secure computation using leaky correlations
play

Secure Computation using Leaky Correlations (Asymptotically Optimal - PowerPoint PPT Presentation

Jun 17, 2023 •192 likes •960 views

Secure Computation using Leaky Correlations (Asymptotically Optimal Constructions) Alexander R. Block 1 , Divya Gupta 2 , Hemanta K. Maji 1 , Hai H. Nguyen 1 1 Purdue University, {block9,hmaji,nguye245}@purdue.edu 2 Microsoft Research, Banaglore,

  1. Secure Computation using Leaky Correlations (Asymptotically Optimal Constructions) Alexander R. Block 1 , Divya Gupta 2 , Hemanta K. Maji 1 , Hai H. Nguyen 1 1 Purdue University, {block9,hmaji,nguye245}@purdue.edu 2 Microsoft Research, Banaglore, India, divya.gupta@microsoft.com 1 / 21

  2. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase 2 / 21

  3. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase Online m Bob Phase 1 m Alice 2 2 / 21

  4. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r B Phase Online m Bob Phase 1 m Alice 2 OT Example Parties can use ( r A , r B ) to generate multiple samples of Oblivious Transfer in an online protocol, which can then be used to securely compute any circuit. 2 / 21

  5. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase Online m Bob Phase 1 m Alice 2 Notes The preprocessing phase is independent of the functionality or the inputs fed to the functionality by the parties. Secret shares ( r A , r B ) are vulnerable to arbitrary leakage attacks . 2 / 21

  6. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase L Alice ( r B ) Online m Bob Phase 1 m Alice 2 Notes The preprocessing phase is independent of the functionality or the inputs fed to the functionality by the parties. Secret shares ( r A , r B ) are vulnerable to arbitrary leakage attacks . 2 / 21

  7. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r B Phase L Bob ( r A ) Online m Bob Phase 1 m Alice 2 Questions Given such leakage attacks, how can we securely use the initial preprocessing? 2 / 21

  8. Correlation Extractors (CorrExt) Introduced by Ishai, Kushilevitz, Ostrovsky, and Sahai at FOCS 2009 [IKOS09] to address leakage attacks Take leaky correlations as input and produce secure independent copies of oblivious transfer ( OT ) (or Randomized OT s) 3 / 21

  9. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r B Phase 4 / 21

  10. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits 4 / 21

  11. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits sender corruption Leakage t -bit t -bit or Phase leakage leakage receiver corruption 4 / 21

  12. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits sender corruption Leakage t -bit t -bit or Phase leakage leakage receiver corruption m Bob ε -Secure 1 Online Phase m Alice 2 4 / 21

  13. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits sender corruption Leakage t -bit t -bit or Phase leakage leakage receiver corruption m Bob ε -Secure 1 Online Phase m Alice 2 Fresh ROT · · · · · · · · · ROT 1 ROT 2 ROT m Output Phase 4 / 21

  14. Correlation Extractors (CorrExt): which ( R A , R B ) ? Random Oblivious Transfer ( ROT ): m ( i ) 0 , m ( i ) $ 1 , c ( i ) ← { 0 , 1 } ROT n/ 2 ( m ( i ) 0 , m ( i ) ( c ( i ) , m ( i ) 1 ) ∈ { 0 , 1 } n c ( i ) ) ∈ { 0 , 1 } n 5 / 21

  15. Correlation Extractors (CorrExt): which ( R A , R B ) ? Random Oblivious Transfer ( ROT ): m ( i ) 0 , m ( i ) $ 1 , c ( i ) ← { 0 , 1 } ROT n/ 2 ( m ( i ) 0 , m ( i ) ( c ( i ) , m ( i ) 1 ) ∈ { 0 , 1 } n c ( i ) ) ∈ { 0 , 1 } n � � Random Oblivious Linear-function Evaluation ( ROLE F ): $ a ( i ) , b ( i ) , x ( i ) ← F � n/ 2 � ROLE F ( a ( i ) , b ( i ) ) ∈ F n ( x ( i ) , z ( i ) ) ∈ F n z ( i ) := a ( i ) x ( i ) + b ( i ) 5 / 21

  16. Correlation Extractors (CorrExt): which ( R A , R B ) ? Random Oblivious Transfer ( ROT ): m ( i ) 0 , m ( i ) $ 1 , c ( i ) ← { 0 , 1 } ROT n/ 2 ( m ( i ) 0 , m ( i ) ( c ( i ) , m ( i ) 1 ) ∈ { 0 , 1 } n c ( i ) ) ∈ { 0 , 1 } n � � Random Oblivious Linear-function Evaluation ( ROLE F ): $ a ( i ) , b ( i ) , x ( i ) ← F � n/ 2 � ROLE F ( a ( i ) , b ( i ) ) ∈ F n ( x ( i ) , z ( i ) ) ∈ F n z ( i ) := a ( i ) x ( i ) + b ( i ) � � Note ROT ≡ ROLE GF [2] since m c = ( m 1 − m 0 ) c + m 0 . 5 / 21

  17. Prior Work and Our Contribution Result Correlation # m t ε ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 n ROT n/ 2 2 − gn/m ( 1 / 4 − g ) n 2 poly log n [GIMS15] 6 / 21

  18. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 n ROT n/ 2 2 − gn/m ( 1 / 4 − g ) n 2 poly log n [GIMS15] 3 IP GF [2] n � 2 − gn � 1 ( 1 / 2 − g ) n 2 3 The inner-product correlation IP n / lg | K | � � K is a correlation in which each party n / lg | K | such that their vectors are orthogonal. gets a vector in K 6 / 21

