One of the most fundamental goals in cryptography is to design protocols that remain secure when adversarial participants can engage in arbitrary malicious behavior. In 1986, Goldreich, Micali, and Wigderson presented a powerful paradigm for designing such protocols: their approach reduced the task of designing secure protocols to designing protocols that only guarantee security against “honest-but-curious” participants. By making use of zero-knowledge proofs, the GMW paradigm enforces honest behavior without compromising secrecy. Over the past two decades, this approach has been the dominant paradigm for cryptographic protocol design.
In this chapter, we present a new general paradigm/protocol compiler for secure protocol design developed in 2008 by Ishai, Prabhakaran, and Sahai that departs considerably from the GMW framework. This new approach also reduces the task of designing secure protocols to designing protocols that only guarantee security against honest-but-curious participants. However, the new approach avoids the use of zero-knowledge proofs, and instead makes use of multi-party protocols in a much simpler setting – where the majority of participants are completely honest (such multi-party protocols can exist without requiring any computational assumptions). The IPS paradigm yields protocols that rely on Oblivious Transfer (OT) as a building block. This offers a number of advantages in generality and efficiency.
In contrast to the GMW paradigm, by avoiding the use of zero-knowledge proofs, the IPS paradigm is able to treat the semi-honest protocols as “black boxes”. This allows improvement over previous results in the area of secure computation. In particular, the IPS compiler yields applications such as:
• Conceptually simpler and more efficient ways for basing unconditionally secure cryptography on OT.
• More efficient protocols for generating a large number of OTs using a small number of OTs.
• Secure and efficient protocols which only make a black-box use of cryptographic primitives or underlying algebraic structures in settings where no such protocols were known before.
This chapter is loosely based on several invited talks that the second author has given on the IPS compiler.