publications

2025

1. Asiacrypt2025

   (to appear) Broadcast-Optimal Secure Computation From Black-Box Oblivious Transfer

   Michele Ciampi, Divya Ravi, Luisa Siniscalchi, and Yu Xia

   In Advances in Cryptology – ASIACRYPT, 2025
2. ACNS2025

   Delayed-Input Multi-Party Computation

   Michele Ciampi, Jure Sternad, and Yu Xia

   In ACNS 2025: 23rd International Conference on Applied Cryptography and Network Security, Part I, 2025

   Abs DOI ePrint Bib

   In this work, we consider the setting where the process of securely evaluating a multi-party functionality is divided into two phases: offline (or preprocessing) and online. The offline phase is independent of the parties’ inputs, whereas the online phase does require the knowledge of the inputs. We consider the problem of minimizing the round of communication required in the online phase and propose a round preserving compiler that can turn a big class of multi-party computation (MPC) protocols into protocols in which only the last two rounds are input-dependent. Our compiler can be applied to a big class of MPC protocols, and in particular to all existing round-optimal MPC protocols. All our results assume no setup and are proven in the dishonest majority setting with black-box simulation.
   
   As part of our contribution, we propose a new definition we call Multi-Party Computation with Adaptive-Input Selection, which allows the distinguisher to craft the inputs the honest parties should use during the online phase, adaptively on the offline phase. This new definition is needed to argue that not only are the messages of the offline phase input-independent but also that security holds even in the stronger (and realistic) adversarial setting where the inputs may depend on some of the offline-phase protocol messages. We argue that this is the definition that any protocol should satisfy to be securely used while preprocessing part of the rounds. We are the first to study this definition in a setting where there is no setup, and the majority of the parties can be corrupted. Prior definitions have been presented in the Universal Composable framework, which is unfortunately not well suited for our setting (i.e., no setup and dishonest majority). As a corollary, we obtain the first four-round (which is optimal) MPC protocol, where the first two rounds can be preprocessed, and its security holds against adaptive-input selection.

   @inproceedings{ACNS:CiaSteXia25,
     title = {Delayed-Input Multi-Party Computation},
     author = {Ciampi, Michele and Sternad, Jure and Xia, Yu},
     booktitle = {ACNS 2025: 23rd International Conference on Applied Cryptography and Network Security, Part I},
     editor = {Fischlin, Marc and Moonsamy, Veelasha},
     publisher = {Springer, Cham, Switzerland},
     address = {Munich, Germany},
     isbn = {978-3-031-95761-1},
     doi = {10.1007/978-3-031-95761-1_12},
     pages = {339--368},
     year = {2025},
     numpages = {30},
     keywords = {Secure multi-party computation, Delayed-input, Round-optimal, Preprocessing},
   }

2023

1. ACNS2023

   Multi-Theorem Fiat-Shamir Transform from Correlation-Intractable Hash Functions

   Michele Ciampi and Yu Xia

   In ACNS 2023: 21st International Conference on Applied Cryptography and Network Security, Part II, 2023

   Abs DOI ePrint Bib

   In STOC 2019 Canetti et al. showed how to soundly instantiate the Fiat-Shamir transform assuming that prover and verifier have access to the key of a correlation intractable hash function for efficiently searchable relations. The transform requires the starting protocol to be a special 3-round public-coin scheme that Canetti et al. call trapdoor sigma-protocol. One downside of the Canetti et al. approach is that the key of the hash function can be used only once (or a pre-determined bounded number of times). That is, each new zero-knowledge proof requires a freshly generated hash key (i.e., a freshly generated setup). This is in contrast to what happens with the standard Fiat-Shamir transform, where the prover, having access to the same hash function(modelled as a random-oracle), can generate an unbounded number of proofs that are guaranteed to be zero-knowledge and sound.
   
   As our main contribution we extend the results of Canetti et al., by proposing a multi-theorem protocol that follows the Fiat-Shamir paradigm and relies on correlation intractable hash functions. Moreover, our protocol remains zero-knowledge and sound even against adversaries that choose the statement to be proven (and the witness for the case of zero-knowledge) adaptively on the key of the hash function. Our construction is presented in the form of a compiler, that follows the Fiat-Shamir paradigm, which takes as input any trapdoor sigma-protocol for the NP-language L and turns it into a non-interactive zero-knowledge protocol that satisfies the properties we mentioned. To be best of our knowledge, ours is the first compiler that follows the Fiat-Shamir paradigm to obtain a multi-theorem adaptive NIZK relying on correlation intractable hash functions.

   @inproceedings{ACNS:CiaXia23,
     title = {Multi-Theorem Fiat-Shamir Transform from Correlation-Intractable Hash Functions},
     author = {Ciampi, Michele and Xia, Yu},
     booktitle = {ACNS 2023: 21st International Conference on Applied Cryptography and Network Security, Part II},
     editor = {Tibouchi, Mehdi and Wang, Xiaofeng},
     publisher = {Springer, Cham, Switzerland},
     volume = {13906},
     address = {Kyoto, Japan},
     isbn = {978-3-031-33491-7},
     doi = {10.1007/978-3-031-33491-7_21},
     pages = {555--581},
     year = {2023},
     numpages = {27},
     keywords = {Fiat-Shamir Transform, NIZK, Correlation Intractable Hash Functions, Adaptive Multi-Theorem Zero-Knowledge},
   }

2. TCC2023

   Broadcast-Optimal Four-Round MPC in the Plain Model

   Michele Ciampi, Ivan Damgård, Divya Ravi, Luisa Siniscalchi, Yu Xia, and Sophia Yakoubov

   In TCC 2023: 21st Theory of Cryptography Conference, Part II, 2023

   Abs DOI ePrint Bib Video

   The prior works of Cohen, Garay and Zikas (Eurocrypt 2020), Damgård, Magri, Ravi, Siniscalchi and Yakoubov (Crypto 2021) and Damgård, Ravi, Siniscalchi and Yakoubov (Eurocrypt 2023) study 2-round Multi-Party Computation (where some form of set-up is required). Motivated by the fact that broadcast is an expensive resource, they focus on so-called broadcast optimal MPC, i.e., they give tight characterizations of which security guarantees are achievable, if broadcast is available in the first round, the second round, both rounds, or not at all.
   
   This work considers the natural question of characterizing broadcast optimal MPC in the plain model where no set-up is assumed. We focus on 4-round protocols, since 4 is known to be the minimal number of rounds required to securely realize any functionality with black-box simulation. We give a complete characterization of which security guarantees, (namely selective abort, selective identifiable abort, unanimous abort and identifiable abort) are feasible or not, depending on the exact selection of rounds in which broadcast is available.

   @inproceedings{TCC:CDRSXY23,
     author = {Ciampi, Michele and Damg{\aa}rd, Ivan and Ravi, Divya and Siniscalchi, Luisa and Xia, Yu and Yakoubov, Sophia},
     editor = {Rothblum, Guy N. and Wee, Hoeteck},
     title = {Broadcast-Optimal Four-Round MPC in the Plain Model},
     volume = {14370},
     booktitle = {TCC 2023: 21st Theory of Cryptography Conference, Part II},
     year = {2023},
     publisher = {Springer, Cham, Switzerland},
     address = {Taipei, Taiwan},
     numpages = {30},
     pages = {3--32},
     isbn = {978-3-031-48618-0},
     doi = {10.1007/978-3-031-48618-0_1},
   }