  19. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 n ROT n/ 2 2 − gn/m ( 1 / 4 − g ) n 2 poly log n [GIMS15] GF [2] n � � 2 − gn IP 1 ( 1 / 2 − g ) n 2 n / lg | K | � n 1 − o (1) 2 − gn � [BMN17] IP K ( 1 / 2 − g ) n 2 6 / 21

  20. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � IP 1 ( 1 / 2 − g ) n 2 n / lg | K | � n 1 − o (1) 2 − gn [BMN17] � ( 1 / 2 − g ) n 2 IP K ROT n/ 2 Our Work � n / 2 lg | F | � ROLE F 7 / 21

  21. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � IP 1 ( 1 / 2 − g ) n 2 n / lg | K | � n 1 − o (1) 2 − gn [BMN17] � ( 1 / 2 − g ) n 2 IP K ROT n/ 2 2 − Θ( n ) Θ( n ) Θ( n ) 2 Our Work � n / 2 lg | F | � 2 − Θ( n ) Θ( n ) Θ( n ) 2 ROLE F 7 / 21

  22. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � 1 ( 1 / 2 − g ) n 2 IP � n / lg | K | � n 1 − o (1) 2 − gn [BMN17] ( 1 / 2 − g ) n 2 IP K ROT n/ 2 2 − Θ( n ) Θ( n ) Θ( n ) 2 Our Work � n / 2 lg | F | 2 − Θ( n ) � ROLE F Θ( n ) Θ( n ) 2 n / lg | K | � 2 − gn � [BMN18] IP K Θ( n ) ( 1 / 2 − g ) n 2 7 / 21

  23. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � 1 ( 1 / 2 − g ) n 2 IP � n / lg | K | � n 1 − o (1) 2 − gn [BMN17] ( 1 / 2 − g ) n 2 IP K ROT n/ 2 2 − Θ( n ) Θ( n ) Θ( n ) 2 Our Work � n / 2 lg | F | 2 − Θ( n ) � ROLE F Θ( n ) Θ( n ) 2 n / lg | K | � 2 − gn � [BMN18] IP K Θ( n ) ( 1 / 2 − g ) n 2 Notes In an ongoing work, we reduce the communication complexity of our extractors from Θ( n log n ) to Θ( n ) . 7 / 21

  24. Main Results Theorem (Asymptotically Optimal Correlation Extractor for ROT ) ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROT n/ 2 such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) 8 / 21

  25. Main Results Theorem (Asymptotically Optimal Correlation Extractor for ROT ) ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROT n/ 2 such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) The technical heart of this theorem is another correlation extractor for � � . ROLE F 8 / 21

  26. Main Results Theorem (Asymptotically Optimal Correlation Extractor for ROT ) ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROT n/ 2 such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) The technical heart of this theorem is another correlation extractor for � � . ROLE F Theorem (Asymptotically Optimal Correlation Extractor for � � ROLE F ) For all large enough constant sized fields F ( e.g., | F | = 64) � n/ 2 lg | F | � ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROLE F such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) 8 / 21

  27. Comparison of Concrete Efficiency I � � We compare our CorrExt for ROLE F with the [BMN17] CorrExt for � n / lg | K | � . IP K 9 / 21

  28. Comparison of Concrete Efficiency I � � We compare our CorrExt for ROLE F with the [BMN17] CorrExt for � n / lg | K | � . IP K The [BMN17] CorrExt achieves highest production rate when 2 n/ 4 � 4 � � � using IP GF , and achieves leakage rate t/n = (1 / 4 − g ) . 2 16 � � � � We shall use ROLE for F = GF as a comparison. F 9 / 21

Recommend

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

https://2.bp.blogspot.com/-Q_39kDXs93c/UOecpSOTX5I/AAAAAAAAA2k/WaIfMiKzQOw/s1600/eniac1+%281%29.jpg Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure computation Zero-knowledge proofs

465 views • 33 slides
Generalized Leaky Integrate-and-Fire Model Building blocks of models for cortical computation

Generalized Leaky Integrate-and-Fire Model Building blocks of models for cortical computation

Generalized Leaky Integrate-and-Fire Model Building blocks of models for cortical computation Stefan Mihalas Assistant Investigator Affiliate Assistant Professor Lecture plan 1. Motivation: why we study mouse cortex 2. Single neuron

441 views • 32 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views • 24 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek Jain (UCLA) (JHU) Rafail Ostrovsky Ivan Visconti (UCLA) (University of Salerno) Secure Two Party Computation Function f Input x Input y P 2 P 1

443 views • 21 slides
Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck OWASP BeNeLux-Days, November 30, 2018 A primer on software security Secure program: convert all input

1.27k views • 77 slides
Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Rump Session 2016 Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin Kp Ko University Fair Secure Computation ALPTEKN KP Assistant Professor of Computer Science and Engineering

429 views • 27 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck 1st RISE Annual Conference, November 14, 2018 A primer on software security Secure program:

952 views • 79 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

1 International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020 Mon Z a: fast maliciously-secure 2-party computation on the ring 2 k Dario Catalano 1 , Mario Di Raimondo 1 , Dario Fiore 2 and Irene Giacomelli 3 1

504 views • 25 slides
Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School in Computer Science 2016 Overview Lecture 1: Introduction to Secure Two-Party Computation Lecture 2: Private Set Intersection Lecture 3: Tools

935 views • 67 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides

More recommend