collaborators arash afshar zhangxiang hu payman mohassel
play

. Collaborators: Arash Afshar / Zhangxiang Hu / Payman Mohassel .. - PowerPoint PPT Presentation

Apr 13, 2023 •130 likes •1.11k views

Secure Computation with Sublinear Cost Mike Rosulek . Collaborators: Arash Afshar / Zhangxiang Hu / Payman Mohassel .. .. .. .. .. .. .. . . . . . . f x y f x y Examples: Run proprietary classifier x on private data y Evaluate

  1. Secure Computation with Sublinear Cost Mike Rosulek . Collaborators: Arash Afshar / Zhangxiang Hu / Payman Mohassel .. .. .. .. .. .. .. . . .

  2. . . . f x y f x y Examples: Run proprietary classifier x on private data y Evaluate statistics on combined medical records x & y Secure 2-party computation y x . . . . .. .. .. .. .. .. .. . . .

  3. . . . f x y f x y Examples: Run proprietary classifier x on private data y Evaluate statistics on combined medical records x & y Secure 2-party computation y x . . . . .. .. .. .. .. .. .. . . .

  4. . Examples: Run proprietary classifier x on private data y Evaluate statistics on combined medical records x & y Secure 2-party computation y x . . . . . . f ( x , y ) f ( x , y ) .. .. .. .. .. .. .. . . .

  5. . . f x y Examples: Run proprietary classifier x on private data y Evaluate statistics on combined medical records x & y Secure 2-party computation y x . . . . . . f ( x , y ) .. .. .. .. .. .. .. . . .

  6. . . f x y Secure 2-party computation y x . . . . . . f ( x , y ) Examples: ▶ Run proprietary classifier x on private data y ▶ Evaluate statistics on combined medical records x & y ▶ · · · .. .. .. .. .. .. .. . . . .

  7. f x y doesn’t depend on these bits of y protocol never touches these y . . . . . . f x y Example: y genetic database x DNA markers f x y diagnosis in general , security demands that all of the data is touched Fundamental Limits y x . . . . . .. .. .. .. .. .. .. . . . .

  8. f x y doesn’t depend on these bits of y . . Example: y genetic database x DNA markers f x y diagnosis in general , security demands that all of the data is touched Fundamental Limits protocol never touches these y y x . . . . . . . . f ( x , y ) .. .. .. .. .. .. .. . . . .

  9. protocol never touches these . . in general , security demands that all of the data is touched Fundamental Limits f ( x , y ) doesn’t depend on these bits of y y y x . . . . . . . f ( x , y ) Example: ▶ y = genetic database ▶ x = DNA markers ▶ f ( x , y ) = diagnosis .. .. .. .. .. .. .. . . . .

  10. protocol never touches these . . Fundamental Limits f ( x , y ) doesn’t depend on these bits of y y y x . . . . . . . f ( x , y ) Example: ▶ y = genetic database ▶ x = DNA markers ▶ f ( x , y ) = diagnosis ⇒ in general , security demands that all of the data is touched .. .. .. .. .. .. .. . . . .

  11. . “to securely evaluate f, first express f as a boolean circuit, then ...” Limits of Standard Techniques . . .. .. .. .. .. .. .. . . . .

  12. “to securely evaluate f, first express f as a boolean circuit, then ...” Limits of Standard Techniques . . .. .. .. .. .. .. .. . . . .

  13. Limits of Standard Techniques . . “to securely evaluate f, first express f as a boolean circuit, then ...” .. .. .. .. .. .. .. . . . .

  14. . Limits of Standard Techniques . . “to securely evaluate f, first express f as a boolean circuit, then ...” .. .. .. .. .. .. .. . . . .

  15. 2: General-purpose 2PC scales with size of circuit representa- tion , which is always at least linear in input size. What We’re Up Against 1: . Security requires protocol cost at least linear in size of in- puts (in general!) .. .. .. .. .. .. .. . . . .

  16. What We’re Up Against 1: . Security requires protocol cost at least linear in size of in- puts (in general!) 2: General-purpose 2PC scales with size of circuit representa- tion , which is always at least linear in input size. .. .. .. .. .. .. .. . . .

