on the structure of unconditional uc hybrid protocols
play

On the Structure of Unconditional UC Hybrid Protocols Mike Rosulek - PowerPoint PPT Presentation

Feb 01, 2023 •283 likes •1.07k views

On the Structure of Unconditional UC Hybrid Protocols Mike Rosulek (Oregon State University) and Morgan Shirley (University of Toronto) Problem Statement & Summary of Results Our Parameters f(x, y) y x 2-Party functions A B

  1. On the Structure of Unconditional UC Hybrid Protocols Mike Rosulek (Oregon State University) and Morgan Shirley (University of Toronto)

  2. Problem Statement & Summary of Results

  3. Our Parameters f(x, y) y x ● 2-Party functions A B ● Finite and fjxed truth tables y 0 1 2 ● Symmetric 0 2 1 0 ● UC Security 120 x 1 201 ● Security with abort 2 ● Information theoretic

  4. Our Parameters f(x, y) y x ● 2-Party functions A B ● Finite and fjxed truth tables ● Symmetric 0 2 1 ● UC Security 120 201 ● Security with abort ● Information theoretic

  5. 2-Party SFEs with Information- Theoretic UC Security Either:

  6. 2-Party SFEs with Information- Theoretic UC Security Either: Trivial! 0 1 0 001

  7. 2-Party SFEs with Information- Theoretic UC Security Either: Trivial! Impossible! 0 1 0 (literally everything interesting) 001

  8. 2-Party SFEs with Information- Theoretic UC Security Either: Trivial! Impossible! 0 1 0 (literally everything interesting) 001 We'd like to differentiate functionalities on the right side Canetti, Kushilevitz and Lindell EUROCRYPT 2003 Prabhakaran and Rosulek CRYPTO 2008

  9. Hybrid World

  10. Reductions ● A way to defjne complexity ● A function f reduces to a function g if there exists a g -hybrid protocol for f that has UC security f ⊑ g

  11. Goal: completely classify when f and g reduce to each other

  12. Completeness ● Complete g : every f reduces to g ● Kilian 1 shows a necessary and suffjcient condition for completeness 0 1 11 1. In 23 rd ACM STOC , 1991

  13. 2-Party SFEs with Information- Theoretic UC Security Trivial! Complete 0 1 0 0 1 001 11 Everything Reduces to reduces to everything

  14. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 0 1 0 0 1 001 11 Everything Reduces to reduces to everything

  15. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 0 1 0 0 1 0 0 1 001 001 11 110 Everything Reduces to reduces to everything

  16. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 0 1 0 0 1 0 0 1 001 001 11 110 Everything Reduces to reduces to everything Some reductions studied between decomposable functions (e.g. Maji, Prabhakaran, Rosulek TCC 2009)

  17. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 1 2 1 0 1 0 0 1 0 0 1 452 001 001 11 433 110 Everything Reduces to reduces to everything Some reductions studied between decomposable functions (e.g. Maji, Prabhakaran, Rosulek TCC 2009)

  18. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 1 2 1 0 1 0 0 1 0 0 1 452 001 001 11 433 110 Everything Reduces to reduces to everything ? Some reductions studied between decomposable functions (e.g. Maji, Prabhakaran, Rosulek TCC 2009)

  19. Main Theorem (almost) When f and g are incomplete , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  20. Main Theorem (almost) When f and g are incomplete , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑ * *With a few edge cases

  21. Edge case: Unilateral functions ● At least one row (or column) constant! ● One party might know 1 1 1 the output before the 233 protocol begins 233

  22. Main Theorem (almost) When f and g are incomplete , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  23. Main Theorem (almost) When f and g are incomplete and f is non- unilateral , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  24. Number of rounds required in a g -hybrid protocol for f ... 1 Number of protocol rounds necessary (for incomplete and non-unilateral f and g )

  25. Number of rounds required in a g -hybrid protocol for f ... ω(log κ) 1 Number of protocol rounds necessary (for incomplete and non-unilateral f and g )

