breaking the circuit size barrier in secret sharing
play

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu - PowerPoint PPT Presentation

Feb 16, 2024 •40 likes •790 views

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret Secret Sharing

  1. Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018

  2. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret

  3. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3

  4. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3

  5. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret?

  6. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret? Threshold Secret Sharing [Shamir’79] Any subset of ≥ k participants can recover the secret. Any subset of < k participants learns no information.

  7. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret? Threshold Secret Sharing [Shamir’79] Any subset of ≥ k participants can recover the secret. Any subset of < k participants learns no information. General Secret Sharing [ISN’89] monotone F : { 0 , 1 } n → { 0 , 1 } Any subset X that F ( X ) = 1 can recover the secret. Any subset X that F ( X ) = 0 learns no information.

  8. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret? Threshold Secret Sharing [Shamir’79] Any subset of ≥ k participants can recover the secret. Any subset of < k participants learns no information. General Secret Sharing [ISN’89] monotone F : { 0 , 1 } n → { 0 , 1 } Any subset X that F ( X ) = 1 can recover the secret. Any subset X that F ( X ) = 0 learns no information.

  9. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire ◮ Output wire tag: the secret s � ◮ AND gate: additively share the output wire tag ◮ OR gate: copy the output wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  10. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire ◮ Output wire tag: the secret s � ◮ AND gate: additively share the output wire tag ◮ OR gate: copy the output wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  11. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s ◮ Output wire tag: the secret s � ◮ AND gate: additively share the output wire tag ◮ OR gate: copy the output wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  12. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  13. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  14. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  15. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  16. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  17. Key Complexity Measure: Total Share Size Upper Bounds Share size = O (monotone formula size) [Benaloh-Leichter’88]

  18. Key Complexity Measure: Total Share Size Upper Bounds Share size = O (monotone formula size) [Benaloh-Leichter’88] Share size = O (monotone span program size) [Karchmer-Wigderson’93]

  19. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) .

  20. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) . Lower Bounds Exists an explicit F s.t. total share size = ˜ Ω( n 2 ). [Csirmaz’97]

  21. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) . Lower Bounds Exists an explicit F s.t. total share size = ˜ Ω( n 2 ). [Csirmaz’97] (No better lower bounds, even existentially.)

  22. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) . Lower Bounds Exists an explicit F s.t. total share size = ˜ Ω( n 2 ). [Csirmaz’97] (No better lower bounds, even existentially.) Can we do better? 30 + -year-old open problem

  23. Our Results Yes, we can! Theorem 1 Every monotone F has a secret sharing scheme with share size 2 0 . 994 n .

  24. Key Complexity Measure: Total Share Size Upper Bounds: Linear Linear Secret Sharing Linear 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = Θ(monotone span program size) ≤ poly( n ) . Lower Bounds: Linear Linear Secret Sharing Linear Exists { F n } s.t. total share size = ˜ Ω(2 n / 2 ). Can we do better?

  25. Key Complexity Measure: Total Share Size Upper Bounds: Linear Linear Secret Sharing Linear 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = Θ(monotone span program size) ≤ poly( n ) . Lower Bounds: Linear Linear Secret Sharing Linear Exists { F n } s.t. total share size = ˜ Ω(2 n / 2 ). (2 Ω( n ) for an explicit { F n } [Pitassi-Robere’18]) Can we do better?

  26. Our Results Yes, we can! Theorem 2 Every monotone F has a linear secret sharing with share size 2 0 . 999 n .

  27. Our Results Yes, we can! Theorem 2 Every monotone F has a linear secret sharing with share size 2 0 . 999 n . Corollary Every monotone F has a monotone span program of size 2 0 . 999 n .

  28. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I Prop. II

  29. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II

  30. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II 2 n Formula size � log(#Monotone Functions) ≥ poly( n )

  31. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II 2 n Formula size × log(#Base Gates) ≥ log(#Monotone Functions) ≥ poly( n )

  32. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II 2 n Formula size × log(#Base Gates) ≥ log(#Monotone Functions) ≥ poly( n ) ⇒ Requires 2 ˜ Ω(2 n ) gates in formula basis. =

  33. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n using an extended basis of 2 ˜ Ω(2 n ) gates Prop. II

  34. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n using an extended basis of 2 ˜ Ω(2 n ) gates Prop. II every gate in the basis is a monotone function that has an efficient secret sharing scheme

Recommend

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod Vaikuntanathan Hoeteck Wee MIT MIT CNRS and ENS May 6, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret s { 0 , 1 }

1.02k views • 85 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
Breaking the sample size barrier in reinforcement learning via model-based methods

Breaking the sample size barrier in reinforcement learning via model-based methods

Breaking the sample size barrier in reinforcement learning via model-based methods plug-in Yuxin Chen EE, Princeton University Gen Li Yuejie Chi Yuantao Gu Yuting Wei Tsinghua EE CMU ECE Tsinghua EE CMU