  17. 2: Protocol must “touch every bit”, but amortize this cost across many executions. In this talk: 1: . Instead of circuits, use a representation that can actually be sublinear in size. .. .. .. .. .. .. .. . . . .

  18. In this talk: 1: . Instead of circuits, use a representation that can actually be sublinear in size. 2: Protocol must “touch every bit”, but amortize this cost across many executions. .. .. .. .. .. .. .. . . . .

  19. read, M read, . . . . . . . M write, , x M x ok RAM program need not touch every bit of memory. RAM programs . . . . . cpu memory small internal state .. .. .. .. .. .. .. . . . .

  20. read, . . . . . M write, , x M x ok RAM program need not touch every bit of memory. RAM programs read, ℓ 1 . M [ ℓ 1 ] . . . . . . cpu memory small internal state .. .. .. .. .. .. .. . . . .

  21. . . . write, , x M x ok RAM program need not touch every bit of memory. RAM programs read, ℓ 1 . M [ ℓ 1 ] read, ℓ 2 . . . . . . . . cpu memory M [ ℓ 2 ] small internal state .. .. .. .. .. .. .. . . . .

  22. RAM program need not touch every bit of memory. RAM programs read, ℓ 1 . M [ ℓ 1 ] read, ℓ 2 . . . . . . . . . . . cpu memory M [ ℓ 2 ] write, ℓ 3 , x small internal state M [ ℓ 3 ] ← x ok .. .. .. .. .. .. .. . . . .

  23. RAM programs read, ℓ 1 . M [ ℓ 1 ] read, ℓ 2 . . . . . . . . . . . cpu memory M [ ℓ 2 ] write, ℓ 3 , x small internal state M [ ℓ 3 ] ← x ok RAM program need not touch every bit of memory. .. .. .. .. .. .. .. . . . .

  24. new state, M new state CPU state CPU state . . . . . . cpu new state, read Imagine they could evaluate CPU-next-instruction function Use (traditional) 2PC protocol to realize CPU-next-instruction Cost = (size of next-instruction function) (number of instructions) Idea: securely evaluate RAM . . . . . memory Basic outline: ▶ Imagine both parties’ inputs stored in large memory .. .. .. .. .. .. .. . . . .

  25. new state, M new state . . . new state, read Use (traditional) 2PC protocol to realize CPU-next-instruction Cost = (size of next-instruction function) (number of instructions) Idea: securely evaluate RAM CPU state CPU state . . . . . . . cpu memory Basic outline: ▶ Imagine both parties’ inputs stored in large memory ▶ Imagine they could evaluate CPU-next-instruction function .. .. .. .. .. .. .. . . . .

  26. new state, M new state CPU state CPU state . . . . Use (traditional) 2PC protocol to realize CPU-next-instruction Cost = (size of next-instruction function) (number of instructions) Idea: securely evaluate RAM . . . . . . cpu memory new state, read ℓ Basic outline: ▶ Imagine both parties’ inputs stored in large memory ▶ Imagine they could evaluate CPU-next-instruction function .. .. .. .. .. .. .. . . . .

  27. CPU state CPU state . . . new state, read Use (traditional) 2PC protocol to realize CPU-next-instruction Cost = (size of next-instruction function) (number of instructions) Idea: securely evaluate RAM new state, M [ ℓ ] new state . . . . . . . cpu memory Basic outline: ▶ Imagine both parties’ inputs stored in large memory ▶ Imagine they could evaluate CPU-next-instruction function .. .. .. .. .. .. .. . . . .

  28. new state, M new state CPU state CPU state . . . . . new state, read Cost = (size of next-instruction function) (number of instructions) Idea: securely evaluate RAM . . . . . cpu memory Basic outline: ▶ Imagine both parties’ inputs stored in large memory ▶ Imagine they could evaluate CPU-next-instruction function ▶ Use (traditional) 2PC protocol to realize CPU-next-instruction .. .. .. .. .. .. .. . . . .