  26. Main Theorem (almost) When f and g are incomplete and f is non- unilateral , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  27. Main Theorem When f and g are incomplete and f is non- unilateral , if f ⊑ via a (worst-case) log-round g protocol: – f g via a single-round deterministic protocol ⊑

  28. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  29. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g These edge cases are necessary

  30. Embedding

  31. What would a single-round reduction look like?

  32. What would a single-round reduction look like? A B g g g

  33. What would a single-round reduction look like? A B A B g or g A B g g

  34. What would a single-round reduction look like? A B A B g or g A B g g

  35. Embedding: Correctness ● Each party sends a g -input based on their f -input ● The g -output maps back to an f -output ● Intuitively: f appears as sub-matrix* in g g f 1 2 1 7 1 2 1 452 7 452 433 7 433 8889 *Perhaps with some rearrangement and relabelling

  36. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  37. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  38. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  39. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  40. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  41. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  42. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  43. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  44. Embedding ● Defjnition basically follows this intuition – If there's an embedding, there's a single-round protocol – If there's a single-round protocol, there's an embedding

  45. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  46. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  47. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  48. Collapse a protocol to a single round

  49. Frontiers g g g g g g g g g g

  50. Frontiers Property: Alice's simulator has extracted ✗ ✗ ✔ g g ✗ ✔ ✔ ✔ g g g ✔ ✔ ✔ ✔ ✔ ✔ ✗ ✗ g g g g g

  51. Frontiers Property: Alice's simulator has extracted ✗ ✗ ✔ g g ✗ ✔ ✔ ✔ g g g ✔ ✔ ✔ ✔ ✔ ✔ ✗ ✗ g g g g g

  52. Our Frontiers ● F A-ext – Alice's simulator has extracted ● F A-out – Alice thinks the output is fjxed (regardless of Bob's input) ● Similar frontiers defjned for Bob – F B-ext – F B-out

  53. Idea: Give me any secure, correct protocol for ⊑ f g. I can say something about the frontiers.

  54. Frontiers F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  55. Frontiers F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  56. Frontiers BAD! F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  57. Frontiers F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  58. Frontiers F A-ext BAD! F B-ext F B-out g g F A-out g g g g g g g g

  59. Frontiers F A-ext BAD! F B-ext F B-out g g F A-out g g g g g g g g This is where we need f to be non-unilateral

  60. Cycle of Inequalities ● F A-ext not before F B-out ● F A-out not before F A-ext ● F B-ext not before F A-out ● F B-out not before F B-ext ● So they all happen at the same time! ● Must happen due to a call to g

  61. Instantaneous Property g g g g g g g g g g

  62. Instantaneous Property Before: no information shared g g g g g g g g g g Error (small) After: output of f is known

  63. Instantaneous Property Before: no information shared g g g g Error (small)

Recommend

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP University VP University WHEN DO YOU USE HYBRI D CONSTRUCTI ON? Hybrid Construction is an economical alternative to conventional steel structures

431 views • 15 slides
Hybrid Checking with Data Structure Invariants Moss Prescott University of Colorado, Boulder

Hybrid Checking with Data Structure Invariants Moss Prescott University of Colorado, Boulder

Hybrid Checking with Data Structure Invariants Moss Prescott University of Colorado, Boulder CSCI 5535, Spring 2009 Invariant Checks An easy way for developers to specify/verify a data structure and its implementation One common

185 views • 16 slides
READING THE NEWS THROUGH ITS STRUCTURE: NEW HYBRID CONNECTIVITY BASED APPROACHES Programa de

READING THE NEWS THROUGH ITS STRUCTURE: NEW HYBRID CONNECTIVITY BASED APPROACHES Programa de

READING THE NEWS THROUGH ITS STRUCTURE: NEW HYBRID CONNECTIVITY BASED APPROACHES Programa de Doutoramento em Cincias da Complexidade Doctoral Programme in Complexity Sciences Orientador / Advisor: Professor Jorge Manuel Anacleto Lou

