secure multi party computation
play

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute - PowerPoint PPT Presentation

Mar 26, 2024 •683 likes •1.28k views

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

  1. Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH – Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

  2. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Ingredients ◮ n parties ◮ n inputs (one per party) ◮ A function f ( x 1 , . . . , x n ) to compute Gunnar Kreitz Secure Multi-Party Computation

  3. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Goal (intuitive) ◮ Parties learn f ( x 1 , . . . , x n ) ◮ Noone learns anything more Gunnar Kreitz Secure Multi-Party Computation

  4. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Example time! Let’s pick a function Gunnar Kreitz Secure Multi-Party Computation

  5. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications The classic examples (Millionaire’s Problem) Gunnar Kreitz Secure Multi-Party Computation

  6. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications The classic examples (Mental Poker) Gunnar Kreitz Secure Multi-Party Computation

  7. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications The classic examples (Dining Cryptographers) Gunnar Kreitz Secure Multi-Party Computation

  8. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Example time! Σ x i Gunnar Kreitz Secure Multi-Party Computation

  9. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Private Summation (cont’d) ◮ The protocol does one round of input randomization ( blinding ) ◮ Then, any (non-private) summation protocol is run on the blinded inputs ◮ The blinding preserves the sum of the inputs ◮ Information-theoretically secure Photo by Mirko Tobias Schaefer http://www.flickr.com/photos/gastev/2960556197/ , CC BY 2.0 Gunnar Kreitz Secure Multi-Party Computation

  10. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  11. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 r 12 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  12. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 r 13 � 3 Gunnar Kreitz Secure Multi-Party Computation

  13. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 r 21 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  14. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 r 23 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  15. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 � x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 r 31 3 Gunnar Kreitz Secure Multi-Party Computation

  16. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 r 32 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  17. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Private Summation Protocol ◮ Each party P i with input x i proceeds as follows: 1. Send random r i , j to each neighbor P j 2. Wait for r j , i from each neighbor P j 3. Compute � � x ′ i = x i + r j , i − r i , j P j neighbor P j neighbor ◮ We could now publish x ′ i and still remain private! Gunnar Kreitz Secure Multi-Party Computation

  18. Background Secure Computation Security Model Generic Protocol Applications How to proceed? ◮ Do we develop protocols for each and every f ? ◮ (Are they all this simple?) ◮ How do we define security? Gunnar Kreitz Secure Multi-Party Computation

  19. Background Secure Computation Security Model Generic Protocol Applications Security definitions ◮ Noone should learn anything but result ◮ Noone should be able to affect computation in an untoward way Gunnar Kreitz Secure Multi-Party Computation

  20. Background Secure Computation Security Model Generic Protocol Applications A Trusted Third Party ◮ Is there someone we all trust? ◮ Can send measurements to the Trusted Third Party ◮ She performs computation and tells everyone result ◮ Given a Trusted Third Party, problem is easy Photo by Matt J. Rider http://www.flickr.com/photos/mjrindewitt/4759429254/ , CC BY NC SA 2.0 Gunnar Kreitz Secure Multi-Party Computation

  21. Background Secure Computation Security Model Generic Protocol Applications Sometimes There is no Trusted Third Party Photo by Tayrawr Fortune http://www.flickr.com/photos/missfortune/4088429354/ , CC BY NC ND 2.0 Gunnar Kreitz Secure Multi-Party Computation

  22. Background Secure Computation Security Model Generic Protocol Applications Secure? What do we mean by security? ◮ In an ideal world, we have a trusted third party ◮ We want our protocols to be as secure as the ideal world ◮ Cheating parties must not: ◮ learn more than they do in the ideal world ◮ be able to do more than they can in the ideal world Photo by Thomas Hawk http://www.flickr.com/photos/thomashawk/115213351/ , CC BY NC 2.0 Gunnar Kreitz Secure Multi-Party Computation

  23. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? ◮ Adversary learns x 10 ? ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

  24. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? No. ◮ Adversary learns x 10 ? ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

  25. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? No. ◮ Adversary learns x 10 ? ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

  26. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? No. ◮ Adversary learns x 10 ? Yes. ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

Recommend

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.36k views • 124 slides
Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

677 views • 47 slides
Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data without sharing?

446 views • 20 slides
Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without Honest Majority: GMW Protocol MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure

465 views • 12 slides
Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive Corruption + Honest-Majority Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the

497 views • 20 slides
Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

660 views • 34 slides
Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao Wang Mariana Raykova Adri Gascn Jack Doerner Jonathan Katz David Evans oblivc.org/sqoram Secure multi-party computation applications Set

504 views • 25 slides
Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point numbers Dan Bogdanov Sharemind project lead dan@cyber.ee https://sharemind.cyber.ee/ sharemind a machine for fast privacy-preserving computations

643 views • 42 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of

Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of

Secure Multi-party Computation What it is, and why youd care Manoj Prabhakaran University of Illinois, Urbana-Champaign SMC SMC SMC conceived more than 30 years back SMC SMC conceived more than 30 years back A very general concept that

395 views • 28 slides
Advanced Tools from Modern Cryptography Lecture 5 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 5 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 5 Secure Multi-Party Computation: Passive Corruption MPC: Honest-Majority + Passive-Corruption Can achieve information-theoretic security for any function Function should be given as an

573 views • 15 slides
2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

1 International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020 Mon Z a: fast maliciously-secure 2-party computation on the ring 2 k Dario Catalano 1 , Mario Di Raimondo 1 , Dario Fiore 2 and Irene Giacomelli 3 1

504 views • 25 slides
TinyKeys: A New Approach to Efficient Multi-Party Computation Carmit Hazay , Emmanuela Orsini,

TinyKeys: A New Approach to Efficient Multi-Party Computation Carmit Hazay , Emmanuela Orsini,

TinyKeys: A New Approach to Efficient Multi-Party Computation Carmit Hazay , Emmanuela Orsini, Peter Scholl and Eduardo Soria-Vazquez Based on slides prepared by Peter Scholl and Eduardo Soria-Vazquez Secure Multi-Party Computation (MPC)

756 views • 36 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville

Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville

Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville Sokk dan@cyber.ee http://sharemind.cyber.ee/ The Sharemind model Input Computing Result parties parties parties x 11 CP 1 y 1 IP 1 ... RP 1 x

411 views • 14 slides
Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School in Computer Science 2016 Overview Lecture 1: Introduction to Secure Two-Party Computation Lecture 2: Private Set Intersection Lecture 3: Tools

935 views • 67 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides

More recommend