  29. new state, M new state CPU state CPU state . . . . . . cpu new state, read Cost = (size of next-instruction function) (number of instructions) Idea: securely evaluate RAM . . . . . memory Basic outline: ▶ Imagine both parties’ inputs stored in large memory ▶ Imagine they could evaluate CPU-next-instruction function ▶ Use (traditional) 2PC protocol to realize CPU-next-instruction .. .. .. .. .. .. .. . . . .

  30. new state, M CPU state new state CPU state . . . . . . cpu new state, read Idea: securely evaluate RAM . . . . . memory Basic outline: ▶ Imagine both parties’ inputs stored in large memory ▶ Imagine they could evaluate CPU-next-instruction function ▶ Use (traditional) 2PC protocol to realize CPU-next-instruction Cost = (size of next-instruction function) × (number of instructions) .. .. .. .. .. .. .. . . . .

  31. Secret-share the state! Encrypt the memory, augment CPU-next-instruction with encryption/decryption. ??? Calvin must learn these so he knows what to do! M share of state CPU state share of state CPU state . . . . . . . . . . E cpu new state share of new state read share of new state Internal state is public Calvin sees all of the memory Memory access pattern (read , write , ) public! What can go wrong? . . . cpu . memory .. .. .. .. .. .. .. . . . .

  32. Encrypt the memory, augment CPU-next-instruction with encryption/decryption. ??? Calvin must learn these so he knows what to do! M share of state share of state . . . . . . . E cpu share of new state read share of new state Secret-share the state! Calvin sees all of the memory Memory access pattern (read , write , ) public! What can go wrong? CPU state CPU state . . . . . . cpu . memory new state Internal state is public .. .. .. .. .. .. .. . . . .

Recommend

. Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . .

. Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . .

fle XOR : flexible garbling for XOR gates that beats free- XOR . Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . . background 1 . . . Enc A C B Enc A C B Enc A C B Enc A C B . background: garbled

1.29k views • 92 slides
DISE: DISTRIBUTED SYMMETRIC-KEY ENCRYTION Shashank Agrawal Payman Mohassel Pratyay Mukherjee

DISE: DISTRIBUTED SYMMETRIC-KEY ENCRYTION Shashank Agrawal Payman Mohassel Pratyay Mukherjee

DISE: DISTRIBUTED SYMMETRIC-KEY ENCRYTION Shashank Agrawal Payman Mohassel Pratyay Mukherjee Peter Rindal Threshold Cryto Has focused on public-key crypto Symmetric-key encryption got less attention Symmetric keys dont stay

338 views • 31 slides
Privacy-Preserving Payment Splitting Saba Eskandarian Mihai Christodorescu Payman Mohassel

Privacy-Preserving Payment Splitting Saba Eskandarian Mihai Christodorescu Payman Mohassel

Privacy-Preserving Payment Splitting Saba Eskandarian Mihai Christodorescu Payman Mohassel Stanford University Visa Research Facebook Payment Splitting Apps Splitwise, Receipt Ninja, Billpin, SpotMe, Conmigo, Settle Up, Convenient way to

685 views • 42 slides
Salus Seny Kamara - Microsoft Research Payman Mohassel U. of Calgary Ben Riva Tel Aviv U.

Salus Seny Kamara - Microsoft Research Payman Mohassel U. of Calgary Ben Riva Tel Aviv U.

Salus Seny Kamara - Microsoft Research Payman Mohassel U. of Calgary Ben Riva Tel Aviv U. Cooperation without Trust x f (x,y,z) y Alice Bob z Eve Cooperation without Trust Examples Data mining o Negotiations o Electronic

554 views • 27 slides
Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro Rosulek OSU NCState V I S Oregon State University A Problem C Data S Problem C Data S R 1 Problem C Data S R 1 y 1 Problem C

1.04k views • 99 slides
Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party Computation 2 1 (, ) Secure Two-Party Computation 2 1 (, ) Non-Interactive Secure

2.32k views • 48 slides
Practical Garbled Circuit Optimizations Mike Rosulek Collaborators: David Evans / Vlad Kolesnikov

Practical Garbled Circuit Optimizations Mike Rosulek Collaborators: David Evans / Vlad Kolesnikov

