multi party computation based on
play

Multi-Party Computation Based on One-Way Functions Sandro Coretti - PowerPoint PPT Presentation

Mar 10, 2023 •199 likes •677 views

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

  1. Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI)

  2. Secure Multi-Party Computation (MPC) [Yao82, GMW87, BGW88, CCD88, RB89,…] 2 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  3. Secure Multi-Party Computation (MPC) [Yao82, GMW87, BGW88, CCD88, RB89,…] Mutually distrustful parties wish to evaluate function of their inputs 3 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  4. Secure Multi-Party Computation (MPC) (2) [GMW87, C00, C01,…] 4 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  5. Secure Multi-Party Computation (MPC) (2) [GMW87, C00, C01,…] MPC protocol should emulate a trusted third party 5 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  6. Secure Multi-Party Computation (MPC) (3) 6 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  7. Secure Multi-Party Computation (MPC) (3) Simulation-based security definition in the Universal Composability (UC) framework [C01] 7 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  8. Synchronous Communication Network  Each pair of parties connected by secure channels  Protocol proceeds in rounds  Messages sent in particular round guaranteed to arrive by beginning of next round 8 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  9. Synchronous Communication Network  Each pair of parties connected by secure channels  Protocol proceeds in rounds  Messages sent in particular round guaranteed to arrive by beginning of next round  “Plain” UC framework is inherently asynchronous • Adversary has full control over message delivery; may choose to delete messages sent between honest parties • “Synchronous” UC using clock functionality and bounded-delay channels [KMTZ13] 9 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  10. Asynchronous Communication Network  Synchronous network: great for analysis • (Partially) Synchronized clocks + bounded network latency → “timeouts” (T) • Round length typically (much) higher than average transmission time 10 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  11. Asynchronous Communication Network  Synchronous network: great for analysis • (Partially) Synchronized clocks + bounded network latency → “timeouts” (T) • Round length typically (much) higher than average transmission time  UC asynchrony: overly pessimistic 11 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  12. Asynchronous Communication Network  Synchronous network: great for analysis • (Partially) Synchronized clocks + bounded network latency → “timeouts” (T) • Round length typically (much) higher than average transmission time  UC asynchrony: overly pessimistic “It takes advantage of the nature of information being easy to spread but hard to stifle.” 12 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  13. Asynchronous Communication Network  Synchronous network: great for analysis • (Partially) Synchronized clocks + bounded network latency → “timeouts” (T) • Round length typically (much) higher than average transmission time  UC asynchrony: overly pessimistic “It takes advantage of the nature of information being easy to spread but hard to stifle.” Satoshi Nakamoto 13 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  14. Asynchronous Communication Network (2)  Each pair of parties connected by secure channels  Messages sent guaranteed to arrive only eventually  Adversary may: • Delay message delivery by arbitrary finite amount of time • Reorder messages • Note: No deletions! (Unlike UC)  Model considered early on in fault-tolerant distributed computing (e.g., [FLP83] ) and asynchronous MPC [BCG93,…] 14 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  15. Asynchronous Communication Network (2)  Each pair of parties connected by secure channels  Messages sent guaranteed to arrive only eventually  Adversary may: • Delay message delivery by arbitrary finite amount of time • Reorder messages • Note: No deletions! (Unlike UC)  Model considered early on in fault-tolerant distributed computing (e.g., [FLP83] ) and asynchronous MPC [BCG93,…]  “Opportunistic”: protocols terminate as quickly as the network allows 15 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  16. Asynchronous Communication Network (2)  Each pair of parties connected by secure channels  Messages sent guaranteed to arrive only eventually  Adversary may: • Delay message delivery by arbitrary finite amount of time • Reorder messages • Note: No deletions! (Unlike UC)  Model considered early on in fault-tolerant distributed computing (e.g., [FLP83] ) and asynchronous MPC [BCG93,…]  “Opportunistic”: protocols terminate as quickly as the network allows  To date: Asynchronous MPC with eventual delivery not modeled in UC 16 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  17. This Work  Formalize asynchronous model with eventual delivery in the UC framework • Asynchronous round complexity • Basic communication resources: async. secure channel (A-SMT) and async. Byzantine agreement (A-BA) 17 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  18. This Work  Formalize asynchronous model with eventual delivery in the UC framework • Asynchronous round complexity • Basic communication resources: async. secure channel (A-SMT) and async. Byzantine agreement (A-BA)  Constant-round MPC protocol • I.e., round complexity independent of circuit’s multiplicative depth • Based on standard assumptions (PRFs) • Tolerates t < n/ 3 corruptions • Adaptive adversary 18 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  19. Prior Work: Constant-Round MPC Protocols  Synchronous model: • Based on circuit garbling [Yao86, BMR90, DI05, IPS08] • Based on FHE [AJLTVW12] • t < n/ 2 corruptions • Assume broadcast channel (cf. [FL82, BE03, CCGZ16]) 19 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  20. Prior Work: Constant-Round MPC Protocols  Synchronous model: • Based on circuit garbling [Yao86, BMR90, DI05, IPS08] • Based on FHE [AJLTVW12] • t < n/ 2 corruptions • Assume broadcast channel (cf. [FL82, BE03, CCGZ16])  Asynchronous model (recall: eventual delivery): • Based on FHE [Coh16] • t < n/ 3 corruptions • Static security • Assume A-BA • (Other known protocols are GMW- based → circuit depth) 20 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  21. This Work  Formalize asynchronous model with eventual delivery in the UC framework • Asynchronous round complexity • Basic communication resources: async. secure channel (A-SMT) and async. Byzantine agreement (A-BA)  Constant-round MPC protocol • I.e., round complexity independent of circuit’s multiplicative depth • Based on standard assumptions (PRFs) • Tolerates t < n/ 3 corruptions • Adaptive adversary 21 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  22. Modeling Asynchronous Communication in UC Sender Receiver • Poll for messages: T = T -1 Input messages • If T = 0, first message in buffer output A-SMT Functionality: Adversary • Stores messages in buffer • Reorder messages in buffer • Maintains delay T • Increase T , specified in unary 22 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  23. Modeling Asynchronous Communication in UC (2)  Protocol execution: • Party either sends message or • polls A-SMT channels in round-robin fashion 23 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  24. Modeling Asynchronous Communication in UC (2)  Protocol execution: • Party either sends message or • polls A-SMT channels in round-robin fashion  Round complexity: Maximum number of times any party switches between sending and polling 24 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  25. Modeling Asynchronous Secure Function Evaluation in UC Parties P • Provide input • Poll for output: T = T -1 • If T = 0, first message in buffer output A-SFE Functionality: Adversary • Collects inputs and computes output • Decide on set of n - t input providers • Maintains delay T • Increase T , specified in unary 25 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

