constant rate oblivious transfer from noisy channels
play

Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai - PowerPoint PPT Presentation

Nov 18, 2023 •292 likes •1.25k views

Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O strovsky Manoj P rabhakaran Amit S ahai Jrg W ullschleger Tuesday, August 23, 2011 Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai

  1. Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O strovsky Manoj P rabhakaran Amit S ahai Jürg W ullschleger Tuesday, August 23, 2011

  2. Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O strovsky Manoj P rabhakaran Amit S ahai Jürg W ullschleger Tuesday, August 23, 2011

  3. Noisy Channel & Crypto Tuesday, August 23, 2011

  4. Noisy Channel & Crypto From our point of view, an ideal communication line is a sterile, cryptographically uninteresting entity. Noise, on the other hand, breeds disorder, uncertainty, and confusion. Thus, it is the cryptographer’s natural ally. Claude Crépeau & Joe Kilian, 1988. Tuesday, August 23, 2011

  5. Noisy Channel & Crypto Tuesday, August 23, 2011

  6. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] Tuesday, August 23, 2011

  7. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] Tuesday, August 23, 2011

  8. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] X 0 ,X 1 b X b OT [R’81,W’83] Tuesday, August 23, 2011

  9. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] X X 0 ,X 1 b X ⊕ b X b OT BSC [R’81,W’83] Tuesday, August 23, 2011

  10. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] • OT is complete for secure computation [K’88] X X 0 ,X 1 b X ⊕ b X b OT BSC [R’81,W’83] Tuesday, August 23, 2011

  11. Constant Rate Tuesday, August 23, 2011

  12. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication Tuesday, August 23, 2011

  13. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? Tuesday, August 23, 2011

  14. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k Tuesday, August 23, 2011

  15. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) Tuesday, August 23, 2011

  16. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) Tuesday, August 23, 2011

  17. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) • [HIKN’08] O(1) for semi-honest security Tuesday, August 23, 2011

  18. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) • [HIKN’08] O(1) for semi-honest security • Goal: To get O(1) (Can’t do better even given free noiseless channels [WW’10] ) Tuesday, August 23, 2011

  19. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? or more general noisy channels • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) • [HIKN’08] O(1) for semi-honest security • Goal: To get O(1) (Can’t do better even given free noiseless channels [WW’10] ) Tuesday, August 23, 2011

  20. Overview Tuesday, August 23, 2011

  21. Overview • Plan: use IPS construction [IPS’08] to compile a semi- honest secure “inner protocol” and an honest-majority secure “outer protocol” using a few string -OTs Tuesday, August 23, 2011

  22. Overview • Plan: use IPS construction [IPS’08] to compile a semi- honest secure “inner protocol” and an honest-majority secure “outer protocol” using a few string -OTs • A modified compiler so that the inner-protocol can use noisy channels. Requires inner protocol to be “error tolerant” Tuesday, August 23, 2011

  23. Overview Harder to detect cheating in inner- • Plan: use IPS construction [IPS’08] to compile a semi- protocol (by honest secure “inner protocol” and an honest-majority partial oblivious secure “outer protocol” using a few string -OTs monitoring), as there is a noisy • A modified compiler so that the inner-protocol can channel involved. use noisy channels. Requires inner protocol to be Will require the “error tolerant” inner-protocol to be secure against active corruption of a small fraction of channel instances Tuesday, August 23, 2011

  24. Overview Harder to detect cheating in inner- • Plan: use IPS construction [IPS’08] to compile a semi- protocol (by honest secure “inner protocol” and an honest-majority partial oblivious secure “outer protocol” using a few string -OTs monitoring), as there is a noisy • A modified compiler so that the inner-protocol can channel involved. use noisy channels. Requires inner protocol to be Will require the “error tolerant” inner-protocol to • Constant-rate inner and outer protocols from be secure against active corruption literature [GMW’87+HIKN’08,DI’06+CC’06] of a small fraction of channel instances Tuesday, August 23, 2011

  25. Overview Harder to detect cheating in inner- • Plan: use IPS construction [IPS’08] to compile a semi- protocol (by honest secure “inner protocol” and an honest-majority partial oblivious secure “outer protocol” using a few string -OTs monitoring), as there is a noisy • A modified compiler so that the inner-protocol can channel involved. use noisy channels. Requires inner protocol to be Will require the “error tolerant” inner-protocol to • Constant-rate inner and outer protocols from be secure against active corruption literature [GMW’87+HIKN’08,DI’06+CC’06] of a small fraction • A constant-rate construction for string- OT from of channel instances noisy channel Tuesday, August 23, 2011

