privacy preservation through secure multi party
play

Privacy Preservation through Secure Multi-party Computation: - PowerPoint PPT Presentation

Nov 23, 2022 •305 likes •660 views

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

  1. Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit´ e Catholique de Louvain (Belgium) Provable Privacy Workshop – July 2012 UCL Crypto Group Privacy with SMC: Implementation? - July 2012 1 Microelectronics Laboratory

  2. Outline of the Talk 1. Secure Multi-party Computation 2. New channel models 3. Towards implementation UCL Crypto Group Privacy with SMC: Implementation? - July 2012 2 Microelectronics Laboratory

  3. Outline of the Talk 1. Secure Multi-party Computation 2. New channel models 3. Towards implementation UCL Crypto Group Privacy with SMC: Implementation? - July 2012 2 Microelectronics Laboratory

  4. Secure 2-party computation Problem suggested by Yao in 1982 [Yao82]. Cryptography for mutually distrusting parties. UCL Crypto Group Privacy with SMC: Implementation? - July 2012 3 Microelectronics Laboratory

  5. Secure 2-party computation Problem suggested by Yao in 1982 [Yao82]. Cryptography for mutually distrusting parties. The parties. . . ◮ . . . want to jointly compute some value based on individually held secret bits of information; ◮ . . . do not wish to reveal their secrets to one another in the process. UCL Crypto Group Privacy with SMC: Implementation? - July 2012 3 Microelectronics Laboratory

  6. Secure 2-party computation Problem suggested by Yao in 1982 [Yao82]. Cryptography for mutually distrusting parties. The parties. . . ◮ . . . want to jointly compute some value based on individually held secret bits of information; ◮ . . . do not wish to reveal their secrets to one another in the process. Our focus is on security against computationally unbounded adversaries, in the information theoretic model. UCL Crypto Group Privacy with SMC: Implementation? - July 2012 3 Microelectronics Laboratory

  7. Oblivious Transfer Oblivious Transfer [Rab81] is a fundamental primitive for multi-party computation. ◮ many fashions of OT, all proved to be equivalent [Cr´ e87]. UCL Crypto Group Privacy with SMC: Implementation? - July 2012 4 Microelectronics Laboratory

  8. Oblivious Transfer Oblivious Transfer [Rab81] is a fundamental primitive for multi-party computation. ◮ many fashions of OT, all proved to be equivalent [Cr´ e87]. 1-out-of-2 OT : the sender (Sam) has two bits b 0 , b 1 and wants to transmit only one to the receiver (Rachel), while she wants to select the desired bit s without Sam knowing her choice. s b 0 , b 1 S OT R b s UCL Crypto Group Privacy with SMC: Implementation? - July 2012 4 Microelectronics Laboratory

  9. The Importance of Noise Oblivious Transfer cannot be achieved on a clear channel in the information theoretic model. Even a quantum channel proved to be useless for the purpose [May97]. Solution: noisy channels . UCL Crypto Group Privacy with SMC: Implementation? - July 2012 5 Microelectronics Laboratory

  10. The Importance of Noise Oblivious Transfer cannot be achieved on a clear channel in the information theoretic model. Even a quantum channel proved to be useless for the purpose [May97]. Solution: noisy channels . Open questions: ◮ most efficient/realistic channel models? ◮ what properties should noise have? UCL Crypto Group Privacy with SMC: Implementation? - July 2012 5 Microelectronics Laboratory

  11. Outline of the Talk 1. Secure Multi-party Computation 2. New channel models 3. Towards implementation UCL Crypto Group Privacy with SMC: Implementation? - July 2012 6 Microelectronics Laboratory

  12. Traditional constructions OT can be built on almost any noisy channel [CMW04]. However most constructions are based on the Binary Symmetric Channel (BSC). 1 − p 0 0 p p 1 1 1 − p UCL Crypto Group Privacy with SMC: Implementation? - July 2012 7 Microelectronics Laboratory

  13. Traditional constructions OT can be built on almost any noisy channel [CMW04]. However most constructions are based on the Binary Symmetric Channel (BSC). 1 − p 0 0 p p 1 1 1 − p ◮ First protocol proposed in 1988 [CK88]. ◮ Unfair Noisy Channel (UNC) [DKS99, DFMS04]. ◮ Weak Binary Symmetric Channel (WBSC) [Wul09]. UCL Crypto Group Privacy with SMC: Implementation? - July 2012 7 Microelectronics Laboratory

