mpc complexity
play

MPC Complexity Manoj Prabhakaran :: IIT Bombay The World of - PowerPoint PPT Presentation

Dec 22, 2022 •370 likes •1.21k views

MPC Complexity Manoj Prabhakaran :: IIT Bombay The World of Functionalities The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed The World of Functionalities

  1. MPC Complexity Manoj Prabhakaran :: IIT Bombay

  2. The World of Functionalities

  3. The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed

  4. The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed Classical example: Communication Complexity [Yao]

  5. The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed Classical example: Communication Complexity [Yao] MPC provides another lens to look at the complexity of functions

  6. Complexity w.r.t. MPC

  7. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure)

  8. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure) The Cryptographic Complexity question: Can F be reduced to G (for different reductions)?

  9. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure) The Cryptographic Complexity question: Can F be reduced to G (for different reductions)? G complete if everything reduces to G

  10. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure) The Cryptographic Complexity question: Can F be reduced to G (for different reductions)? G complete if everything reduces to G F trivial if F reduces to everything (in particular, to NULL)

  11. Quiz

  12. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC?

  13. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC? max(x,y)

  14. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC? max(x,y) [x < y]

  15. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC? max(x,y) [x < y] (max(x,y), [x < y] )

  16. Complexity w.r.t. MPC Several notions of reductions Passive, Active/Standalone or Active/UC Information-theoretic (IT) or PPT If PPT, also specify any computational assumptions used Will restrict to 2-party functionalities (mostly SFE) In particular, omitting honest majority security

  17. RECALL Is MPC Possible? Can we securely realize every functionality? No & Yes! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  18. RECALL Is MPC Possible? Can we securely realize every functionality? Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  19. RECALL Is MPC Possible? In fact interesting: What Can we securely realize every functionality? computational hardness assumption makes it switch from No to Yes ? Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  20. RECALL Is MPC Possible? Can we securely realize every functionality? Yes ⇔ sh-OT assumption Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  21. RECALL Is MPC Possible? Can we securely realize every functionality? Yes ⇔ sh-OT assumption Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally Trivial ones are 
 No really trivial 
 Unbounded (IT) (called Splittable) Yes No Computationally Yes Bounded (PPT) Yes Yes

  22. RECALL An example Protocol: Count down from 100 At each even round Alice announces whether her bid equals the current count; at each odd round Bob does the same Stop if a party says yes Dutch flower auction

  23. RECALL An example Protocol: Count down from 100 At each even round Alice announces whether her bid equals the current count; at each odd round Bob does the same Stop if a party says yes Dutch flower auction Perfect Standalone Security 
 But doesn’ t compose!

  24. Attack on 
 Dutch Flower Auction

  25. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions

  26. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other

  27. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other Easy in the protocol: run the two protocols lockstep. Wait till Bob says yes in one. Done if Bob says yes in the other simultaneously. Else Alice will say yes in the next round.

  28. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other Easy in the protocol: run the two protocols lockstep. Wait till Bob says yes in one. Done if Bob says yes in the other simultaneously. Else Alice will say yes in the next round. Why is this an attack?

  29. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other Easy in the protocol: run the two protocols lockstep. Wait till Bob says yes in one. Done if Bob says yes in the other simultaneously. Else Alice will say yes in the next round. Why is this an attack? Impossible to ensure this in IDEAL!

  30. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL!

  31. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL! Alice could get a result in one session, before running the other. But what should she submit as her input in the first one?

  32. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL! Alice could get a result in one session, before running the other. But what should she submit as her input in the first one? If a high bid, in trouble if she wins now, but Bob has a very low bid in the other session (which he must win).

  33. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL! Alice could get a result in one session, before running the other. But what should she submit as her input in the first one? If a high bid, in trouble if she wins now, but Bob has a very low bid in the other session (which he must win). If a low bid (so Bob may win with a low bid), in trouble if Bob has a high bid in the other session.

  34. 
 
