Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
reusable non interactive secure computation

Reusable Non-Interactive Secure Computation Melissa Chase (MSR - PowerPoint PPT Presentation

Dec 25, 2022 •205 likes •1.31k views

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU) Yuval Ishai (Technion) Daniel Kraschewski (TNG Technology Consulting) Tianren Liu (MIT UW) Rafail Ostrovsky (UCLA) Vinod Vaikuntanathan

  1. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i y x f ( x , y )

  2. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i y x f ( x , y )

  3. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x f ( x , y )

  4. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗

  5. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0)

  6. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world

  7. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world

  8. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world

  9. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world ◮ “Strong” UC-security = ⇒ Reusability The simulator is deterministic

  10. Overview: rNISC in rOLE-hybrid model S R y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  11. Overview: rNISC in rOLE-hybrid model S R y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  12. Overview: rNISC in rOLE-hybrid model S R A , b x rOLE Ax + b y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  13. Overview: rNISC in rOLE-hybrid model S R A , b x rOLE Ax + b y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  14. Overview: rNISC in rOLE-hybrid model S R A , b x rOLE Ax + b y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  15. Overview: rNISC in rOLE-hybrid model S R A , b x Certified rOLE � Ax + b ⊥ y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  16. Overview: rNISC in rOLE-hybrid model S R A , b x Certified rOLE � Ax + b ⊥ y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  17. Certified rOLE S R

  18. Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . .

  19. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . .

  20. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints

  21. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints ◮ Side product: reusable DV-NIZK in rOLE-hybrid model.

  22. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints ◮ Side product: reusable DV-NIZK in rOLE-hybrid model.

  23. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints a i = a j for some ( i , j ) for general constraints → see eprint ◮ Side product: reusable DV-NIZK in rOLE-hybrid model.

  24. Certified rOLE Certified rOLE S R . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ

  25. Certified rOLE Certified rOLE S R w rOLE w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ

  26. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ

  27. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Commitment( a )

  28. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a )

  29. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F x i ˆ x i ← F ˆ rOLE ˆ ˆ x i = x i − w ˆ x i rOLE . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a )

  30. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F r , r ′ r ′ ← F x i ˆ x i ← F ˆ rOLE x i + r ′ r ˆ ˆ a , b + r ′ ˆ x i = x i − w ˆ x i rOLE a ˆ x i + b + r ′ ˆ . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a )

  31. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F r , r ′ r ′ ← F x i ˆ x i ← F ˆ rOLE x i + r ′ r ˆ ˆ a , b + r ′ ˆ x i = x i − w ˆ x i rOLE a ˆ x i + b + r ′ ˆ . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs

  32. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F r , r ′ r ′ ← F x i ˆ x i ← F ˆ rOLE x i + r ′ r ˆ ˆ a , b + r ′ ˆ x i = x i − w ˆ x i rOLE a ˆ x i + b + r ′ ˆ . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs

  33. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ x i = x i − w ˆ ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs

  34. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ x i = x i − w ˆ ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation.

  35. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ x i = x i − w ˆ ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ

  36. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender:

  37. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender:

  38. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender: Deviate = ⇒ random output

  39. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender: Deviate = ⇒ random output not yet

  40. Our Results NEW primitive: Oblivious linear function evaluation (OLE) S R a , b ∈ F x ∈ F get ax + b ∈ F Theorem 2 Theorem 3 An information-theoretical An UC-secure 2-msg reusable UC-secure reusable NISC OLE protocol in the CRS setting, protocol in rOLE-hybrid model. under Paillier assumption.

  41. Our Results NEW primitive: Oblivious linear function evaluation (OLE) S R a , b ∈ F x ∈ F get ax + b ∈ F Theorem 2 Theorem 3 An information-theoretical An UC-secure 2-msg reusable UC-secure reusable NISC OLE protocol in the CRS setting, protocol in rOLE-hybrid model. under Paillier assumption.

  42. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x

  43. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x )

  44. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( a − r ) Enc ( b + rx )

  45. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( a − r ) Enc ( b + rx ) Efficient simulator against unbounded malicious receiver

  46. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( b + rx ) Efficient simulator against unbounded malicious receiver

  47. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( ) a Enc ( b + rx ) Enc ( b ) Efficient simulator against unbounded malicious receiver

  48. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( ) a Enc ( b + rx ) Enc ( b ) Efficient simulator against Efficient simulator against unbounded malicious receiver unbounded malicious sender

  49. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) D 1 is indistinguishable from D 2 Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( ) a Enc ( b + rx ) Enc ( b ) Efficient simulator against Efficient simulator against unbounded malicious receiver unbounded malicious sender

  50. Paillier Encryption Scheme KeyGen public key, trapdoor

  51. Paillier Encryption Scheme KeyGen public key, trapdoor x Encrypt Enc r ( x ) Decrypt x randomness r trapdoor

  52. Paillier Encryption Scheme KeyGen public key, trapdoor x Encrypt Enc r ( x ) Decrypt x randomness r trapdoor Enc 0 ( x ) Decrypt x

  53. Paillier Encryption Scheme KeyGen public key, trapdoor x Encrypt Enc r ( x ) Decrypt x randomness r trapdoor Enc 0 ( x ) Decrypt x Enc r ( x ) · Enc s ( y ) = Enc r + s ( x + y )

