupting a fraction of at most 1/3 players, and a robust protocol that is statistically secure against an active adversary corrupting a fraction of at most 1/2 players.

/pdf/efficient-information-theoretic-secure-multiparty-2dv1h4vmnj.pdf

Chen Yuan

Papers

Optimal Locally Repairable Codes of Distance 3 and 4 via Cyclic Codes

How Long Can Optimal Locally Repairable Codes Be

Amortized complexity of information-theoretically secure MPC revisited

How long can optimal locally repairable codes be

Efficient Information-Theoretic Secure Multiparty Computation over \(\mathbb {Z}/p^k\mathbb {Z}\) via Galois Rings