(2026-05) On Succinct Non-Interactive Secure Computation with Malicious Security
2026-05-08
A non-interactive secure computation (NISC) protocol allows a client with input and a server with input to compute using a single message from the client and a single response from the server. The protocol is called succinct if the size of the server’s message depends only on the output length and is independent of the size of and the complexity of . In the semi-honest setting, succinct NISC is known from fully homomorphic encryption (FHE). In contrast, malicious security is currently known only from non-standard assumptions, such as SNARKs for NP.
In this work, we construct maliciously secure succinct NISC protocols for natural and widely studied functionalities from standard assumptions, namely, FHE and batch arguments (BARGs). Our first result is a protocol for private set membership (PSM): the client holds an element , the server holds a large set , and the function outputs if and only if . We then give several generalizations:
- Dictionary lookup: The server holds a dictionary of key–value pairs, the client’s input is a key , and the output is .
- Verifiable dictionary lookup: The server’s dictionary must additionally satisfy a predicate , computable by a read-once machine with small state.
- UP search: The client input is an instance , and the output is , where is the unique witness for under some UP relation.
Our protocols achieve split-simulation security against a malicious server and standard security against a malicious client. Split-simulation is a relaxation of the standard real-ideal paradigm, where correctness of the client’s output and indistinguishability of the server’s view are guaranteed separately.
At the heart of our results lies a new simulation technique in which the server’s large input is extracted piece by piece and reconstructed into a coherent input. This reconstruction is enabled by a new monotone coupling argument based on Strassen’s theorem.