  14. Delays & Packet Loss In [PP10] we proposed to build OT over channels that model real network characteristics: ◮ packet delays (wireless) and reorderings (wired); ◮ lost packets. UCL Crypto Group Privacy with SMC: Implementation? - July 2012 8 Microelectronics Laboratory

  15. Delays & Packet Loss In [PP10] we proposed to build OT over channels that model real network characteristics: ◮ packet delays (wireless) and reorderings (wired); ◮ lost packets. ◮ Binary Discrete-time t Channel u Delaying Channel t 0 (BDDC); c 1 , c 2 u 0 c 2 ◮ Delaying-Erasing Channel t 1 Pr ( p ) c 3 , c 4 (DEC). u 1 c 1 , c 3 , c 4 UCL Crypto Group Privacy with SMC: Implementation? - July 2012 8 Microelectronics Laboratory

  16. Outline of the Talk 1. Secure Multi-party Computation 2. New channel models 3. Towards implementation UCL Crypto Group Privacy with SMC: Implementation? - July 2012 9 Microelectronics Laboratory

  17. Protocol - preparation Protocol inspired by the one proposed in [CK88]. Preliminary work Sam creates two sets of bit strings C and C ′ . | C | = | C ′ | = n UCL Crypto Group Privacy with SMC: Implementation? - July 2012 10 Microelectronics Laboratory

  18. Protocol - preparation Protocol inspired by the one proposed in [CK88]. Preliminary work Sam creates two sets of bit strings C and C ′ . | C | = | C ′ | = n Each string in any of the two sets is composed of: c i ∈ C = ��� . . . ����� . . . �� UCL Crypto Group Privacy with SMC: Implementation? - July 2012 10 Microelectronics Laboratory

  19. Protocol - preparation Protocol inspired by the one proposed in [CK88]. Preliminary work Sam creates two sets of bit strings C and C ′ . | C | = | C ′ | = n Each string in any of the two sets is composed of: ◮ the string identifier e : e i in c i ∈ C is unique in { C ∪ C ′ } . e i � �� � c i ∈ C = ��� . . . �� ��� . . . �� UCL Crypto Group Privacy with SMC: Implementation? - July 2012 10 Microelectronics Laboratory

  20. Protocol - preparation Protocol inspired by the one proposed in [CK88]. Preliminary work Sam creates two sets of bit strings C and C ′ . | C | = | C ′ | = n Each string in any of the two sets is composed of: ◮ the string identifier e : e i in c i ∈ C is unique in { C ∪ C ′ } . ◮ the sequence number i : i in c i ∈ C is unique in C and shared by c ′ i ∈ C ′ ; e i i � �� � � �� � c i ∈ C = ��� . . . �� ��� . . . �� UCL Crypto Group Privacy with SMC: Implementation? - July 2012 10 Microelectronics Laboratory

  21. Protocol - communication 1 1. At time t 0 Sam sends to Rachel C over a BDDC; C S R BDDC UCL Crypto Group Privacy with SMC: Implementation? - July 2012 11 Microelectronics Laboratory

  22. Protocol - communication 1 1. At time t 0 Sam sends to Rachel C over a BDDC; 2. At t 1 Sam sends the set C ′ ; C ′ S R BDDC UCL Crypto Group Privacy with SMC: Implementation? - July 2012 11 Microelectronics Laboratory

  23. Protocol - communication 1 1. At time t 0 Sam sends to Rachel C over a BDDC; 2. At t 1 Sam sends the set C ′ ; 3. At u 0 Rachel receives the strings of C not delayed; ??? S R BDDC UCL Crypto Group Privacy with SMC: Implementation? - July 2012 11 Microelectronics Laboratory

  24. Protocol - communication 1 1. At time t 0 Sam sends to Rachel C over a BDDC; 2. At t 1 Sam sends the set C ′ ; 3. At u 0 Rachel receives the strings of C not delayed; 4. At u 1 Rachel receives the strings of C delayed once and those of C ′ not delayed. Then she keeps listening; ??? S R BDDC UCL Crypto Group Privacy with SMC: Implementation? - July 2012 11 Microelectronics Laboratory