739 views • 40 slides
High-dimensional consistency in score-based and hybrid structure learning Marloes Maathuis joint

High-dimensional consistency in score-based and hybrid structure learning Marloes Maathuis joint

High-dimensional consistency in score-based and hybrid structure learning Marloes Maathuis joint work with Preetam Nandy and Alain Hauser Structure learning We consider random variables ( X 1 , . . . , X p ) with distribution F 0 , where F 0

1.28k views • 82 slides
Unconditional Flocking of the Delayed Cucker-Smale Model Jianhong Wu Collaborator: Yicheng Liu,

Unconditional Flocking of the Delayed Cucker-Smale Model Jianhong Wu Collaborator: Yicheng Liu,

Unconditional Flocking of the Delayed Cucker-Smale Model Jianhong Wu Collaborator: Yicheng Liu, National University of Defense Technology April 6, 2013 Outline The Cucker-Smale Model Flocking solutions and unconditional flocking

289 views • 15 slides
Corporate Presentation Voluntary Unconditional General Offer for Neptune Orient Lines Limited

Corporate Presentation Voluntary Unconditional General Offer for Neptune Orient Lines Limited

Group Corporate Presentation Voluntary Unconditional General Offer for Neptune Orient Lines Limited Financial department 10 June 2016 19/03/2014 Overview of the Offer Voluntary Unconditional General Offer by CMA CGM S.A. (CMA CGM or the

369 views • 15 slides
Comparison of different solution strategies for structure deformation using hybrid OpenMP-MPI

Comparison of different solution strategies for structure deformation using hybrid OpenMP-MPI

Comparison of different solution strategies for structure deformation using hybrid OpenMP-MPI methods Miguel Vargas, Salvador Botello 1/29 Description of the problem Description of the problem This is a high performance/large scale

661 views • 29 slides
Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport network Example client/server systems and link their application-level protocols: physical Application-Layer Protocols:

432 views • 10 slides
Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport Example client/server systems and network their application-level protocols: link physical Application-Layer Protocols

281 views • 13 slides
Well-being and Income Poverty Impacts of an unconditional cash transfer program using a

Well-being and Income Poverty Impacts of an unconditional cash transfer program using a

Well-being and Income Poverty Impacts of an unconditional cash transfer program using a subjective approach Kelly Kilburn, Sudhanshu Handa, Gustavo Angeles kkilburn@unc.edu UN WIDER Development Conference: Human Capital and Growth June 6,

433 views • 26 slides
Hybrid Controller Chip (HCC) Size: 4700um x 2860um; I/O pads: 83 Dual pad-ring

Hybrid Controller Chip (HCC) Size: 4700um x 2860um; I/O pads: 83 Dual pad-ring

Hybrid Controller Chip (HCC) Size: 4700um x 2860um; I/O pads: 83 Dual pad-ring structure to fit onto Hybrid IBM Standard Cells: ~20,000 + 727 Decoupling caps (200pF) Nets: 22,942 Macros: Voltage Regulator

313 views • 6 slides
Hybrid NLP Hybrid NLP O UTLINE O UTLINE Problems of Deep and Shallow Processing

Hybrid NLP Hybrid NLP O UTLINE O UTLINE Problems of Deep and Shallow Processing

Hybrid NLP Hybrid NLP O UTLINE O UTLINE Problems of Deep and Shallow Processing Hybrid Architectures An Advanced Platform for Hybrid NLP: Deep Thought Applications for Hybrid Processing Conclusion and Outlook LTII

635 views • 25 slides
Clive Bennett How we got here our structure 1 st firms Hybrid 90% selected option join

Clive Bennett How we got here our structure 1 st firms Hybrid 90% selected option join

Clive Bennett How we got here our structure 1 st firms Hybrid 90% selected option join for agreed network review Building the new brand On-site Debate on the QA systems Review systems review network implemented designed begins

