better 2 round adaptive mpc
play

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and - PowerPoint PPT Presentation

Oct 30, 2023 •143 likes •974 views

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of MPC Adaptive corruptions: Adaptive corruptions: adversary can decide who to corrupt adaptively during the adversary can decide who to corrupt

  1. Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU

  2. Adaptive Security of MPC Adaptive corruptions: Adaptive corruptions: adversary can decide who to corrupt adaptively during the adversary can decide who to corrupt adaptively execution during the execution

  3. Adaptive Security of MPC Adaptive corruptions: adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n )

  4. Adaptive Security of MPC Adaptive corruptions: adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n )

  5. Adaptive Security of MPC Adaptive corruptions: adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n )

  6. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n ) 2. simulate r i of corrupted parties, consistent with communication and x i x j r j

  7. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: x j r j c = Enc(m; r) Example: encryption

  8. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate fake ciphertext c (without knowing m) x j r j c = Enc(m; r) Example: encryption

  9. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate fake ciphertext c (without knowing m) 2. upon corruption, learn m and provide consistent r, sk x j r j c = Enc(m; r) Example: encryption

  10. Full Adaptive Security Full adaptive security: ● No erasures

  11. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted

  12. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted

  13. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted Fully adaptively secure, constant rounds protocols appeared only recently: CGP15, DKR15, GP15. Before: number of rounds ~ depth of the circuit (e.g. CLOS02)

  14. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted Fully adaptively secure, constant rounds protocols appeared only recently: CGP15, DKR15, GP15. Before: number of rounds ~ depth of the circuit (e.g. CLOS02) Full adaptive security for randomized functionalities: ● Randomness of the computation remains hidden even when all parties are corrupted

  15. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted Fully adaptively secure, constant rounds protocols appeared only recently: CGP15, DKR15, GP15. Before: number of rounds ~ depth of the circuit (e.g. CLOS02) Full adaptive security for randomized functionalities: ● Randomness of the computation remains hidden even when all parties are corrupted Example: F internally chooses random primes p, q, and outputs N = pq. Most protocols (e.g. CLOS02) reveal p, q, when all parties are corrupted.

  16. Full Adaptive Security # of # of rounds assumptions parties Canetti, Goldwasser, 2 2 OWF Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF Rao’15 iO Garg, Polychroniadou’15 n 2 TDP subexp. iO Only 3 fully adaptively secure protocols with constant rounds - but with a CRS* Only one of them is 2 round MPC. *need a CRS even for HBC case!

  17. Full Adaptive Security # of # of rounds assumptions parties Canetti, Goldwasser, 2 2 OWF Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF Rao’15 iO Garg, Polychroniadou’15 n 2 TDP subexp. iO Q1: can we build 2 round MPC with global (non-programmable) CRS?

  18. Full Adaptive Security # of # of rounds assumptions global CRS parties Canetti, Goldwasser, 2 2 OWF + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS?

  19. Full Adaptive Security # of # of rounds assumptions global CRS parties Canetti, Goldwasser, 2 2 OWF + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)?

  20. Full Adaptive Security # of # of rounds assumptions global CRS randomized parties functionalities Canetti, Goldwasser, 2 2 OWF + + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)?

  21. Full Adaptive Security # of # of rounds assumptions global CRS randomized parties functionalities Canetti, Goldwasser, 2 2 OWF + + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)? Q3: can we build 2 round MPC from weaker assumptions? (e.g. remove the need for subexp. iO)

  22. Full Adaptive Security # of # of rounds assumptions global CRS randomized parties functionalities Canetti, Goldwasser, 2 2 OWF + + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - - subexp. iO (even in HBC case) This work n 2 injective OWF + + iO (comp. close) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)? Q3: can we build 2 round MPC from weaker assumptions? (e.g. remove the need for subexp. iO)

  23. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed.

  24. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed. The first two-round fully adaptive MPC without subexp. iO assumption; The first two-round fully adaptive MPC with global CRS.

  25. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed. The first two-round fully adaptive MPC without subexp. iO assumption; The first two-round fully adaptive MPC with global CRS. Part II: Theorem (informal): Assuming iO for circuits and TDPs, there exists RAM-efficient statistically sound NIZK .

  26. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed. The first two-round fully adaptive MPC without subexp. iO assumption; The first two-round fully adaptive MPC with global CRS. Part II: Theorem (informal): Assuming iO for circuits and TDPs, there exists RAM-efficient statistically sound NIZK . Theorem (GP15, our work): Assuming subexp. iO for circuits and RAM-efficient statistically sound NIZK, there exists 2-round, fully-adaptively-secure, RAM-efficient byzantine MPC protocol.

