Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Two-Party Matrix Multiplication from Lattices and Its Application to Encrypted Control

Kaoru Teranishi

Abstract

In this study, we propose a two-party computation protocol for approximate matrix multiplication of fixed-point numbers. The proposed protocol is provably secure under standard lattice-based cryptographic assumptions and enables matrix multiplication at a desired approximation level within a single round of communication. We demonstrate the feasibility of the protocol by applying it to the secure implementation of a linear control law. Our evaluation reveals that the client achieves lower online computational complexity compared to the original controller computation, while ensuring the privacy of controller inputs, outputs, and parameters. Furthermore, a numerical example confirms that the proposed method maintains sufficient precision of control inputs even in the presence of approximation and quantization errors.

Secure Two-Party Matrix Multiplication from Lattices and Its Application to Encrypted Control

Abstract

In this study, we propose a two-party computation protocol for approximate matrix multiplication of fixed-point numbers. The proposed protocol is provably secure under standard lattice-based cryptographic assumptions and enables matrix multiplication at a desired approximation level within a single round of communication. We demonstrate the feasibility of the protocol by applying it to the secure implementation of a linear control law. Our evaluation reveals that the client achieves lower online computational complexity compared to the original controller computation, while ensuring the privacy of controller inputs, outputs, and parameters. Furthermore, a numerical example confirms that the proposed method maintains sufficient precision of control inputs even in the presence of approximation and quantization errors.
Paper Structure (13 sections, 3 theorems, 21 equations, 3 figures)

This paper contains 13 sections, 3 theorems, 21 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Notations
  4. Secret sharing
  5. Lattice Problems
  6. Learning with errors
  7. Short integer solution
  8. Two-Party Matrix Multiplication
  9. Approximate inner product from LWE and SIS
  10. Proposed protocol
  11. Security Analysis
  12. Application to Encrypted Control
  13. Conclusion

Key Result

Lemma 1

Consider the $\mathsf{Mult}$ protocol in Fig. fig:protocol. Under Assumption asm:bounded-dist with $\sigma=3.2$ and $B = 10 \sigma$, if then it holds that for all $X \in \mathbb{Q}_{\langle k, \ell \rangle}^{d_1 \times d_2}$ and $Y \in \mathbb{Q}_{\langle k, \ell \rangle}^{d_2 \times d_3}$, where $\bar{Z} = \mathsf{Reconst}(\llbracket\bar{Z}\rrbracket)$ and $R = \mathsf{Reconst}(\llbracket R\rrb

Figures (3)

  • Figure 1: Two-party matrix multiplication protocol $\mathsf{Mult}$ consisting of three subroutines: $\mathsf{Setup}$, $\mathsf{Offline}$, and $\mathsf{Online}$. Public parameters include the bit lengths $(k, \ell)$, matrix dimensions $(d_1, d_2, d_3)$, LWE parameters $(n, q, \sigma)$, and the SIS parameter $t$.
  • Figure 2: Signal flow of the modified $\mathsf{Mult}.\mathsf{Online}$ subroutine. The time index $\tau$ is omitted for clarity.
  • Figure 3: Control input errors $\| \tilde{u}(\tau) - \hat{u}(\tau) \|_{\max}$ (blue solid line) and $\| u(\tau) - \hat{u}(\tau) \|_{\max}$ (red dashed line). Here, $u(\tau)$, $\tilde{u}(\tau)$, and $\hat{u}(\tau)$ denote the control inputs computed by \ref{['eq:control']}, \ref{['eq:encoded-control']}, and \ref{['eq:approximate-control']}, respectively.

Theorems & Definitions (9)

  • Definition 1: Secret sharing
  • Definition 2: LWE
  • Definition 3: SIS
  • Lemma 1
  • proof
  • Theorem 1
  • proof
  • Theorem 2
  • Remark 1