a simpler variant of universally composable security for
play

A Simpler Variant of Universally Composable Security for Standard - PowerPoint PPT Presentation

Oct 04, 2023 •466 likes •898 views

A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo e H ebant Ecole Normale Sup erieure February 22, 2018 Chlo e H ebant (ENS) Working Group: SUC Security February 22, 2018 1 / 18

  1. A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo´ e H´ ebant Ecole Normale Sup´ erieure February 22, 2018 Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 1 / 18

  2. Introduction 1 Definition Interest Difficulties SUC Model 2 Communication model and rules π SUC-securely computes F SUC composition theorem Conclusion 3 Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 2 / 18

  3. Introduction Definition Context Protocol Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  4. Introduction Definition Context Protocol Proof of security Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  5. Introduction Definition Context Protocol Proof of security Adversary model → who? → capabilities? → goals? Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  6. Introduction Definition Context Protocol Proof of security Security model Adversary model → who? → capabilities? → goals? Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  7. Introduction Definition Context Protocol Proof of security Security model Adversary model → who? → capabilities? → goals? Indistinguishability → Find-then-Guess → Real-or-Random Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  8. Introduction Definition Context Protocol Proof of security Security model Adversary model → who? → capabilities? → goals? Indistinguishability Simulation → Find-then-Guess → Classical Simulation → Real-or-Random → Universal Composability Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  9. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  10. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  11. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  12. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal protocol, virtual players, ideal adversary Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  13. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal functionality, virtual players, ideal adversary Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  14. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal functionality, virtual players, simulation of the adversary Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  15. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal functionality, virtual players, simulation of the adversary Ensure that an environment Z can’t distinguish between both worlds Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  16. Introduction Definition Definition F x 1 y n x 2 x n y 2 y 1 P 1 P n · · · P 2 Figure 1: Ideal World Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 5 / 18

  17. Introduction Definition Definition F x 1 y n x 2 x n y 2 y 1 P 1 P n · · · P 2 Figure 1: Ideal World Construction of UC protocols: Define the ideal Functionality F Construct a protocol Π that realises F Make the proof: construct a simulator S Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 5 / 18

  18. Introduction Interest Interest 1: A can choose a distribution for the inputs In the UC model, no description of: what are the possible actions of the adversary the order of the requests the number of requests Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 6 / 18

  19. Introduction Interest Interest 1: A can choose a distribution for the inputs In the UC model, no description of: what are the possible actions of the adversary the order of the requests the number of requests The execution is taken as a whole: Z chooses the inputs of P i and A Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 6 / 18

  20. Introduction Interest Interest 1: A can choose a distribution for the inputs In the UC model, no description of: what are the possible actions of the adversary the order of the requests the number of requests The execution is taken as a whole: Z chooses the inputs of P i and A ⇒ Model attacks where the inputs are not uniform Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 6 / 18

  21. Introduction Interest Interest 2: The composition theorem Most important interest: If a protocol is UC secure then it is secure for concurrent executions Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 7 / 18

  22. Introduction Interest Interest 2: The composition theorem Most important interest: If a protocol is UC secure then it is secure for concurrent executions Example 1: UC-commitments → ZK Example 2: UC-secure authenticated key exchange + secure symmetric encryption → Secure channels Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 7 / 18

  23. Introduction Interest Interest 2: The composition theorem Most important interest: If a protocol is UC secure then it is secure for concurrent executions Example 1: UC-commitments → ZK Example 2: UC-secure authenticated key exchange + secure symmetric encryption → Secure channels ⇒ Because of these 2 points, the UC model is more secure than the Find-then-Guess or Real-or-Random models Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 7 / 18

  24. Introduction Difficulties Difficulty to define the ideal functionality Ideal Functionality for Secure Message Transfer Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 8 / 18

  25. Introduction Difficulties Difficulty to define the ideal functionality Ideal Functionality for Secure Message Transfer F l STM proceeds as follows: parameterized by leakage function l : { 0 , 1 } ⋆ → { 0 , 1 } ⋆ , Upon receiving an input (Send , sid , m ) from S , verify that sid = ( S , R , sid ′ ) for some R , else ignore the input. Next, send (Sent , sid , l ( m ) , m ) to R . text = private content Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 8 / 18