  27. Part I: HBC protocol with global CRS

  28. First attempt PK x i = Enc PK (x i ) x 1 x 2 x n ...

  29. First attempt - decrypt each using SK PK - output f(x 1 , …, x n ) x i = Enc PK (x i ) x 1 x 2 x n ...

  30. First attempt - decrypt each using SK PK - output f(x 1 , …, x n ) x i = Enc PK (x i ) x 1 x 2 x n ... x 1 x 2 x n ... - decrypt each using SK - output f(x 1 , …, x n ) y = f(x 1 , x 2 , …, x n )

  31. First attempt - decrypt each using SK PK - output f(x 1 , …, x n ) x i = Enc PK (x i ) x 1 x 2 x n ... x 1 x 2 ’ x n ... - decrypt each using SK - output f(x 1 , …, x n ) y’ = f(x 1 , x 2 ’…, x n )

  32. Second attempt PK x i = Commit(x i ; r i ) = Enc PK (x i ||r i ) x i r i opening of comm x 1 x 2 x n ... x 1 r 1 x 2 r 2 x n r n ...

  33. Second attempt - decrypt each using SK PK - verify each x i = Commit(x i ; r i ) - output f(x 1 , …, x n ) = Enc PK (x i ||r i ) x i r i opening of comm x 1 x 2 x n ... x 1 r 1 x 2 r 2 x n r n ...

Recommend

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Most traditional stories are like a round, crocheted potholder. The storyteller goes round and

Most traditional stories are like a round, crocheted potholder. The storyteller goes round and

Alberta Jones Assistant Professor, School of Education, U of A Southeast Ph.D. Candidate-Indigenous Studies, U of A Fairbanks June, 2016 Most traditional stories are like a round, crocheted potholder. The storyteller goes round and round

575 views • 20 slides
th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round

th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round

th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round Robin Unity Ride District Patch Sonny Decker & Jeff Hawk Merry-Go-Round & The Round Robin These month-long events are intended for our

841 views • 22 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2

210 views • 7 slides
From passivity-based adaptive control to LMI tuned adaptive control or how Alexander Fradkov

From passivity-based adaptive control to LMI tuned adaptive control or how Alexander Fradkov

From passivity-based adaptive control to LMI tuned adaptive control or how Alexander Fradkov convinced me that direct adaptive control can be robust Dimitri Peaucelle FRontiers of ADaptive and nonlinear CONtrol (FRADCON 2018) ECC Workshop,

628 views • 19 slides
Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the

Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the

UN EGM on Strengthening the Demographic Evidence Base For The Post-2015 Development Agenda, New York, 5-6 October 2015 Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the post-2 0 1 5 developm ent

420 views • 15 slides
INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#?

INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#?

-1- INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#? would you know 1 2 Round 2 - Science and Nature 2 3 Round 3 - Box and Flix 3 4 Round 3 - Balderdash 4 1. Round 1: What the @#? would you

535 views • 5 slides
Group Sequential and Adaptive Designs Part II: Adaptive Designs May 2, 2015 Cyrus Mehta, Ph.D.

Group Sequential and Adaptive Designs Part II: Adaptive Designs May 2, 2015 Cyrus Mehta, Ph.D.

Group Sequential and Adaptive Designs Part II: Adaptive Designs May 2, 2015 Cyrus Mehta, Ph.D. Cytel Inc. Adaptive Designs Adaptive designs are defined as: changes in design or analyses guided by examination of the accumulated

1.11k views • 64 slides
A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented by Orhun Kara 1 Outline The AES A 5-round distinguisher Attack on 7-round AES-192, AES-256 and 8-round AES-256 Some optimizations

504 views • 19 slides
Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes Xiaoyang Dong and Xiaoyun Wang Shandong University, Tsinghua University FSE 2017 Tokyo, Japan Outline 2 Secret-key and Open-key Models u

526 views • 24 slides
Neural Nets for Adaptive Filter and Adaptive Neural Nets as Adaptive Filters Pattern Recognition

Neural Nets for Adaptive Filter and Adaptive Neural Nets as Adaptive Filters Pattern Recognition

Neural Nets for Adaptive Filter and Adaptive Pattern Recognition Brian Young Article Context Neural Nets for Adaptive Filter and Adaptive Neural Nets as Adaptive Filters Pattern Recognition Adaptive Filters Min. Disturb. and LMS

