on the local leakage resilience of linear secret sharing
play

On the Local Leakage Resilience of Linear Secret Sharing Schemes - PowerPoint PPT Presentation

Oct 20, 2022 •227 likes •547 views

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

  1. On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research)

  2. Leakage attacks can be devastating Proposed Solution: Secret Sharing, MPC Proposed Solution: Secret Sharing, MPC A few full corruptions All the servers? All the servers? Partial leak from all

  3. Leakage Resilient Cryptography [ISW03, MR04, DP07, DP08, AGV09, NS09, FRR+10, [ISW03, MR04, DP07, DP08, AGV09, NS09, FRR+10, BKKV10, LLW11, BGJK12, DF12, BDL14, BGK14, GR15, DLZ15, GIMSS16 … ] - Strong leakage models - Specially-designed schemes - Specially-designed schemes

  4. Additive Shamir Are standard Are standard Secret Sharing Schemes Leakage Resilient? Leakage Resilient?

  5. Limited General Results Secret Sharing generically protects against weak forms of leakage. [DDF14] Noisy Leakage [BIVW16] Low approximate degree leaks [BIVW16] Low approximate degree leaks

  6. Leakage Model: Local Leakage … … Leak any partial Leak any partial information about state. Restricted form of Only Computation Leaks[Micali-Reyzin04, GR12, BDL14], Bounded Comm. Leakage [GIMSS16]

  7. Is Local Leakage reasonable? Local: Justified by physical separation Local: Justified by physical separation Shrinking: Timing, power, selective failures give limited information limited information Adversarial

  8. Additive Secret Sharing Shamir Secret Sharing Completely random Shares are evaluations Shares are evaluations Threshold: Degree + 1 points to reconstruct

  9. Is Additive Secret Sharing Local Leakage Resilient? A. Not Necessarily. One bit each leaks one bit of the secret!

  10. How about Shamir ? Guruswami-Wootters 16: One bit per server A. Not secure. Convert to additive. can reconstruct the whole secret! Regenerating Codes: When a server goes Lagrange Interpolation down, minimum communication you need to reconstruct.

  11. Results Overview Leakage Resilience of Additive & Shamir Secret Sharing Application: Leakage Resilience of GMW protocol Application: Local Share Conversion

  12. Results: Additive Secret Sharing Thm . Thm .

  13. Results: Shamir Secret Sharing Thm . Thm .

  14. GW16: Reconstruct secret 1 bit of secret leaked Full Break Full Break n/2 degree t ?? Conjecture .

  15. 0 0 0 Random Secret 6 6 6 6 6 6 1 1 1 1 1 1 5 5 5 2 2 2 4 4 4 3 3 3 6 2 4 0 1 5 3 Generalizes to const. servers

  16. Application: MPC Honest-but-Curious GMW w/ preprocessed Beaver Triples Goldreich-Micali-Wigderson87, Beaver91 Secret Shared Inputs Preprocessing Beaver Triples for product gates Computation Computation Addition: Locally Add Shares Addition: Locally Add Shares Multiplication: Use Beaver Triples

  17. Application: MPC Thm .

  18. Byproduct : On Local Share Conversion [Beimel-Ishai-Kushilevitz-Orlov12] Locally convert secret under one scheme to related secret under other scheme related secret under other scheme Lagrange Coefficients.

  19. Byproduct : On Local Share Conversion Homomorphic Secret Sharing (Boyle-Gilboa-Ishai16) To get 3-server HSS:

  20. Techniques 0 0 0 0 4 1 4 4 4 1 1 1 2 3 2 2 2 3 3 3 No subgroups No subgroups Some Some information. 2 4 0 1 3

  21. Techniques

  22. Summary Application : Honest-but-Curious GMW is leakage resilient. Application : Local Share Conversion Impossibility results.

  24. Usually in Leakage Resilience [Cite many works on leakage. ] Here: Here: Given existing schemes, Given existing schemes, how Leakage Resilient are they?

  25. Results: Thm . Thm . Thm .

  26. Q: How Leakage Resilient are - Shamir & Additive Secret Sharing? - Shamir & Additive Secret Sharing? - GMW & BGW style MPC Protocols? Why? Why? - Exist and are Used. - Useful Properties: Homomorphisms.

  27. Is Additive Secret Sharing Local Leakage Resilient? A. Not always. … … One bit each leaks one bit of the secret! Guruswami-Wootters16: For Shamir, one bit each allows full reconstruction of secret.