 
 
 
 
 UC Triviality: Splittability • UC-trivial: “Splittable” [CKL’03,PR’08] • Literally trivial ones! 
 F F F T • Extends to reactive, randomized functionalities, both PPT and IT

  35. 
 
 RECALL Is MPC Possible? Can we securely realize every functionality? Yes ⇔ sh-OT assumption Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Trivial ones are 
 Standalone Passive really trivial 
 (called Splittable) Computationally No Under sh-OT, 
 Unbounded (IT) everything else Yes complete! 
 No Computationally Yes (Zero-One-Law) Bounded (PPT) Yes Yes

  36. IT Setting: Trivial Functionality Information-Theoretic Passive security Deterministic SFE: Trivial ⇔ Decomposable

  37. Decomposable Function Decomposable 1 3 0 1 0 0 1 3 0 1 1 1 2 1 1 2 2 2 2 3 1 1 0 3 4 4 3 4 4 3 Undecomposable 0 1 1 1 2 1 1 4 2 0 4 5 2 0 0 4 3 3 2 4 3 3 1 0 1 4 2 1 1

  38. Decomposable Function Decomposable 1 3 0 1 0 0 1 3 0 1 1 1 2 1 1 2 2 2 2 3 1 1 0 3 4 4 3 4 4 3 Undecomposable 0 1 1 1 2 1 1 4 2 0 4 5 2 0 0 4 3 3 2 4 3 3 1 0 1 4 2 1 1

  39. Decomposable Function Decomposable 1 3 0 1 0 0 1 3 0 1 1 1 2 1 1 2 2 2 2 3 1 1 0 3 4 4 3 4 4 3 Undecomposable 0 1 1 1 2 1 1 4 2 0 4 5 2 0 0 4 3 3 2 4 3 3 1 0 1 4 2 1 1

Recommend

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of Concept Consistency P (co-)NP PSpace ExpTime NExpTime ALC reg ALUN (NP) ALCN add regular roles without , (wrt acyc. TBoxes) ALC u only A ALN

745 views • 16 slides
IN 5210 Complexity Theory Complexity Complexity: Socio-technical (Internet, globalization)

IN 5210 Complexity Theory Complexity Complexity: Socio-technical (Internet, globalization)

IN 5210 Complexity Theory Complexity Complexity: Socio-technical (Internet, globalization) Complexity (-ies) = Number of types of components*number of types of links*speed of change Key issues: emergence, side-effects (=history),

816 views • 32 slides
Basics of Complexity Complexity = resources time space ink gates energy

Basics of Complexity Complexity = resources time space ink gates energy

Basics of Complexity Complexity = resources time space ink gates energy Complexity is a function Complexity = f (input size) Value depends on: problem encoding adj. list vs. adj matrix model of

326 views • 17 slides
Algorithmic Complexity Algorithmic Complexity &quot;Algorithmic Complexity&quot;, also called

Algorithmic Complexity Algorithmic Complexity &quot;Algorithmic Complexity&quot;, also called

Algorithmic Complexity Algorithmic Complexity &quot;Algorithmic Complexity&quot;, also called &quot;Running Time&quot; or &quot;Order of Growth&quot;, refers to the number of steps a program takes as a function of the size of its inputs. In

519 views • 28 slides
Development By The Numbers We Are Going To Measure Complexity Why Should We Care About

Development By The Numbers We Are Going To Measure Complexity Why Should We Care About

Development By The Numbers We Are Going To Measure Complexity Why Should We Care About Complexity? &quot;The Central Enemy Of Reliability is Complexity&quot; - Geer et al. Complexity And Quality Are Strongly Related Basic Metrics

1.33k views • 132 slides
Complexity Classes CSC 540 Christopher Siu 1 / 15 P Defjnition A complexity class is a set of

Complexity Classes CSC 540 Christopher Siu 1 / 15 P Defjnition A complexity class is a set of

Complexity Classes CSC 540 Christopher Siu 1 / 15 P Defjnition A complexity class is a set of languages decidable by a Turing machine within similar resource bounds. Practically, a complexity class is a set of problems of similar

414 views • 15 slides
Texts Complexity Theory The main text for the course is: Computational Complexity . Christos H.