976 views • 23 slides
Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and Memory Complexities Orr Dunkelman Achiya Bar-On Eyal Ronen Nathan Keller Adi Shamir AES AES is the best known and most widely used secret

863 views • 58 slides
Beyond Adaptive Submodularity: Approximation Guarantees of Greedy Policy with Adaptive

Beyond Adaptive Submodularity: Approximation Guarantees of Greedy Policy with Adaptive

Beyond Adaptive Submodularity: Approximation Guarantees of Greedy Policy with Adaptive Submodularity Ratio Kaito Fujii (UTokyo) & Shinsaku Sakaue (NTT) The 36th I nternational Conference on Machine Learning Jun. 12, 2019 Application: I n fl

955 views • 30 slides
American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch

American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch

American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch Jim Bowers Western Area Chairman ME MERRY RRY-GO GO-RO ROUND ND Su Supp pporti ting Chi hildr dren & & Youth th Program ams

365 views • 17 slides
The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons

The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons

Lorem Ipsum Dolor The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons - 1 1. What goes up often comes down 2. Be risk aware 3. When you are offered money to buy the business, consider it carefully

379 views • 9 slides
I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday,

I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday,

I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday, May 3 Wednesday, May 4 Thursday, May 5 Trees Atlanta Lou Walker Senior Center Greenforest Baptist Church 225 Chester Avenue 2538 Panola Road

879 views • 59 slides
THE ADAPTIVE COOKING PROGRAM LONDON, ONTARIO What Is Adaptive Cooking? Consideration Of:

THE ADAPTIVE COOKING PROGRAM LONDON, ONTARIO What Is Adaptive Cooking? Consideration Of:

THE ADAPTIVE COOKING PROGRAM LONDON, ONTARIO What Is Adaptive Cooking? Consideration Of: Disability Age Cognitive Function Financial Status Living Situation Disabilities Sight Varying degrees of dependence Low

524 views • 16 slides
k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,

1.03k views • 85 slides
School Improvement Grant (SIG) Round 5 and School Innovation Fund (SIF) Round 3 Informational

School Improvement Grant (SIG) Round 5 and School Innovation Fund (SIF) Round 3 Informational

School Improvement Grant (SIG) Round 5 and School Innovation Fund (SIF) Round 3 Informational Webinar January 2014 Webinar Agenda Background Priority Schools - options and eligibility Overview of RFPs Proposal Narratives

380 views • 18 slides
BPM ROUND TABLE Successful Valorization of Business Process Management Re- search Through the

BPM ROUND TABLE Successful Valorization of Business Process Management Re- search Through the

EUROPEAN BPM ROUND TABLE Successful Valorization of Business Process Management Re- search Through the European BPM Round Table The European BPM Round Table is a lenges that urgently need to be ad- federation of 21 national BPM round dressed by

182 views • 4 slides
DFW Experience With Rhythm Adaptive Signal Control Rhythm Adaptive Signal Control April 13 2012

DFW Experience With Rhythm Adaptive Signal Control Rhythm Adaptive Signal Control April 13 2012

DFW Experience With Rhythm Adaptive Signal Control Rhythm Adaptive Signal Control April 13 2012 Michael Pacelli, City of Grapevine Paul Luedtke, HDR Engineering, Inc. John Black, City of Richardson What is it? The InSync adaptive system

538 views • 33 slides
2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and

2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and

2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and Process What makes a good application/Tips for applying Questions Who We Are: Over Sixty Years of Community Philanthropy in the Geelong

614 views • 22 slides
Adaptive Design of a Unidirectional Adaptive Design of a Unidirectional Source in a Duct Source

Adaptive Design of a Unidirectional Adaptive Design of a Unidirectional Source in a Duct Source

ISMA23 - International Conference on Noise and Vibration Engineering HELSINKI UNIVERSITY OF TECHNOLOGY Sept. 16-18, 1998, Leuven, Belgium Adaptive Design of a Unidirectional Adaptive Design of a Unidirectional Source in a Duct Source in a

566 views • 21 slides
COMMUNITY CONTRIBUTION FUND (CCF) Round 9, September 2015 TA11 CCF Summary 2011 -2015 Round

COMMUNITY CONTRIBUTION FUND (CCF) Round 9, September 2015 TA11 CCF Summary 2011 -2015 Round

TA10 COMMUNITY CONTRIBUTION FUND (CCF) Round 9, September 2015 TA11 CCF Summary 2011 -2015 Round Funds Granted Funds not Granted Round 1 - September 2011 $32,878 $4,300 Round 2 - March 2012 $26,715 $1,442 Round 3 - September 2012

171 views • 6 slides

More recommend