k round multiparty computation from k round oblivious
play

k -Round Multiparty Computation from k -Round Oblivious Transfer via - PowerPoint PPT Presentation

Feb 27, 2024 •179 likes •1.03k views

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,

  1. k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1, 2018

  2. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation (MPC) x 1 Auction Seller P 1 (no input) Buyer P i bids x i USD x 5 x 2 P 1 P 5 P 2 x 4 x 3 P 4 P 3 Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 2 / 23

  3. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation (MPC) x 1 Auction Seller P 1 (no input) Buyer P i bids x i USD x 5 x 2 y 1 P 1 Seller P 1 gets y 1 = ( max bid, buyer ) Buyer P i gets � y 5 y 2 P 5 P 2 1 if winner y i = x 4 x 3 0 else y 4 y 3 P 4 P 3 Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 2 / 23

  4. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation (MPC) x 1 Auction Seller P 1 (no input) Buyer P i bids x i USD x 5 x 2 y 1 P 1 Seller P 1 gets y 1 = ( max bid, buyer ) Buyer P i gets � y 5 y 2 P 5 P 2 1 if winner y i = x 4 x 3 0 else Question: How many rounds? y 4 y 3 P 4 P 3 Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 2 / 23

  5. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  6. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly malicious: corrupted parties can behave arbitrarily Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  7. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly semi-malicious: corrupted parties behave honestly but adaptively choose input and randomness malicious: corrupted parties can behave arbitrarily Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  8. Introduction Overview Round Collapsing via GIC FC with WE Secure Multiparty Computation Adversarial Model Adversary can corrupt any party at the beginning semi-honest: corrupted parties behave honestly semi-malicious: corrupted parties behave honestly but adaptively choose input and randomness malicious: corrupted parties can behave arbitrarily k -round semi-malicious MPC + NIZK ⇒ k -round malicious MPC Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 3 / 23

  9. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  10. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender x b ⊥ Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  11. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender x b ⊥ k -round OT k -round MPC Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  12. Introduction Overview Round Collapsing via GIC FC with WE Oblivious Transfer (OT) b ∈ { 0 , 1 } x 0 , x 1 . . . receiver sender x b ⊥ k -round OT k -round MPC ? Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 4 / 23

  13. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  14. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  15. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . N 2 CRS/... + LWE [AJLTVW12, MW16, CM15, BP16, PS16] [BGI16, BGI17, BGILT18] N 2 PKI + DDH 2 iO or WE [GGHR14, GP15, CGP15, DKR15, GLS15] N Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  16. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . N 2 CRS/... + LWE [AJLTVW12, MW16, CM15, BP16, PS16] [BGI16, BGI17, BGILT18] N 2 PKI + DDH 2 iO or WE [GGHR14, GP15, CGP15, DKR15, GLS15] N [GS17a] N 2 bilinear group Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  17. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Semi-Honest Setting N : number of parties; L : number of rounds N L Assumptions [Yao82, Yao86] 2 k k -round OT N O ( d ) O ( 1 ) -round OT [GMW87] O ( 1 ) O ( 1 ) -round OT [BMR90] N . . . N 2 CRS/... + LWE [AJLTVW12, MW16, CM15, BP16, PS16] [BGI16, BGI17, BGILT18] N 2 PKI + DDH 2 iO or WE [GGHR14, GP15, CGP15, DKR15, GLS15] N [GS17a] N 2 bilinear group N k k -round OT [GS17b] k -round OT ours N k Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 5 / 23

  18. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem k -round MPC ‡ k -round OT ⇔ Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  19. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem   semi-honest  semi-honest   k -round MPC ‡  k -round OT ⇔ semi-malicious semi-malicious malicious ∗ malicious † Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  20. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem   semi-honest  semi-honest   k -round MPC ‡  k -round OT ⇔ semi-malicious semi-malicious malicious ∗ malicious † Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  21. Introduction Overview Round Collapsing via GIC FC with WE Results Theorem   semi-honest  semi-honest   k -round MPC ‡  k -round OT ⇔ semi-malicious semi-malicious malicious ∗ malicious † Corollary � � semi-honest semi-honest 2 -round MPC ‡ 2 -round OT ⇔ semi-malicious semi-malicious Corollary (using [AJLTVW12]) semi-malicious k -round OT + NIZK ⇒ malicious k -round MPC ‡ ∗ delayed semi-malicious security is sufficient; † for k ≥ 5 ‡ simultaneous messages, broadcast channel, static corruptions, with abort Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 6 / 23

  22. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Malicious Setting in the Plain Model N : number of parties; L : number of rounds Blackbox lower-bound: L ≥ 4 N L Assumptions [ACJ17] N 5 DDH N 4 subexp DDH [ACJ17] [BHP17] N 4 subexp LWE + adp. com. 4 ETDP + DDH/LWE or QR [HHPV17] N [BGJKKS17] N 4 DDH or QR or N-th res N k ≥ 5 k -round OT ours Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 7 / 23

  23. Introduction Overview Round Collapsing via GIC FC with WE Previous Results Malicious Setting in the Plain Model N : number of parties; L : number of rounds Blackbox lower-bound: L ≥ 4 N L Assumptions [ACJ17] N 5 DDH N 4 subexp DDH [ACJ17] [BHP17] N 4 subexp LWE + adp. com. 4 ETDP + DDH/LWE or QR [HHPV17] N [BGJKKS17] N 4 DDH or QR or N-th res N k ≥ 5 k -round OT ours Open problem: 4-round MPC from 4-round OT Fabrice Benhamouda (IBM) k -Round MPC from k -Round OT Eurocrypt 2018 7 / 23

