Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro MIT MIT & Weizmann MIT
Secure Multi-Party Computation (MPC) (MPC) [Goldreich-Micali-Wigderson87]
Selection of Prior MPC Work Selection of Prior MPC Work
Secure Multi-Party Computation (MPC)
Secure Multi-Party Computation (MPC)
Today: Communication Locality in MPC Communication L Locality: Total # parties lit : T l # i each party communicates with throughout protocol lifetime
Prior Work Prior Work “Everywhere” MPC not possible Isolated honest party party
This Work: This Work:
General MPC General MPC
Special Focus: Sublinear Algorithms • Example applications: Transactions of 20-30 yr Transactions of 30-40 yr olds olds olds olds Distribution testing Testing for trends
Securely Evaluating Sublinear Algorithms In principle: requires much less communication Main Challenge: Must hide which inputs are used!
Related Work: Sublinear Two-Party Setting • Communication-Preserving MPC [Naor-Nissim01] – Sublinear communication Sublinear communication – Super-polynomial computation • MPC on RAM programs [Ostrovsky-Shoup97, Damgard-Meldgard-Nielsen11, Gordon-Katz- Kolesnikov+12, Lu-Ostrovsky13] K l ik 12 L O k 13] • Sublinear MPC for specific functions p [Feigenbaum-Ishai-Malkin+01, Indyk-Woodruff06, …]
MPC for Sublinear Algorithms MPC for Sublinear Algorithms
Protocol for Sublinear Algorithms: Overview of Algorithms: Overview of Nonadaptive Case p 3. Oblivious Input 1. Committee Setup Shuffling Shuffling 2. Input Commitment 2 I t C it t “Supreme” committee Input committees
P HASE 1: C OMMITTEE S ETUP Committee Setup Input Input Input Input Shuffling Commitment
Starting Point: Almost Everywhere Committee Almost-Everywhere Committee Election [King-Saia-Sanwalani-Vee06] [King Saia Sanwalani Vee06] “Good” path up tree “Good” node >2/3 node >2/3 honest
Toward Full Agreement Toward Full Agreement This is where signatures (Starting point) come in “Certified” Almost- almost- Full everywhere everywhere everywhere All parties agree All parties agree
Supreme & Input Committees Supreme & Input Committees • Supreme Committee S C i • Input Committees I C i D fi Defined using PRF d i PRF …
P HASE 2: I NPUT C OMMITMENT Input Commitment p Committee Committee Input Input Setup Shuffling [Chor-Goldwasser-Micali-Awerbuch85]
P HASE 3: I NPUT S HUFFLING Input Shuffling Input Shuffling Committee Committee Input Input Setup Commitment
Switching Networks Switching Networks
Oblivious Shuffling Oblivious Shuffling
Committee Committee Input Input Input Input Setup Shuffling Commitment
Summary of Contributions Summary of Contributions
Our Model Our Model Setup (eg, PKI) Corruptions Protocol begins begins
Phase 1 Overview: Committee Setup Starting point: a.e. agreement agreement “C “Certified” tifi d” a.e. agreement Full Full agreement
Phase 1 Overview: Committee Setup Starting point: a.e. agreement agreement “C “Certified” tifi d” a.e. agreement Full Full All parties agree on value All parties agree on value agreement
Protocol for Sublinear Algorithms: Overview 1. Communication Graph 3. Input Shuffling + Committee Setup + Committee Setup 2 2. Input Commitment I t C it t “Supreme” committee Input committees
Combining Signatures into Certificate • Option 1: Append as list • Option 2: Use Multisignatures [***] Multisigs: Multisigs: Can combine sigs on same msg into short object
Step 2: Input Commitment Step 2: Input Commitment FHE-Encrypted NIZK Proof of CT input validity Second Encryption NIZK Proof of of input Consistency
PHASE 1: COMMITTEE SETUP COMMITTEE SETUP Committee Input Input Setup Shuffling Commitment
Analyzing Communication Analyzing Communication Protocol Step Protocol Step Comm Locality Comm Locality Comm cxy Comm cxy # Rounds # Rounds A.e. leader election Certifying a.e. To full agreement Input commitment For adaptive For adaptive Gen shuffle perm algorithms Implementing shuffle h ffl Choosing inputs
This Talk: This Talk: Protocol for sublinear algorithms (Thm Protocol for sublinear algorithms (Thm 2) + Complexity Analysis Extension to general functions (Thm 1) Sanjam Garg Abhishek Jain Amit Sahai Stefano Tessaro Shafi Goldwasser Yael Tauman Gil Segev Daniel Wichs
Achieving Full Agreement Achieving Full Agreement “Certified” Almost- Full Full almost almost- everywhere everywhere What about isolated honest parties?? . . . . . … To be used later! Can achieve with Pseudorandom Function Family:
Recommend
More recommend