  26. Introduction Difficulties Difficulty to define the ideal functionality Ideal Functionality for Secure Message Transfer F l STM proceeds as follows: parameterized by leakage function l : { 0 , 1 } ⋆ → { 0 , 1 } ⋆ , Upon receiving an input (Send , sid , m ) from S , verify that sid = ( S , R , sid ′ ) for some R , else ignore the input. Next, send (Sent , sid , l ( m ) , m ) to R . text = private content For example: leaking l ( m ) = length( m ) is important because no cryptosystem can fully hide the size of the information being encrypted Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 8 / 18

  27. Introduction Difficulties Difficulties in proofs In UC model, proofs more complex than in game based security: no rewind, need extractable inputs ⇒ protocol more complex no end when the adversary wins ⇒ proofs more complex Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 9 / 18

Recommend

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove. ASIACRYPT 2018 J. P. Degabriele M. Fischlin 1 What this talk is about We propose and explore new security definitions for symmetric encryption

819 views • 24 slides
A Universally Composable Framework for the Privacy of Email Ecosystems Pyrros Chaidos 1 , Olga

A Universally Composable Framework for the Privacy of Email Ecosystems Pyrros Chaidos 1 , Olga

A Universally Composable Framework for the Privacy of Email Ecosystems Pyrros Chaidos 1 , Olga Fourtounelli 1 , Aggelos Kiayas 2 , Thomas Zacharias 2 1 : National & Kapodistrian University of Athens 2 : University of Edinburgh This project

557 views • 28 slides
Universally Composable and Privacy-Preserving Audit Logs Using Bulletin Board Anna Kaplan, Zcash

Universally Composable and Privacy-Preserving Audit Logs Using Bulletin Board Anna Kaplan, Zcash

Universally Composable and Privacy-Preserving Audit Logs Using Bulletin Board Anna Kaplan, Zcash Foundation & Technical University of Munich Joint work with Jan Camenisch, Manu Drijvers, and Maria Dubovitskaya (all at DFINITY) Work was

884 views • 30 slides
Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N.

Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N.

Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N. Dttling, G. Hartung, J. Mller-Quade, and M. Nagel Faculty of Computer Science Institute for Theoretical Informatics Research Group for

643 views • 60 slides
Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel

Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel

Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel Jost Ueli Maurer ETH Zurich Crypto 2020, August 17-21, 2020 Motivation: how to best define security? Aug 17, 2020 2 Daniel Jost Defining Security

1.25k views • 46 slides
EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE & EXTENSIBLE REST API REST API Thierry Delprat td@nuxeo.com https://github.com/tiry/ AGENDA AGENDA Quick introduction provide some context API design

1.37k views • 75 slides
Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

handshake 1 Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g , where K fg can be hash AB authentication not mutual connection hijacking off-line password attack compromise of database

424 views • 16 slides
Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in my patient pathogenic or benign? "The Doctor" by Sir Luke Fildes (1891) Drop in genome price drives increase in patient variant

500 views • 22 slides
<? <?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant

<? <?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant

<? <?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant v_ret; ; Variant Variant v_a v_a; ; v_ret v_ret = = f_foo f_foo(v_a (v_a); ); Facebook 2010 (confidential) <?php <?

287 views • 12 slides
N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented

N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented

N-variants N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented by: Stephen McLaughlin Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through N-variants The

549 views • 28 slides
IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be

IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be

IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be delegated until appropriate variant management solutions are developed http://www.icann.org/en/groups/board/do

533 views • 31 slides
Iteration hypotheses and the strong sealing of universally Baire sets W. Hugh Woodin Harvard

Iteration hypotheses and the strong sealing of universally Baire sets W. Hugh Woodin Harvard

Iteration hypotheses and the strong sealing of universally Baire sets W. Hugh Woodin Harvard University November 2018 Universally Baire sets Definition (Feng-Magidor-Woodin) A set A R n is universally Baire if: For all topological

1.23k views • 88 slides
Variant Effect Predictor Demo: The Variant Effect Predictor (VEP)

Variant Effect Predictor Demo: The Variant Effect Predictor (VEP)

Variant Effect Predictor Demo: The Variant Effect Predictor (VEP) We have identified five variants on human chromosome nine, an A deletion at 128328461, C->A

301 views • 7 slides
Variant-Related Issues Variant TLD Issues Project Goal

Variant-Related Issues Variant TLD Issues Project Goal

Variant-Related Issues Variant TLD Issues Project Goal Iden0fy and agree on issues related to variants that should be included in the report 2

218 views • 10 slides
Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2.

Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2.

Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2. Alignment processing 3. SNP calling 4. Short indel calling 5. VCF format 6. Structural Variation Jorge Jimnez Variant calling jjimeneza@cipf.es

1.12k views • 40 slides
SimpleR SimpleR - goals and intentions A Windows-based interface to R for basic statistics T

SimpleR SimpleR - goals and intentions A Windows-based interface to R for basic statistics T

SimpleR SimpleR - goals and intentions A Windows-based interface to R for basic statistics T Wants to S lower entry barriers for Windows users S support 90% of the needs of 90% of Gunther Maier (potential) users T Does NOT want to Vienna

426 views • 3 slides
1 Variant II: Command Consensus (BG) Variant III: Interactive Consistency (IC) Variant II:

1 Variant II: Command Consensus (BG) Variant III: Interactive Consistency (IC) Variant II:

Coordination Coordination If the solution to availability and scalability is to decentralize and replicate functions and data, how do we coordinate the nodes? data consistency Failures and Consensus Failures and Consensus update

308 views • 6 slides
IDN Variant TLD Implementation Status, Recommendations and Next Steps GNSO Council 18 April 2019

IDN Variant TLD Implementation Status, Recommendations and Next Steps GNSO Council 18 April 2019

IDN Variant TLD Implementation Status, Recommendations and Next Steps GNSO Council 18 April 2019 | 1 Objectives of This Session What: Understand 1. 1. IDN variant top-level domains (TLDs) 2. Status of IDN variant TLDs 3. Next

474 views • 24 slides
REBUILDING THE MONOLITH WITH COMPOSABLE APPS

REBUILDING THE MONOLITH WITH COMPOSABLE APPS

REBUILDING THE MONOLITH WITH COMPOSABLE APPS https://www.quora.com/Why-are-front-end-developers-so-high-in-demand-at-startups-if-front-end-development-is-relatively-easier-than-other-fields-of-engineering 2013

1.17k views • 87 slides
When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to help I'm from security and I'm here to help Government Digital Service Simpler, Clearer, Faster The state of information security in 2015

844 views • 70 slides
Making State Government Simpler, Faster, Better, and Less Costly Michael Buerger and Rich

Making State Government Simpler, Faster, Better, and Less Costly Michael Buerger and Rich

Making State Government Simpler, Faster, Better, and Less Costly Michael Buerger and Rich Martinski February 10, 2014 SIMPLER. FASTER. BETTER. LESS COSTLY. SIMPLER. FASTER. BETTER. LESS COSTLY. 7 Steps to Implementing Lean

910 views • 37 slides
LONELINESS It is strange to be known so universally and yet to be so lonely. ALBERT

LONELINESS It is strange to be known so universally and yet to be so lonely. ALBERT

LONELINESS It is strange to be known so universally and yet to be so lonely. ALBERT EINSTEIN NEW-SITUATION IM DIFFERENT NO-SWEETHEART TYPES OF NO-ANIMAL LONELINESS NO-TIME-FOR-ME UNTRUSTWORTHY-FRIENDS QUIET-PRESENCE

514 views • 39 slides
VICTORIA PARK M e e t i n g A g e n d a Project Manager: Alice Messer | Cheeneng Yang U n i v

VICTORIA PARK M e e t i n g A g e n d a Project Manager: Alice Messer | Cheeneng Yang U n i v

UNIVERSALLY ACCESSIBLE PL AY AREA | VICTORIA PARK Meeting #3 - September 7, 2016 Universally Accessible Play Area Design Advisory Committee Agenda August 3, 2016 781 Palace Avenue 6:00 to 8:00 pm 1. Welcome (6:00 pm) 2. Recap from

241 views • 8 slides
GHUMVEE: Efficient, Effective and Flexible Replication Stijn Volckaert Computer Systems Lab

GHUMVEE: Efficient, Effective and Flexible Replication Stijn Volckaert Computer Systems Lab

Vakgroep ELIS GHUMVEE: Efficient, Effective and Flexible Replication Stijn Volckaert Computer Systems Lab Ghent University Belgium N-modular Redundancy variant 1 input variant 2 monitor output variant 3 equivalent components 2

450 views • 16 slides

More recommend