reusable non interactive secure computation
play

Reusable Non-Interactive Secure Computation Melissa Chase (MSR - PowerPoint PPT Presentation

Dec 25, 2022 •205 likes •1.31k views

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU) Yuval Ishai (Technion) Daniel Kraschewski (TNG Technology Consulting) Tianren Liu (MIT UW) Rafail Ostrovsky (UCLA) Vinod Vaikuntanathan

  1. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i y x f ( x , y )

  2. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i y x f ( x , y )

  3. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x f ( x , y )

  4. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗

  5. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0)

  6. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world

  7. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world

  8. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world

  9. How to Lift One-shot Security to Reusability S R a i , b i x i ˜ rOLE a i ˜ x i + b i /// y / x ◮ UC-security : ∃ an efficient simulator S f ( x , y ∗ ) S ( a 1 , b 1 , a 2 , b 2 ,... ) → y ∗ ◮ No Abort (optional): When abnormal behavior was detected, output f ( x , 0) ◮ Difficulty : distribution y ∗ = ⇒ f ( x , y ∗ ) has entropy in ideal world = ⇒ leak information of receiver’s randomness in real world ◮ “Strong” UC-security = ⇒ Reusability The simulator is deterministic

  10. Overview: rNISC in rOLE-hybrid model S R y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  11. Overview: rNISC in rOLE-hybrid model S R y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  12. Overview: rNISC in rOLE-hybrid model S R A , b x rOLE Ax + b y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  13. Overview: rNISC in rOLE-hybrid model S R A , b x rOLE Ax + b y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  14. Overview: rNISC in rOLE-hybrid model S R A , b x rOLE Ax + b y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  15. Overview: rNISC in rOLE-hybrid model S R A , b x Certified rOLE � Ax + b ⊥ y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  16. Overview: rNISC in rOLE-hybrid model S R A , b x Certified rOLE � Ax + b ⊥ y ∈ F n x ∈ F n ◮ Assume f is an arithmetic NC 1 circuit or f ( x , y ) an arithmetic branching program over F ◮ [IK’02,AIK’14] encode y �→ ( A , b ) s.t. Ax + b reveals f ( x , y ) and nothing else ◮ Against malicious sender: detect if ( A , b ) is honestly generated, i.e. satisfies some simple arithmetic constraints � Ax + b , if ( A , b ) satisfies constraints Certified rOLE → ⊥ , otherwise

  17. Certified rOLE S R

  18. Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . .

  19. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . .

  20. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints

  21. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints ◮ Side product: reusable DV-NIZK in rOLE-hybrid model.

  22. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints ◮ Side product: reusable DV-NIZK in rOLE-hybrid model.

  23. Certified rOLE Certified rOLE S R a 1 , b 1 x 1 rOLE a 1 x 1 + b 1 a 2 , b 2 x 2 rOLE a 2 x 2 + b 2 a 3 , b 3 x 3 rOLE a 3 x 3 + b 3 . . . ◮ Sender can prove ( a 1 , b 1 , a 2 , b 2 ,... ) satisfies arithmetic constraints a i = a j for some ( i , j ) for general constraints → see eprint ◮ Side product: reusable DV-NIZK in rOLE-hybrid model.

  24. Certified rOLE Certified rOLE S R . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ

  25. Certified rOLE Certified rOLE S R w rOLE w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ

  26. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ

  27. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Commitment( a )

  28. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a )

  29. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F x i ˆ x i ← F ˆ rOLE ˆ ˆ x i = x i − w ˆ x i rOLE . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a )

  30. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F r , r ′ r ′ ← F x i ˆ x i ← F ˆ rOLE x i + r ′ r ˆ ˆ a , b + r ′ ˆ x i = x i − w ˆ x i rOLE a ˆ x i + b + r ′ ˆ . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a )

  31. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F r , r ′ r ′ ← F x i ˆ x i ← F ˆ rOLE x i + r ′ r ˆ ˆ a , b + r ′ ˆ x i = x i − w ˆ x i rOLE a ˆ x i + b + r ′ ˆ . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs

  32. Certified rOLE Certified rOLE S R a , r w rOLE aw + r r ← F w ← F r , r ′ r ′ ← F x i ˆ x i ← F ˆ rOLE x i + r ′ r ˆ ˆ a , b + r ′ ˆ x i = x i − w ˆ x i rOLE a ˆ x i + b + r ′ ˆ . . . x i + r ′ ) + ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs

  33. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ x i = x i − w ˆ ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs

  34. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ x i = x i − w ˆ ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation.

  35. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ x i = x i − w ˆ ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ

  36. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender:

  37. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender:

  38. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender: Deviate = ⇒ random output

  39. Certified rOLE Certified rOLE S R a , r w rOLE r , r ′ ˆ x i r , r ′ ← F rOLE w , ˆ x i ← F a , b + r ′ ˆ ˆ x i = x i − w ˆ x i rOLE x i + r ′ ) + e ( a ˆ x i + b + r ′ ) ax i + b = ( aw + r ) · ˆ x i − ( r ˆ ˆ Target Commitment( a ) rOLE outputs ◮ Correctness: Above equation. x i + ˆ ◮ UC-secure against Receiver: x i := w ˆ x i . ˆ ◮ “Strong” UC-secure against Sender: Deviate = ⇒ random output not yet

  40. Our Results NEW primitive: Oblivious linear function evaluation (OLE) S R a , b ∈ F x ∈ F get ax + b ∈ F Theorem 2 Theorem 3 An information-theoretical An UC-secure 2-msg reusable UC-secure reusable NISC OLE protocol in the CRS setting, protocol in rOLE-hybrid model. under Paillier assumption.