Recommend

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg

Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg

Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg Peihan Miao Akshayaram Srinivasan What did we achieve? Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg

628 views • 41 slides
Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele

Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele

Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele Ciampi Vipul Goyal Johns Hopkins University The University of Edinburgh Carnegie Mellon University and NTT Research Abhishek Jain Rafail

1.42k views • 119 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Chapter 11: Scaling and Round-off Noise Keshab K. Parhi Outline Introduction Scaling

Chapter 11: Scaling and Round-off Noise Keshab K. Parhi Outline Introduction Scaling

Chapter 11: Scaling and Round-off Noise Keshab K. Parhi Outline Introduction Scaling and Round-off Noise State Variable Description of Digital Filters Scaling and Round-off Noise Computation Round-off Noise Computation

577 views • 46 slides
Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad Hajiabadi Daniel Masny Daniel Wichs CISPA Helmholtz Center for Information Security UC Berkeley Visa Research Northeastern University

425 views • 13 slides
Most traditional stories are like a round, crocheted potholder. The storyteller goes round and

Most traditional stories are like a round, crocheted potholder. The storyteller goes round and

Alberta Jones Assistant Professor, School of Education, U of A Southeast Ph.D. Candidate-Indigenous Studies, U of A Fairbanks June, 2016 Most traditional stories are like a round, crocheted potholder. The storyteller goes round and round

575 views • 20 slides
th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round

th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round

th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round Robin Unity Ride District Patch Sonny Decker & Jeff Hawk Merry-Go-Round & The Round Robin These month-long events are intended for our

841 views • 22 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2

210 views • 7 slides
Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated Model in the Mediated Model Jol Alwen (NYU) Jonathan Katz (U. Maryland) Yehuda Lindell (Bar-Ilan U.) Giuseppe Persiano (U. Salerno) abhi

519 views • 25 slides
On the Exact Round Complexity of Secure Three-Party Computation Arpita Patra, Divya Ravi Indian

On the Exact Round Complexity of Secure Three-Party Computation Arpita Patra, Divya Ravi Indian

On the Exact Round Complexity of Secure Three-Party Computation Arpita Patra, Divya Ravi Indian Institute of Science CRYPTO 2018 Our Objective What is the exact round complexity of 3-party protocols with honest majority under the following

446 views • 10 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the

Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the

UN EGM on Strengthening the Demographic Evidence Base For The Post-2015 Development Agenda, New York, 5-6 October 2015 Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the post-2 0 1 5 developm ent

420 views • 15 slides
INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#?

INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#?

-1- INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#? would you know 1 2 Round 2 - Science and Nature 2 3 Round 3 - Box and Flix 3 4 Round 3 - Balderdash 4 1. Round 1: What the @#? would you

535 views • 5 slides
A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented by Orhun Kara 1 Outline The AES A 5-round distinguisher Attack on 7-round AES-192, AES-256 and 8-round AES-256 Some optimizations

504 views • 19 slides
Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes Xiaoyang Dong and Xiaoyun Wang Shandong University, Tsinghua University FSE 2017 Tokyo, Japan Outline 2 Secret-key and Open-key Models u

526 views • 24 slides
Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and Memory Complexities Orr Dunkelman Achiya Bar-On Eyal Ronen Nathan Keller Adi Shamir AES AES is the best known and most widely used secret

863 views • 58 slides
American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch

American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch

American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch Jim Bowers Western Area Chairman ME MERRY RRY-GO GO-RO ROUND ND Su Supp pporti ting Chi hildr dren & & Youth th Program ams

365 views • 17 slides
The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons

The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons

Lorem Ipsum Dolor The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons - 1 1. What goes up often comes down 2. Be risk aware 3. When you are offered money to buy the business, consider it carefully

379 views • 9 slides
I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday,

I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday,

I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday, May 3 Wednesday, May 4 Thursday, May 5 Trees Atlanta Lou Walker Senior Center Greenforest Baptist Church 225 Chester Avenue 2538 Panola Road

879 views • 59 slides
School Improvement Grant (SIG) Round 5 and School Innovation Fund (SIF) Round 3 Informational

School Improvement Grant (SIG) Round 5 and School Innovation Fund (SIF) Round 3 Informational

School Improvement Grant (SIG) Round 5 and School Innovation Fund (SIF) Round 3 Informational Webinar January 2014 Webinar Agenda Background Priority Schools - options and eligibility Overview of RFPs Proposal Narratives

380 views • 18 slides
Computation in Cryptography Examples: Multiparty Computation (MPC) Non-interactive Zero

Computation in Cryptography Examples: Multiparty Computation (MPC) Non-interactive Zero

Crypto for PRAM from iO ( via Succinct Garbled PRAM) Kai-Min Chung Academia Sinica, Taiwan Joint work with: Yu-Chi Chen, Sherman S.M. Chow, Russell W.F. Lai, Wei-Kai Lin, Hong-Sheng Zhou Computation in Cryptography Examples: Multiparty

382 views • 34 slides
BPM ROUND TABLE Successful Valorization of Business Process Management Re- search Through the

BPM ROUND TABLE Successful Valorization of Business Process Management Re- search Through the

EUROPEAN BPM ROUND TABLE Successful Valorization of Business Process Management Re- search Through the European BPM Round Table The European BPM Round Table is a lenges that urgently need to be ad- federation of 21 national BPM round dressed by

182 views • 4 slides
Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa Pankova Roman Jagomgis Peeter Laud 1 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty

641 views • 38 slides

More recommend