912 views • 72 slides
Breaking the Sample Size Barrier in Model-Based Reinforcement Learning Yuting Wei Carnegie

Breaking the Sample Size Barrier in Model-Based Reinforcement Learning Yuting Wei Carnegie

Breaking the Sample Size Barrier in Model-Based Reinforcement Learning Yuting Wei Carnegie Mellon University Nov, 2020 Gen Li Yuejie Chi Yuantao Gu Yuxin Chen Tsinghua EE CMU ECE Tsinghua EE Princeton EE Reinforcement learning (RL) 3 /

1.57k views • 78 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion &amp; UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013 Outline 1. Introduction 2. Shamir Secret Sharing and Habeeb-Kahrobaei-Shpilrain secret sharing 3. Adjustments to HKS secret sharing and analysis

444 views • 27 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and Dominique Schrder Friedrich-Alexander University Erlangen-Nrnberg Homomorphic Secret Sharing A secret-sharing scheme allows a client to share his

247 views • 14 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with Vipul Goyal, Raghu Meka, and Amit Sahai Secret Sharing secret s n s 1 s i Correctness: Any out of parties can

1.72k views • 144 slides
A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su, Xiaoguang Liu, Gang Wang, (Nankai University) and Sheng Lin (Tianjin University of Technology). September 12, 2014 Secret sharing schemes Secret

1.43k views • 86 slides
Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic

Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic

Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic dependency model of parallel texts Matthias Buch-Kromann Copenhagen Business School Theoretical and Methodological Issues in Machine Translation Skvde,

373 views • 25 slides
Rotor-routing, smoothing kernels, and reduction of variance: breaking the O(1/n) barrier Jim

Rotor-routing, smoothing kernels, and reduction of variance: breaking the O(1/n) barrier Jim

Rotor-routing, smoothing kernels, and reduction of variance: breaking the O(1/n) barrier Jim Propp (UMass Lowell) ICERM Computational Challenges in Probability Seminar September 11, 2012 Slides for this talk are on-line at

833 views • 48 slides
Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 &amp; MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa Starting to record Nuclear launch codes A judge, president and general receive shares ! , &quot; , # of a secret from a

473 views • 35 slides
Formal Verification Tutorial Breaking Through the Knowledge Barrier Sean Safarpour -

Formal Verification Tutorial Breaking Through the Knowledge Barrier Sean Safarpour -

Formal Verification Tutorial Breaking Through the Knowledge Barrier Sean Safarpour - Synopsys, Inc. Iain Singleton - Synopsys, Inc. Shaun Feng - Samsung Austin R&amp;D Center Syed Suhaib - Nvidia Corp. Mandar Munishwar - Qualcomm, Inc.

1.48k views • 135 slides
Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 + a 0 . is specified by coefficients a d ,... a 0 . Share secret among n people. Polynomials. P ( x ) contains point ( a , b ) if b = P ( a ) .

221 views • 8 slides
Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini Vasudevan UC Berkeley Secret Sharing [Shamir 79, Blakley 79] Share 1 , , Reconstruction: Given at least

1.45k views • 20 slides
Aqueous Dispersions of Polyolefins Breaking the Extrusion Barrier Ronald Wevers Session 6.2 ,

Aqueous Dispersions of Polyolefins Breaking the Extrusion Barrier Ronald Wevers Session 6.2 ,

Place for, company logo from speaker Aqueous Dispersions of Polyolefins Breaking the Extrusion Barrier Ronald Wevers Session 6.2 , Paper 7633 What comes to mind when you think of polyolefins ? Films Plastic Pellets Molded Articles &amp;

429 views • 20 slides
Breaking down the communication barrier: : How to talk lk about Scope 3 effectively Carbon

Breaking down the communication barrier: : How to talk lk about Scope 3 effectively Carbon

Breaking down the communication barrier: : How to talk lk about Scope 3 effectively Carbon Credentials 19/09/2019 www.carboncredentials.com www.carboncredentials.com www.carboncredentials.com Speakers Chair Sam Ca Sa Carson Emma Wats

1.02k views • 35 slides
Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of

Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of

Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of Mathematics and Computer Science 52 MIGHTY Conference, Indiana State University, Terre Haute IN. April 27-28, 2012 Mustafa Atici Secret Sharing Scheme

461 views • 21 slides
Hardware Design with VHDL Combinational Circuit Design ECE 443 Combinational Circuit Design This

Hardware Design with VHDL Combinational Circuit Design ECE 443 Combinational Circuit Design This

Hardware Design with VHDL Combinational Circuit Design ECE 443 Combinational Circuit Design This slide set covers Derivation of efficient HDL description Operator sharing Functionality sharing Layout-related circuits

672 views • 50 slides

More recommend