  25. Protocol - communication 1 1. At time t 0 Sam sends to Rachel C over a BDDC; 2. At t 1 Sam sends the set C ′ ; 3. At u 0 Rachel receives the strings of C not delayed; 4. At u 1 Rachel receives the strings of C delayed once and those of C ′ not delayed. Then she keeps listening; 5. Rachel divides the sequence numbers received into two sets I s and I 1 − s . For all those in I s , the corresponding c has not been delayed; I s , I 1 − s S R clear channel UCL Crypto Group Privacy with SMC: Implementation? - July 2012 11 Microelectronics Laboratory

  26. Protocol - communication 2 6. Sam receives I s and I 1 − s and chooses a universal hash function f . For each set I j he computes g j : � � e j 1 � . . . � e j with e j 1 , . . . , e j g j = 2 ∈ E j . n n 2 where e i ∈ E j ⇔ i ∈ I j . f , ( f ( g 0 ) ⊕ b 0 ) , ( f ( g 1 ) ⊕ b 1 ) S R clear channel UCL Crypto Group Privacy with SMC: Implementation? - July 2012 12 Microelectronics Laboratory

  27. Protocol - communication 2 6. Sam receives I s and I 1 − s and chooses a universal hash function f . For each set I j he computes g j : � � e j 1 � . . . � e j with e j 1 , . . . , e j g j = 2 ∈ E j . n n 2 where e i ∈ E j ⇔ i ∈ I j . 7. Rachel computes her guess for b s : b s = f ( g s ) ⊕ ( f ( g s ) ⊕ b s ) S The End! R UCL Crypto Group Privacy with SMC: Implementation? - July 2012 12 Microelectronics Laboratory

Recommend

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

212 views • 17 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point numbers Dan Bogdanov Sharemind project lead dan@cyber.ee https://sharemind.cyber.ee/ sharemind a machine for fast privacy-preserving computations

643 views • 42 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.36k views • 124 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Multi Party secure communication C D A B E F N parties want to communicate securely with

Multi Party secure communication C D A B E F N parties want to communicate securely with

1 Key Establishment Chester Rebeiro IIT Madras 2 Multi Party secure communication C D A B E F N parties want to communicate securely with each other (N=6 in this figure) If U sends a message to V (U V and U,V {a,b,c,d,e,f})

721 views • 55 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data without sharing?

446 views • 20 slides
Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without Honest Majority: GMW Protocol MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure

465 views • 12 slides
Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio

Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio

Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio Orlandi (or a more privacy Privacy on sensitive social network) My friends should only see our common friends Secure Computation 8dx2rru3d0fW2TS y

520 views • 36 slides
Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure

Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure

Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure communication C D A B E F N parties want to communicate securely with each other (N=6 in this figure) If U sends a message to V (U V

771 views • 54 slides
Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive Corruption + Honest-Majority Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the

497 views • 20 slides
Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

677 views • 47 slides
Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao Wang Mariana Raykova Adri Gascn Jack Doerner Jonathan Katz David Evans oblivc.org/sqoram Secure multi-party computation applications Set

504 views • 25 slides
Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of

Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of

Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of Illinois, Urbana-Champaign SMC SMC SMC conceived more than 30 years back SMC SMC conceived more than 30 years back A very general concept that

395 views • 28 slides
Advanced Tools from Modern Cryptography Lecture 5 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 5 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 5 Secure Multi-Party Computation: Passive Corruption MPC: Honest-Majority + Passive-Corruption Can achieve information-theoretic security for any function Function should be given as an

573 views • 15 slides
Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation Active Research Areas Secure Multi-party Computation (SMC) Randomization approach Limitations Summary and Insights Overview

716 views • 53 slides
THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM EXPOSURE Presented By LAURA J. COE INTRODUCTION Why Privacy Law Issues Matter During 2017, over 1,500 data breaches resulted in:

586 views • 57 slides
Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville

Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville

Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville Sokk dan@cyber.ee http://sharemind.cyber.ee/ The Sharemind model Input Computing Result parties parties parties x 11 CP 1 y 1 IP 1 ... RP 1 x

411 views • 14 slides

More recommend