Practical Garbled Circuit Optimizations Mike Rosulek Collaborators: David Evans / Vlad Kolesnikov / Payman Mohassel / Samee Zahur Garbled circuit framework [Yao86] Garbled circuit framework [Yao86] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1

2.19k views • 160 slides
New Advances in Secure RAM Computation Sanjam Garg University of California, Berkeley Based on

New Advances in Secure RAM Computation Sanjam Garg University of California, Berkeley Based on

New Advances in Secure RAM Computation Sanjam Garg University of California, Berkeley Based on joint works with Steve Lu, Payman Mohassel, Charalampos Papamanthou, Rafail Ostrovsky and Alessandra Scafuro Yaos garbled circuits Server User

387 views • 20 slides
Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar,

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar,

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar, Matt Green, Noah Kunin, Payman Mohassel, Kurt Rohloff, Chris Soghoian and Marcy Wheeler June 5 th , 2013 1 st Snowden document published Verizon

554 views • 43 slides
Amir Ali Kouzeh Geran and Arash Reyhani-Masoleh Presented by: Arash Reyhani-Masoleh Department

Amir Ali Kouzeh Geran and Arash Reyhani-Masoleh Presented by: Arash Reyhani-Masoleh Department

Amir Ali Kouzeh Geran and Arash Reyhani-Masoleh Presented by: Arash Reyhani-Masoleh Department of Electrical and Computer Engineering Western University, London, Ontario, Canada 23rd IEEE Symposium on Computer Arithmetic (ARITH 23) June 11,

240 views • 20 slides
Threshold Schnorr with Stateless Deterministic Signing Franois Garillot, Yash vanth Kondi,

Threshold Schnorr with Stateless Deterministic Signing Franois Garillot, Yash vanth Kondi,

Threshold Schnorr with Stateless Deterministic Signing Franois Garillot, Yash vanth Kondi, Payman Mohassel, Valeria Nikolaenko Northeastern University Facebook Novi/Facebook Novi/Facebook Schnorr: Practical Issues SchnorrSign( , m )

485 views • 21 slides
Hello Alexa, Im Drupal Arash Farazdaghi Builder Track \

Hello Alexa, Im Drupal Arash Farazdaghi Builder Track \

Hello Alexa, Im Drupal Arash Farazdaghi Builder Track \ https://events.drupal.org/seattle2019/sessions/hello-alexa-im-drupal Arash Farazdaghi Chief Technologist @ Booz Allen Hamilton linkedin.com/in/afarazdaghi/

1.17k views • 41 slides
Medicine Hamid Afshar, MD Baylor College of Medicine Houston, Texas New Technology for the

Medicine Hamid Afshar, MD Baylor College of Medicine Houston, Texas New Technology for the

Innovative Technologies in Cardiovascular Medicine Hamid Afshar, MD Baylor College of Medicine Houston, Texas New Technology for the Prevention of Sudden Cardiac Death The SICD is now in widespread clinical use as an alternative to the

1.34k views • 46 slides
Updates on Buprenorphine Prescribing during COVID Elizabeth Salisbury-Afshar MD, MPH Director,

Updates on Buprenorphine Prescribing during COVID Elizabeth Salisbury-Afshar MD, MPH Director,

Updates on Buprenorphine Prescribing during COVID Elizabeth Salisbury-Afshar MD, MPH Director, Center for Addiction Research and Effective Solutions American Institutes for Research esalisbury@air.org Disclaimers This is not legal advice.

615 views • 36 slides
Diagnostic Point of Care Ultrasound POCUS is the future of the physical exam Nima Afshar MD

Diagnostic Point of Care Ultrasound POCUS is the future of the physical exam Nima Afshar MD

Diagnostic Point of Care Ultrasound POCUS is the future of the physical exam Nima Afshar MD Associate Professor Trevor Jensen MD MS Assistant Professor Department of Medicine, UCSF Oct 2017 Mr. Hocus Intern: 49 year old man with no

502 views • 13 slides
Stack Traces in Haskell Arash Rouhani Chalmers University of Technology Master thesis

Stack Traces in Haskell Arash Rouhani Chalmers University of Technology Master thesis