  28. Techniques To show: 0 0 0 4 1 4 1 4 1 Pr[ ] 3 3 2 2 3 3 2 2 3 3 2 2 secret = 1 secret = 1 secret = 0 secret = 0

  29. Application : Honest-but-Curious GMWs w/ preprocessed Beaver Triples Secret Share Inputs Secret Share Inputs Preprocess Beaver Triples for product gates: Compute: Addition: Locally Add Shares

  30. Techniques Secret: 10 = 11 + 01 + 00 00 01 00 01 00 01 00 01 00 01 00 01 Attack: Leak lsb(share) Attack: Leak lsb(share) 10 11 10 11 10 11 lsb(secret) = sum of leaks Leak reveals: Share’s coset 00 01 00 01 00 01 00 01 The coset is a group. The coset is a group. 10 11 10 11 Learn secret’s coset.

Recommend

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with Vipul Goyal, Raghu Meka, and Amit Sahai Secret Sharing secret s n s 1 s i Correctness: Any out of parties can

1.72k views • 144 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini

Efficient Leakage-Resilient Secret Sharing Peihan Miao Akshayaram Srinivasan Prashant Nalini Vasudevan UC Berkeley Secret Sharing [Shamir 79, Blakley 79] Share 1 , , Reconstruction: Given at least

1.45k views • 20 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Enforcing ideal-world leakage bounds in real-world secret sharing MPC frameworks Almeida 1 , 4

Enforcing ideal-world leakage bounds in real-world secret sharing MPC frameworks Almeida 1 , 4

Enforcing ideal-world leakage bounds in real-world secret sharing MPC frameworks Almeida 1 , 4 Barbosa 1 , 3 Barthe 2 Jos e Bacelar Manuel Gilles Hugo Pacheco 1 , 4 Vitor Pereira 1 , 3 Bernardo Portela 1 , 3 July 10, 2018 @ CSF 2018 1

282 views • 24 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion & UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret Secret Sharing

790 views • 75 slides
Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013 Outline 1. Introduction 2. Shamir Secret Sharing and Habeeb-Kahrobaei-Shpilrain secret sharing 3. Adjustments to HKS secret sharing and analysis

444 views • 27 slides
Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya Brown University I/O Access to a Device Secret s x x D s (x) D s (x) Device for D s ( ) User

683 views • 24 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and Dominique Schrder Friedrich-Alexander University Erlangen-Nrnberg Homomorphic Secret Sharing A secret-sharing scheme allows a client to share his

247 views • 14 slides
Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro Columbia University April 2, 2015 Lewko, Pastro (Columbia) RSSS & Loc Advs April 2, 2015 1 / 22 Secret Sharing (Informal) (Share , Rec) pair of

505 views • 47 slides
Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod Vaikuntanathan Hoeteck Wee MIT MIT CNRS and ENS May 6, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret s { 0 , 1 }

1.02k views • 85 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and Multi-linear Maps agan 1 and Ferucio Laurent iplea 2 Constantin C at alin Dr iu T 1 CNRS, LORIA, 54506 Vandoeuvre-l` es-Nancy Cedex France

623 views • 18 slides
A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su, Xiaoguang Liu, Gang Wang, (Nankai University) and Sheng Lin (Tianjin University of Technology). September 12, 2014 Secret sharing schemes Secret

1.43k views • 86 slides
Berkeley CS276 & MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 & MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa

Berkeley CS276 & MIT 6.875 Secret sharing and applications Lecturer: Raluca Ada Popa Starting to record Nuclear launch codes A judge, president and general receive shares ! , " , # of a secret from a

473 views • 35 slides
Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 +

Today. Secret Sharing. Polynomials A polynomial P ( x ) = a d x d + a d 1 x d 1 + a 0 . is specified by coefficients a d ,... a 0 . Share secret among n people. Polynomials. P ( x ) contains point ( a , b ) if b = P ( a ) .

221 views • 8 slides
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra , ISI, Kolkata Goutam Paul , Jadavpur University, Kolkata Roadmap Introduction Related Work and Contribution Bias in the Permutation

531 views • 36 slides
Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of

Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of

Vector Space Secret Sharing Scheme Mustafa Atici Western Kentucky University Department of Mathematics and Computer Science 52 MIGHTY Conference, Indiana State University, Terre Haute IN. April 27-28, 2012 Mustafa Atici Secret Sharing Scheme

461 views • 21 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal 1 Yuval Ishai 2

Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal 1 Yuval Ishai 2

Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal 1 Yuval Ishai 2 , 3 Hemanta K. Maji 4 Amit Sahai 3 Alexander A. Sherstov 3 1 Microsoft Research, India 2 Technion 3 University of California, Los Angeles 4 Purdue

488 views • 21 slides
How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key. The ciphertext can be replicated. Even if one replicated copy is lost, or stolen, Secret Sharing the information

181 views • 6 slides

More recommend