Texts Complexity Theory The main text for the course is: Computational Complexity . Christos H.

Complexity Theory 1 Complexity Theory 2 Texts Complexity Theory The main text for the course is: Computational Complexity . Christos H. Papadimitriou. Introduction to the Theory of Computation . Michael Sipser. Anuj Dawar Other useful

628 views • 30 slides
Overview CS20a: Complexity (Nov 19, 2002) Complexity definitions Space and time bounded

Overview CS20a: Complexity (Nov 19, 2002) Complexity definitions Space and time bounded

Overview CS20a: Complexity (Nov 19, 2002) Complexity definitions Space and time bounded TMs Asymptotic complexity Complexity classes S T T I U T E O F N T A I C E I H N N Computation, Computers, and Programs

603 views • 11 slides
Staging, Clustering, and Complexity Why add complexity? Improve the performance of your

Staging, Clustering, and Complexity Why add complexity? Improve the performance of your

Staging, Clustering, and Complexity Why add complexity? Improve the performance of your rocket Meet design specifications Fly to greater altitudes (or space) Prove your engineering capabilities It looks cool Impress that

213 views • 18 slides
Classes, Objects &amp; References The Challenges of Complexity Complexity of Agent-Based Model

Classes, Objects &amp; References The Challenges of Complexity Complexity of Agent-Based Model

Classes, Objects &amp; References The Challenges of Complexity Complexity of Agent-Based Model development is a major barrier to effective delivery of value Complexity leads to models that are late, over budget, and of substandard

918 views • 36 slides
CS 301 Lecture 23 Time complexity Stephen Checkoway April 23, 2018 1 / 33 Complexity

CS 301 Lecture 23 Time complexity Stephen Checkoway April 23, 2018 1 / 33 Complexity

CS 301 Lecture 23 Time complexity Stephen Checkoway April 23, 2018 1 / 33 Complexity Computability What languages are decidable? (Equivalently, what decision problems can we solve with a computer?) 2 / 33 Complexity Computability What

1.12k views • 62 slides
Kolmogorov complexity of 2D sequences Bruno Durand Laboratoire dInformatique Fondamentale de

Kolmogorov complexity of 2D sequences Bruno Durand Laboratoire dInformatique Fondamentale de

Kolmogorov complexity of 2D sequences Bruno Durand Laboratoire dInformatique Fondamentale de Marseille Kolmogorov complexity Goal: to measure the complexity of an individual object (Shannon) theory of information: measures the complexity

1.04k views • 41 slides
Data Streams &amp; Communication Complexity Lecture 3: Communication Complexity and Lower Bounds

Data Streams &amp; Communication Complexity Lecture 3: Communication Complexity and Lower Bounds

Data Streams &amp; Communication Complexity Lecture 3: Communication Complexity and Lower Bounds Andrew McGregor, UMass Amherst 1/23 Basic Communication Complexity Three friends Alice, Bob, and Charlie each have some information x , y , z

1.11k views • 98 slides
Abstract: Computational Complexity theory deals with the classification of problems into classes

Abstract: Computational Complexity theory deals with the classification of problems into classes

Hierarchies of complexity classes 1 Abstract: Computational Complexity theory deals with the classification of problems into classes of hardness called complexity classes. In Abstract Complexity (in contrast to Concrete Complexity) we define

247 views • 12 slides
The Complexity of Abduction for Separated Heap Abstractions Nikos Gorogiannis Max Kanovich

The Complexity of Abduction for Separated Heap Abstractions Nikos Gorogiannis Max Kanovich

Complexity of Abduction in SL The Complexity of Abduction for Separated Heap Abstractions Nikos Gorogiannis Max Kanovich Peter OHearn Queen Mary University of London July 13th, 2011 Complexity of Abduction in SL Motivation Complexity of