  26. String-OT Tuesday, August 23, 2011

  27. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Tuesday, August 23, 2011

  28. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] Tuesday, August 23, 2011

  29. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error Tuesday, August 23, 2011

  30. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error Tuesday, August 23, 2011

  31. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error • String-OT from fuzzy OT (or fuzzy OLE, in fact) Tuesday, August 23, 2011

  32. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error A,C B • String-OT from fuzzy OT (or fuzzy OLE, in fact) OLE AB+C Tuesday, August 23, 2011

  33. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error A,C B • String-OT from fuzzy OT (or fuzzy OLE, in fact) OLE AB+C • First, reinterpret fuzzy OLE as a perfect “shaky” OLE Tuesday, August 23, 2011

Recommend

Energy transfer rates in turbulent channels with drag reduction at constant power input Davide

Energy transfer rates in turbulent channels with drag reduction at constant power input Davide

Energy transfer rates in turbulent channels with drag reduction at constant power input Davide Gatti, M. Quadrio, Y. Hasegawa, B. Frohnapfel and A. Cimarelli EDRFCM 2017, Villa Mondragone, Monte Porzio Catone www.kit.edu KIT The Research

246 views • 22 slides
A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan 2 Brent Waters 1 1 SRI International 2 MIT CRYPTO 2008 1 / 10 Oblivious Transfer [R81,EGL85,BCR86,C87,K88,CK88,C89,CS91,CGT95,DCP95,FMR96,BC97,. .

1.02k views • 50 slides
Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim) Generic OT 1 / 20 Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim)

852 views • 45 slides
ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim Hila Zarosim TCC 2013 Obli i Oblivious Transfer T f The other message message remains secret to the the receiver Obli i Oblivious

757 views • 38 slides
application: error correcting codes 40 Codes are all around us 41 noisy channels Goal: send a

application: error correcting codes 40 Codes are all around us 41 noisy channels Goal: send a

application: error correcting codes 40 Codes are all around us 41 noisy channels Goal: send a 4-bit message over a noisy communication channel. Say, 1 bit in 10 is flipped in transit, independently. What is the probability that the message

655 views • 27 slides
SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: OT transfer partial A:up, B:down A up I need just information All 2 of one them! But cant

432 views • 20 slides
Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven -

Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven -

Motivation Efficient Priced Oblivious Transfer Optimistic Fair POT Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven - ESAT-COSIC IBBT Africacrypt 2010 A. Rial Optimistic Fair POT Motivation

1.08k views • 78 slides
Discriminative Training February 19, 2013 Tuesday, February 19, 13 Noisy Channels Again p ( e )

Discriminative Training February 19, 2013 Tuesday, February 19, 13 Noisy Channels Again p ( e )

Discriminative Training February 19, 2013 Tuesday, February 19, 13 Noisy Channels Again p ( e ) English source Tuesday, February 19, 13 Noisy Channels Again p ( g | e ) p ( e ) English source German Tuesday, February 19, 13 Noisy

983 views • 82 slides
Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng Zhou University of Connecticut Joint work with Juan Garay (AT&T) and Daniel Wichs (NYU) CRYPTO 2009 Outline Background New Approach

789 views • 36 slides
Queuing Theory Equations Definition = Arrival Rate = Service Rate = / C = Number

Queuing Theory Equations Definition = Arrival Rate = Service Rate = / C = Number

Queuing Theory Equations Definition = Arrival Rate = Service Rate = / C = Number of Service Channels M = Random Arrival/Service rate (Poisson) D = Deterministic Service Rate (Constant rate) M/D/1 case (random Arrival,

415 views • 3 slides
More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad Asharov Hebrew University Yehuda Lindell Bar-Ilan University Thomas Schneider Darmstadt Michael Zohner Darmstadt EUROCRYPT 2015 From Theory to

498 views • 37 slides
The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The Netherlands August 24, 2015 Latincrypt 2015, Guadalajara, Mexico Joint work with Claudio Orlandi 2 OTs 1 Sender Receiver 2 OTs