  41. Our Results NEW primitive: Oblivious linear function evaluation (OLE) S R a , b ∈ F x ∈ F get ax + b ∈ F Theorem 2 Theorem 3 An information-theoretical An UC-secure 2-msg reusable UC-secure reusable NISC OLE protocol in the CRS setting, protocol in rOLE-hybrid model. under Paillier assumption.

  42. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x

  43. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x )

  44. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( a − r ) Enc ( b + rx )

  45. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( a − r ) Enc ( b + rx ) Efficient simulator against unbounded malicious receiver

  46. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( b + rx ) Efficient simulator against unbounded malicious receiver

  47. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( ) a Enc ( b + rx ) Enc ( b ) Efficient simulator against unbounded malicious receiver

  48. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( ) a Enc ( b + rx ) Enc ( b ) Efficient simulator against Efficient simulator against unbounded malicious receiver unbounded malicious sender

  49. rOLE from Paillier Dual-mode (similar to OT from [PVW’08] ) D 1 is indistinguishable from D 2 Mode I Mode II S R S R crs ← D 1 crs ← D 2 a , b x a , b x Enc ( x ) Enc ( 0 ) Enc ( a − r ) Enc ( ) a Enc ( b + rx ) Enc ( b ) Efficient simulator against Efficient simulator against unbounded malicious receiver unbounded malicious sender

  50. Paillier Encryption Scheme KeyGen public key, trapdoor

  51. Paillier Encryption Scheme KeyGen public key, trapdoor x Encrypt Enc r ( x ) Decrypt x randomness r trapdoor

  52. Paillier Encryption Scheme KeyGen public key, trapdoor x Encrypt Enc r ( x ) Decrypt x randomness r trapdoor Enc 0 ( x ) Decrypt x

  53. Paillier Encryption Scheme KeyGen public key, trapdoor x Encrypt Enc r ( x ) Decrypt x randomness r trapdoor Enc 0 ( x ) Decrypt x Enc r ( x ) · Enc s ( y ) = Enc r + s ( x + y )

  54. rOLE from Paillier S R a , b x

  55. rOLE from Paillier CRS (Mode I) S R h = Enc 0 ( 1 ) w = Enc α ( 0 ) W 0 = Enc β ( 1 ) a , b x

  56. rOLE from Paillier CRS (Mode I) S R h = Enc 0 ( 1 ) w = Enc α ( 0 ) W 0 = Enc β ( 1 ) a , b x sample sk W 1 = w sk W x 0 = Enc x β + α · sk ( x )

  57. rOLE from Paillier CRS (Mode I) S R h = Enc 0 ( 1 ) w = Enc α ( 0 ) W 0 = Enc β ( 1 ) a , b x sample r sample sk W 1 = w sk W x 0 = Enc x β + α · sk ( x ) v = w r = Enc r α ( 0 ) V 0 = h a W − r = Enc − r β ( a − r ) 0 V 1 = h b W r 1 = Enc rx β + r α · sk ( b + rx )

Recommend

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek Jain (UCLA) (JHU) Rafail Ostrovsky Ivan Visconti (UCLA) (University of Salerno) Secure Two Party Computation Function f Input x Input y P 2 P 1

443 views • 21 slides
New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation Abishek Kumarasubramanian Secure Computation [Yao,GMW] Security guarantee only Corrupted party learns no when protocol runs

369 views • 16 slides
Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party Computation 2 1 (, ) Secure Two-Party Computation 2 1 (, ) Non-Interactive Secure

2.32k views • 48 slides
Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

https://2.bp.blogspot.com/-Q_39kDXs93c/UOecpSOTX5I/AAAAAAAAA2k/WaIfMiKzQOw/s1600/eniac1+%281%29.jpg Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure computation Zero-knowledge proofs

465 views • 33 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views • 24 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Rump Session 2016 Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin Kp Ko University Fair Secure Computation ALPTEKN KP Assistant Professor of Computer Science and Engineering

429 views • 27 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

1 International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020 Mon Z a: fast maliciously-secure 2-party computation on the ring 2 k Dario Catalano 1 , Mario Di Raimondo 1 , Dario Fiore 2 and Irene Giacomelli 3 1

504 views • 25 slides
Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School in Computer Science 2016 Overview Lecture 1: Introduction to Secure Two-Party Computation Lecture 2: Private Set Intersection Lecture 3: Tools

935 views • 67 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides
Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio

Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio

Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio Orlandi (or a more privacy Privacy on sensitive social network) My friends should only see our common friends Secure Computation 8dx2rru3d0fW2TS y

520 views • 36 slides

More recommend