1.14k views • 82 slides
Computability and Complexity Lecture 9 Big-O and small-o notation Time complexity class TIME( t (

Computability and Complexity Lecture 9 Big-O and small-o notation Time complexity class TIME( t (

Computability and Complexity Lecture 9 Big-O and small-o notation Time complexity class TIME( t ( n )) The class P and examples given by Jiri Srba Lecture 9 Computability and Complexity 1/15 Complexity Theory Question Assume that a problem

520 views • 15 slides
Complexity Amir Shpilka Tel Aviv University 1 Algebraic Complexity February 14, 2020 Rough

Complexity Amir Shpilka Tel Aviv University 1 Algebraic Complexity February 14, 2020 Rough

Crash course on Algebraic Complexity Amir Shpilka Tel Aviv University 1 Algebraic Complexity February 14, 2020 Rough Plan Lecture 1: Models of computation, Complexity Classes, Reductions and Completeness, Connection to Boolean world,

1.47k views • 146 slides
Complexity and Character of Human Languages The Faculty of Language Informatics 2A: Lecture 28

Complexity and Character of Human Languages The Faculty of Language Informatics 2A: Lecture 28

Human Language Complexity Human Language Complexity Linear Indexed Grammars Linear Indexed Grammars Complexity vs. Difficulty Complexity vs. Difficulty 1 Human Language Complexity Chomsky Hierarchy Complexity and Character of Human Languages

92 views • 6 slides
Complexity and Economics The lowest simplicity you can achieve is the complexity Jo ao Basilio

Complexity and Economics The lowest simplicity you can achieve is the complexity Jo ao Basilio

Complexity and Economics The lowest simplicity you can achieve is the complexity Jo ao Basilio Pereima joaobasilio@ufpr.br Department of Economics Graduate Program in Economic Development Curitiba-Paran a-Brazil 13 de junho de 2016

826 views • 55 slides
Complexity and Economics The lowest simplicity you can achieve is the complexity Jo ao Basilio

Complexity and Economics The lowest simplicity you can achieve is the complexity Jo ao Basilio

Complexity and Economics The lowest simplicity you can achieve is the complexity Jo ao Basilio Pereima joaobasilio@ufpr.br Department of Economics Graduate Program in Economic Development Curitiba-Paran a-Brazil 6 de marc o de 2015

480 views • 35 slides
Complexity + Consciousness: A model of Big History based on self-organising complexity,

Complexity + Consciousness: A model of Big History based on self-organising complexity,

4 Aug 2012 Dr Joseph Voros Faculty of Business and Enterprise Swinburne University of Technology Melbourne, Australia Complexity + Consciousness: A model of Big History based on self-organising complexity, incorporating consciousness (or,

362 views • 12 slides
ESTIMATES OF TOPOLOGICAL COMPLEXITY Dubrovnik 2011 ABSTRACT The topological complexity TC ( X )

ESTIMATES OF TOPOLOGICAL COMPLEXITY Dubrovnik 2011 ABSTRACT The topological complexity TC ( X )

Petar Paveid, University of Ljubljana ESTIMATES OF TOPOLOGICAL COMPLEXITY Dubrovnik 2011 ABSTRACT The topological complexity TC ( X ) of a path connected space X is a homotopy invariant introduced by M. Farber in 2003 in his work on motion

571 views • 8 slides
Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura

Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura

Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura Giordano 1 , Valentina Gliozzi 2 , Nicola Olivetti 3 , and Gian Luca Pozzato 2 1 Dipartimento di Informatica - Universit` a del Piemonte Orientale A.

1.46k views • 103 slides
Complexity, Big Data Science, and Complexity Introduction Happiness Emergence Universality

Complexity, Big Data Science, and Complexity Introduction Happiness Emergence Universality

Complexity, Big Data Science, and Happiness Complexity, Big Data Science, and Complexity Introduction Happiness Emergence Universality Symmetry Breaking Discrete Days, St. Michaels College, 2011 The Big Theory Revolution: Big Data

910 views • 74 slides

More recommend