930 views • 28 slides
k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,

1.03k views • 85 slides
Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal Miuda 2 , Ladislav Mita 2 , Jr., Miloslav Duek 2 , Petros Wallden 3 , and Erika Andersson 1 1 SUPA, Institute of Photonics and Quantum Sciences,

752 views • 29 slides
Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad Hajiabadi Daniel Masny Daniel Wichs CISPA Helmholtz Center for Information Security UC Berkeley Visa Research Northeastern University

425 views • 13 slides
Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty December 5, 2016 O. Blazy, C. Chevalier, P . Germouty December 5, 2016 1 / 31 Oblivious Transfer 1 OLBE: A Natural Generalization 2 Adaptive

1.51k views • 88 slides
Co channel Signal Sepa ration In F ading Channels Using A Mo died Constant Mo

Co channel Signal Sepa ration In F ading Channels Using A Mo died Constant Mo

Co channel Signal Sepa ration In F ading Channels Using A Mo died Constant Mo dulus Arra y Srik anth Gummadi and Brian L. Evans Emb edded Signal Pro cessing Lab o rato ry The Universit y of T exas at

171 views • 15 slides
Rapid Radiative Transfer Model for AMSU/HSB Channels Philip W. Rosenkranz Abstract The

Rapid Radiative Transfer Model for AMSU/HSB Channels Philip W. Rosenkranz Abstract The

Rapid Radiative Transfer Model for AMSU/HSB Channels Philip W. Rosenkranz Abstract The atmospheric transmittance model for AMSU and HSB channels on the Aqua spacecraft uses a polynomial approximation to the temperature dependence of oxygen-band

539 views • 10 slides
Comparison of Noisy Channels and Reverse Data-Processing Theorems Francesco Buscemi 1 2017 IEEE

Comparison of Noisy Channels and Reverse Data-Processing Theorems Francesco Buscemi 1 2017 IEEE

Comparison of Noisy Channels and Reverse Data-Processing Theorems Francesco Buscemi 1 2017 IEEE Information Theory Workshop Kaohsiung, 10 November 2017 1 Dept. of Mathematical Informatics, Nagoya University, buscemi@i.nagoya-u.ac.jp Summary 1.

479 views • 18 slides
July 23, 2016 STM 2016 Outline Background Additively homomorphic encryption Beacon

July 23, 2016 STM 2016 Outline Background Additively homomorphic encryption Beacon

July 23, 2016 STM 2016 Outline Background Additively homomorphic encryption Beacon search by Oblivious transfer Genome sequence search Overview of the proposed method Recursive oblivious transfer Burrows Wheeler

974 views • 70 slides
Real-valued average consensus over noisy quantized channels Andrea Censi Richard Murray Control

Real-valued average consensus over noisy quantized channels Andrea Censi Richard Murray Control

Real-valued average consensus over noisy quantized channels Andrea Censi Richard Murray Control & Dynamical Systems, California Institute of Technology Consensus problems Consensus: reach the agreement of agent beliefs or agent states,

446 views • 16 slides
CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Dan Boneh, Stefan Savage Reminder: Side-channel attacks You saw before how timing

1.37k views • 81 slides
Less Noisy Domination by Symmetric Channels Anuran Makur and Yury Polyanskiy EECS Department,

Less Noisy Domination by Symmetric Channels Anuran Makur and Yury Polyanskiy EECS Department,

Less Noisy Domination by Symmetric Channels Anuran Makur and Yury Polyanskiy EECS Department, Massachusetts Institute of Technology ISIT 2017 A. Makur & Y. Polyanskiy (MIT) Symmetric Channel Domination 29 June 2017 1 / 28 Outline

1.87k views • 80 slides
De Finetti Theorems for Quantum Channels arXiv:1810.12197 Mario Berta with Borderi, Fawzi,

De Finetti Theorems for Quantum Channels arXiv:1810.12197 Mario Berta with Borderi, Fawzi,

De Finetti Theorems for Quantum Channels arXiv:1810.12197 Mario Berta with Borderi, Fawzi, Scholz Banfg 07/25/2019 1 / 24 Outline Motivation: Noisy Channel Coding De Finetti Theorems Application: Noisy Channel Coding Conclusion Add-on:

656 views • 46 slides

More recommend