650 views • 47 slides
Last time specific protocols: Application architectures HTTP client-server P2P

Last time specific protocols: Application architectures HTTP client-server P2P

Last time specific protocols: Application architectures HTTP client-server P2P SMTP, POP, IMAP hybrid DNS Application service P2P requirements: reliability, bandwidth, delay Internet transport

566 views • 24 slides
UCP, Draw Procedures and More Drafting Commercial vs. Standby, Conditional vs. Unconditional,

UCP, Draw Procedures and More Drafting Commercial vs. Standby, Conditional vs. Unconditional,

Presenting a live 90-minute webinar with interactive Q&A Letters of Credit: ISP98 Forms, UCC Article 5, UCP, Draw Procedures and More Drafting Commercial vs. Standby, Conditional vs. Unconditional, Limited Term vs. "Evergreen,"

647 views • 54 slides
Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI model. 1 Layered Protocols (2) 2-2 A typical message as it appears on the network. Data Link Layer 2-3 Discussion between a receiver and a

577 views • 23 slides
EXPO REAL Hybrid Summit Your virtual exhibition EXPO REAL Hybrid Summit The Hybrid Conference

EXPO REAL Hybrid Summit Your virtual exhibition EXPO REAL Hybrid Summit The Hybrid Conference

EXPO REAL Hybrid Summit Your virtual exhibition EXPO REAL Hybrid Summit The Hybrid Conference for Property and Investment October 14 15, 2020 Internationales Congress Center Mnchen exporeal.net Building networks EXPO REAL Hybrid

314 views • 13 slides
Slicing Unconditional Jumps with Unnecessary Control Dependencies Carlos Galindo Sergio P

Slicing Unconditional Jumps with Unnecessary Control Dependencies Carlos Galindo Sergio P

Slicing Unconditional Jumps with Unnecessary Control Dependencies Carlos Galindo Sergio P erez Josep Silva VRAIN Universitat Polit` ecnica de Val` encia, Spain 30th International Symposium on Logic-Based Program Synthesis and

522 views • 36 slides
4 Application Layer Protocols Device Management Protocols Application layer protocols offering

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

EPFL, Spring 2017 4 Application Layer Protocols Device Management Protocols Application layer protocols offering remote services for large networks of devices: - Monitoring (health of devices and network, get current state) - Management

1.31k views • 93 slides
8 Shields: Attributes of Connection Unconditional Love & Forgiveness Fully Alive Quiet

8 Shields: Attributes of Connection Unconditional Love & Forgiveness Fully Alive Quiet

For the Northern Hemisphere: this wheel moves in a clockwise direction 8 Shields: Attributes of Connection Unconditional Love & Forgiveness Fully Alive Quiet Mind N NE NW Happiness of W E Truly Helpful a Child SW SE S Vitality

206 views • 5 slides
Optimal Constant-Time Approximation Algorithms and (Unconditional) Inapproximability Results for

Optimal Constant-Time Approximation Algorithms and (Unconditional) Inapproximability Results for

Optimal Constant-Time Approximation Algorithms and (Unconditional) Inapproximability Results for Every Bounded-Degree CSP Yuichi Yoshida Kyoto Univ. & Preferred Infrastructure 2011 5 26 Polynomial-Time Approximation

633 views • 37 slides
Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

The 1 st World Congress on Controversies in Hematology (COHEM) Rome, September, 2-5, 2010 Session 4. Acute Lymphoblastic Leukemia Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL? No No JM

990 views • 44 slides
Optimal Unconditional Parole David Scoones Department of Economics University of Victoria

Optimal Unconditional Parole David Scoones Department of Economics University of Victoria

Optimal Unconditional Parole David Scoones Department of Economics University of Victoria December 2009 Motivation Each time an offender on parole release commits a crime, calls for parole reform are widespread. Truth in sentencing

462 views • 33 slides
A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University LICS18 1 / 21 Outline: Hybrid { Dynamics, Logic, Power } Hybrid

353 views • 34 slides

More recommend