  54. rOLE from Paillier S R a , b x

  55. rOLE from Paillier CRS (Mode I) S R h = Enc 0 ( 1 ) w = Enc α ( 0 ) W 0 = Enc β ( 1 ) a , b x

  56. rOLE from Paillier CRS (Mode I) S R h = Enc 0 ( 1 ) w = Enc α ( 0 ) W 0 = Enc β ( 1 ) a , b x sample sk W 1 = w sk W x 0 = Enc x β + α · sk ( x )

  57. rOLE from Paillier CRS (Mode I) S R h = Enc 0 ( 1 ) w = Enc α ( 0 ) W 0 = Enc β ( 1 ) a , b x sample r sample sk W 1 = w sk W x 0 = Enc x β + α · sk ( x ) v = w r = Enc r α ( 0 ) V 0 = h a W − r = Enc − r β ( a − r ) 0 V 1 = h b W r 1 = Enc rx β + r α · sk ( b + rx )

Recommend

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party Computation 2 1 (, ) Secure Two-Party Computation 2 1 (, ) Non-Interactive Secure

2.32k views • 48 slides
Component Programming in The D Programming Language by Walter Bright Reusable Software an

Component Programming in The D Programming Language by Walter Bright Reusable Software an

Component Programming in The D Programming Language by Walter Bright Reusable Software an axiom we all buy into it we all try to write reusable software The Reality 35 years of programming, and very little reusable code

766 views • 44 slides
Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform

Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform

Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform Computation 2 Non-Uniform Computation Uniform: Same program for all (the infinitely many) inputs 2 Non-Uniform Computation Uniform: Same program

1.37k views • 107 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

705 views • 54 slides
Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek Jain (UCLA) (JHU) Rafail Ostrovsky Ivan Visconti (UCLA) (University of Salerno) Secure Two Party Computation Function f Input x Input y P 2 P 1

443 views • 21 slides
Incremental Interactive Computation Matthew Hammer hammer@cs.umd.edu Tuesday, October 7, 2014

Incremental Interactive Computation Matthew Hammer hammer@cs.umd.edu Tuesday, October 7, 2014

Incremental Interactive Computation Matthew Hammer hammer@cs.umd.edu Tuesday, October 7, 2014 1 Incremental Interactive Computation Matthew Hammer hammer@cs.umd.edu Tuesday, October 7, 2014 2 Batch Computation vs Interactive Computation

595 views • 32 slides
Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.76k views • 136 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.19k views • 102 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.37k views • 124 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.29k views • 59 slides
Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
Formal Definition of Computation Formal Definition of Computation p.1/28 Computation

Formal Definition of Computation Formal Definition of Computation p.1/28 Computation

Formal Definition of Computation Formal Definition of Computation p.1/28 Computation model The model of computation considered so far is the work performed by a finite automaton Formal Definition of Computation p.2/28

1.28k views • 69 slides
Non-Uniform Computation & Circuits Lecture 10 Wherein every language can be decided 1

Non-Uniform Computation & Circuits Lecture 10 Wherein every language can be decided 1

Non-Uniform Computation & Circuits Lecture 10 Wherein every language can be decided 1 Non-Uniform Computation 2 Non-Uniform Computation Uniform: Same program for all (the infinitely many) inputs 2 Non-Uniform Computation Uniform: Same

1.25k views • 105 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

203 views • 9 slides
Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services

Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services

Ubiquitous and Secure Networks and Services: SunSpot Development Platform Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and

489 views • 25 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.29k views • 126 slides
Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website: http://pages.cs.wisc.edu/ rist/cs838/ 1 / 55 Cryptography usage Did you use any cryptography today? 2 / 55 Cryptography usage Did you use any

855 views • 83 slides
from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

Strong Key Derivation from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing Technologies for Biometrics, Haifa January 15, 2015 Based on three works: Computational Fuzzy Extractors [FullerMengReyzin13]

1.44k views • 55 slides
CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

Cryptography is very old and very new Crypto is an ancient discipline Recall Julius Caesar, Enigma,... CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security exciting history Most of it

642 views • 4 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 7: Introduction to Public-Key Cryptography Objectives of this Lecture 1.

678 views • 21 slides
Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin mz@innaxis.org Secure CO 2 allowance trading :: Introduction Secure CO 2 allowance trading :: Introduction Problem: Computing without trust

605 views • 25 slides
From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell

From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell

From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell ACL2/Coq/Agda Latex Powerpoint Someone elses Powerpoint 2 Cryptographic techniques Already ubiquitous: e.g., SSL/TLS

1.05k views • 37 slides
Secure, Archival Storage With POTSHARDS Mark W. Storer Kevin M. Greenan Ethan L. Miller

Secure, Archival Storage With POTSHARDS Mark W. Storer Kevin M. Greenan Ethan L. Miller

Secure, Archival Storage With POTSHARDS Mark W. Storer Kevin M. Greenan Ethan L. Miller Kaladhar Voruganti FAST WIP Session February 14, 2007 Problem: Long-Term Encryption Keys may be lost Effectively short-term data deletion

312 views • 6 slides
Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair

Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair of Network Architectures and Services

681 views • 20 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.