Stack Traces in Haskell Arash Rouhani Chalmers University of Technology Master thesis presentation March 21, 2014 Contents Motivation Background The attempt in August 2013 Contribution Arash Rouhani Thesis presentation

904 views • 69 slides
Arindam K. Das, Mohamed El-Sharkawi, Robert J. Marks, Payman Arabshahi and Andrew Gray,

Arindam K. Das, Mohamed El-Sharkawi, Robert J. Marks, Payman Arabshahi and Andrew Gray,

Arindam K. Das, Mohamed El-Sharkawi, Robert J. Marks, Payman Arabshahi and Andrew Gray, Minimum Hop Multicasting in Broadcast Wireless Networks with Omni- Directional Antennas", Military Communications Conference, 2004. MILCOM 2004 (Oct

397 views • 36 slides
in a Cloud Computing System Hadi Goudarzi and Massoud Pedram Presented by: Payman Khani

in a Cloud Computing System Hadi Goudarzi and Massoud Pedram Presented by: Payman Khani

Energy-Efficient Virtual Machine Replication and Placement in a Cloud Computing System Hadi Goudarzi and Massoud Pedram Presented by: Payman Khani INTRODUCTION SYSTEM MODEL PROBLEM FORMULATION PORPOSED ALGORITHM SIMULATION

389 views • 22 slides
Diagnostic Point of Care Ultrasound The future of physical exam? Nima Afshar MD Associate

Diagnostic Point of Care Ultrasound The future of physical exam? Nima Afshar MD Associate

10/14/2016 Diagnostic Point of Care Ultrasound The future of physical exam? Nima Afshar MD Associate Professor Trevor Jensen MD MS Assistant Professor Department of Medicine, UCSF Oct 21 2016 Mr. Hocus 49 y/o M with no known pmh who p/w

610 views • 24 slides
Ceresa cycles of Fermat curves and Hodge theory of fundamental groups Payman Eskandari

Ceresa cycles of Fermat curves and Hodge theory of fundamental groups Payman Eskandari

Ceresa cycles of Fermat curves and Hodge theory of fundamental groups Payman Eskandari (University of Toronto) Fields Institute, Toronto August 12, 2020 Relations on algebraic cycles Recall that one has (among others) the notions of rational,

323 views • 21 slides
Examination Facility Payman Pegahi, P .Eng. Manager , Infrastructure Delivery Presentation to

Examination Facility Payman Pegahi, P .Eng. Manager , Infrastructure Delivery Presentation to

Tsawwassen Container Examination Facility Payman Pegahi, P .Eng. Manager , Infrastructure Delivery Presentation to PCLC January 10, 2017 Container Traffic Through the Port of Vancouver Containers offloaded at the Port of Vancouver need

258 views • 14 slides
Which Concepts Are Worth Extrac2ng? Arash Termehchy # , Ali

Which Concepts Are Worth Extrac2ng? Arash Termehchy # , Ali

Which Concepts Are Worth Extrac2ng? Arash Termehchy # , Ali Vakilian*, Yodsawalai Chodpathumwan*, Marianne Winsle>* # Oregon State University *University of

620 views • 19 slides
Conformal Chern-Simons Gravity ESI Workshop on Higher Spin Hamid R. Afshar Vienna University of

Conformal Chern-Simons Gravity ESI Workshop on Higher Spin Hamid R. Afshar Vienna University of

Outline Motivation Conformal Chern-Simons Gravity Boundary CFT Conclusion . . . . . . . . . . . . . . . . . . . . . Conformal Chern-Simons Gravity ESI Workshop on Higher Spin Hamid R. Afshar Vienna University of Technology 17 April

519 views • 22 slides
SystemVerilogCSP: Modeling Digital Asynchronous Circuits Using SystemVerilog Interfaces Arash

SystemVerilogCSP: Modeling Digital Asynchronous Circuits Using SystemVerilog Interfaces Arash

SystemVerilogCSP: Modeling Digital Asynchronous Circuits Using SystemVerilog Interfaces Arash Saifhashemi 1 Peter A. Beerel 1,2 1 Ming Hsieh Dept. of Electrical Engineering, University of Southern California 2 Fulcrum Microsystems, Calabasas CA,

410 views • 24 slides

More recommend