  26. Modeling Asynchronous Byzantine Agreement in UC Parties P • Provide input • Poll for output: T = T -1 • If T = 0, first message in buffer output Adversary A-BA Functionality: • Maintains delay T • Decide on set C of n - t input providers • Collects inputs and computes output • Increase T , specified in unary • If there is agreement in C output corresponding value • Otherwise, output a value specified by attacker 26 Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions

Recommend

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of

Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of

Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of Theoretical Computer Science ETH Zrich on joint work with R. Knzler, J. Mller-Quade, C. Lucas, U. Maurer, M. Fitzi Metaguse, 2009/10/04 Multi-Party

1.04k views • 83 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
TinyKeys: A New Approach to Efficient Multi-Party Computation Carmit Hazay , Emmanuela Orsini,

TinyKeys: A New Approach to Efficient Multi-Party Computation Carmit Hazay , Emmanuela Orsini,

TinyKeys: A New Approach to Efficient Multi-Party Computation Carmit Hazay , Emmanuela Orsini, Peter Scholl and Eduardo Soria-Vazquez Based on slides prepared by Peter Scholl and Eduardo Soria-Vazquez Secure Multi-Party Computation (MPC)

756 views • 36 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao Wang Mariana Raykova Adri Gascn Jack Doerner Jonathan Katz David Evans oblivc.org/sqoram Secure multi-party computation applications Set

504 views • 25 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB. January 8, 2013 Nigel P . Smart Multi Party

604 views • 28 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.36k views • 124 slides
Multi-Party Computation with Hybrid Security Matthias Fitzi, Thomas Holenstein, and J urg

Multi-Party Computation with Hybrid Security Matthias Fitzi, Thomas Holenstein, and J urg

Multi-Party Computation with Hybrid Security Matthias Fitzi, Thomas Holenstein, and J urg Wullschleger Multi-Party Computation (MPC)

405 views • 29 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
MP-SPDZ: A Versatile Framework for Multi-Party Computation Marcel Keller CSIROs Data61 13 May

MP-SPDZ: A Versatile Framework for Multi-Party Computation Marcel Keller CSIROs Data61 13 May

MP-SPDZ: A Versatile Framework for Multi-Party Computation Marcel Keller CSIROs Data61 13 May 2020 MP-SPDZ 20+ MPC protocols in several computation domains and security models (malicious/semi-honest, any threshold corruption) Secret

53 views • 4 slides
Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data without sharing?

446 views • 20 slides
More Practical Multi-Party Computation Feng Hao University of Warwick Tutorial, Indocryt19

More Practical Multi-Party Computation Feng Hao University of Warwick Tutorial, Indocryt19

More Practical Multi-Party Computation Feng Hao University of Warwick Tutorial, Indocryt19 Hyderabad, India There are only three papers that are worth writing: the first, the last and the best. - Roger Needham (1935-2003) Outline of

1.26k views • 102 slides
Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive Corruption + Honest-Majority Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the

497 views • 20 slides
Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

660 views • 34 slides
A new approach to efficient multi-party computation Carmit Hazay, Emmanuela Orsini, Peter Scholl

A new approach to efficient multi-party computation Carmit Hazay, Emmanuela Orsini, Peter Scholl

Tin inyKeys: : A new approach to efficient multi-party computation Carmit Hazay, Emmanuela Orsini, Peter Scholl and Eduardo Soria-Vazquez Motivation Large number of users want to conduct surveys, auctions, statistical analysis, measure

1.62k views • 30 slides
Multi-Party Computation: Second year Eduardo Soria Vzquez October 11, 2017 A Year in a slide

Multi-Party Computation: Second year Eduardo Soria Vzquez October 11, 2017 A Year in a slide

Multi-Party Computation: Second year Eduardo Soria Vzquez October 11, 2017 A Year in a slide 1. Conferences attended : 1. Flagship: TCC 2016-B, Eurocrypt 2017. 2. Domain-specific: TPMPC. 3. Smaller Meetings: ECRYPT collaborative writing

351 views • 32 slides
Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point numbers Dan Bogdanov Sharemind project lead dan@cyber.ee https://sharemind.cyber.ee/ sharemind a machine for fast privacy-preserving computations

643 views • 42 slides
Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without Honest Majority: GMW Protocol MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure

465 views • 12 slides
Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of

Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of

Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of Illinois, Urbana-Champaign SMC SMC SMC conceived more than 30 years back SMC SMC conceived more than 30 years back A very general concept that

395 views • 28 slides

More recommend