the cut and choose game and its application to
play

The Cut-and-Choose Game and its Application to Cryptographic - PowerPoint PPT Presentation

Jan 28, 2023 •101 likes •424 views

The Cut-and-Choose Game and its Application to Cryptographic Protocols Ruiyu Zhu, Yan Huang, Jonathan Katz, abhi shelat Northeastern Indiana University U. Maryland University What is Cut-and-Choose What is Cut-and-Choose Applications of

  1. The Cut-and-Choose Game and its Application to Cryptographic Protocols Ruiyu Zhu, Yan Huang, Jonathan Katz, abhi shelat Northeastern Indiana University U. Maryland University

  2. What is Cut-and-Choose

  3. What is Cut-and-Choose

  4. Applications of Cut-and-Choose • Secure Computation – LP, Eurocrypt 07 SS, EuroCrypt 11 Brandão, AsiaCrypt 13 AMPR, Crypto14 Lindell, Crypto 13 HKE, Crypto13 • Zero-knowledge-proof – Blum, ICM 86 • Fair exchange of digital currency – BBSU, FC 12 • Secure delegation of computation – CKV, Crypto 10

  5. Applications of Cut-and-Choose • Secure Computation – LP, Eurocrypt 07 SS, EuroCrypt 11 Brandão, AsiaCrypt 13 AMPR, Crypto14 Lindell, Crypto 13 HKE, Crypto13 • Zero-knowledge-proof – Blum, ICM 86 • Fair exchange of digital currency – BBSU, FC 12 • Secure delegation of computation – CKV, Crypto 10

  6. Cut-and-Choose in Secure Computation Garbled Garbled Garbled Garbled Garbled Circuits Circuits Circuits Circuits Circuits Eval Chk

  7. Three Flavors of Cut-and-choose • SingleCut – Secure if at least one evaluation-circuit is correct. Lindell, Crypto 13 HKE, Crypto 13 Brandão, AsiaCrypt 13 AMPR, Crypto 14 • MajorityCut PR, – Secure if the majority of evaluation-circuits are correct. SS’ EuriCrypto 11 LP, EuroCrypt07 Woodruff, EuroCrypt 07 LP, SCN 08 LP, JoP12 • BatchedCut – Amortizing cost over multiple executions. NO, TCC09 FJN+, EuroCrypt13 LR, Crypto 14

  8. Three Flavors of Cut-and-choose • SingleCut – Secure if at least one evaluation-circuit is correct. Lindell, Crypto 13 HKE, Crypto 13 Brandão, AsiaCrypt 13 AMPR, Crypto 14 • MajorityCut – Secure if the majority of evaluation-circuits are correct. SS’ EuriCrypto 11 LP, EuroCrypt07 Woodruff, EuroCrypt 07 LP, SCN 08 LP, JoP12 • BatchedCut – Amortizing cost over multiple executions. NO, TCC09 FJN+, EuroCrypt13 LR, Crypto 14

  9. Existing SingleCut Strategy Lindell, Crypto 13 Garbled Garbled Garbled Garbled Garbled Circuits Circuits Circuits Circuits Circuits Chk Eval Chk Eval Eval Expected cost: checking cost × 𝑡 2 + evaluation cost× 𝑡 2 𝑡 :the security parameter

  10. The Cost Gap Checking Evaluation Garbled Seed Hash Garbled Circuit Circuit Bandwidth Cost Ratio 10 7 ~10 8 Time Cost Ratio 2 ~ 30 16 bytes 32 bytes

  11. Our Key Intuition Evaluate less and check more . Use mixed-strategies : determine the number of evaluation-circuits probabilistically from a custom distribution. Use linear programming to find optimal parameters.

  12. Problem Formulation Want to minimize 𝔽[cost(𝑠, 𝑇 =?@A )] “For all cheating strategies” Subject to: Pr failure 𝑇 =?@A , 𝑇 <=> ≤ 𝜁, ∀𝑇 <=> Upper-bound on the security failure rate 𝜁 Cost ratio 𝑠 𝑇 <=> Generator’s strategy 𝑇 =?@A Evaluator’s strategy

  13. Problem Formulation Want to minimize 𝔽[cost(𝑠, 𝑇 =?@A )] “For all cheating strategies” Subject to: Pr failure 𝑇 =?@A , 𝑇 <=> ≤ 𝜁, ∀𝑇 <=> Upper-bound on the security failure rate 𝜁 Cost ratio 𝑠 𝑻 𝒉𝒇𝒐 Generator’s strategy 𝑻 𝒇𝒘𝒃𝒎 Evaluator’s strategy

  14. 𝑇 <=> and 𝑇 =?@A in SingleCut 𝑜 The total number of circuits A random variable over {0,1} > 𝑇 <=> A random variable over {0,1} > 𝑇 =?@A

  15. 𝑇 <=> and 𝑇 =?@A in SingleCut My only choices I could map are which circuits between binary to form improperly. string and strategy 0 1 0 1 1 1 1 0 1 0 Garbled Garbled Garbled Garbled Garbled Circuits Circuits Circuits Circuits Circuits Failure: 𝑇 <=> = 𝑇 =?@A So could I 0 1 0 1 1 Chk Eval Chk Eval Eval 0 1 0 1 1

  16. Expected Cost of SingleCut # of circuits to evaluate > > > > > 𝔽[cost 𝑠, 𝑇 =?@A ] = U(𝑗𝑠 + 𝑜 − 𝑗 X 1)𝑦 Z 𝔽[cost 𝑠, 𝑇 =?@A ] = U(𝑗𝑠 + 𝑜 − 𝑗 X 1)𝑦 Z 𝔽[cost 𝑠, 𝑇 =?@A ] = U(𝑗𝑠 + 𝑜 − 𝑗 X 1)𝑦 Z 𝔽[cost 𝑠, 𝑇 =?@A ] = U(𝑗𝑠 + 𝑜 − 𝑗 X 1)𝑦 Z 𝔽[cost 𝑠, 𝑇 =?@A ] = U(𝑗𝑠 + 𝑜 − 𝑗 X 1)𝑦 Z Z[\ Z[\ Z[\ Z[\ Z[\ Total # of circuits Total number of circuits 𝑜 𝑦 Z Probability of evaluating 𝑗 circuits

  17. Constraints on 𝑦 Z (because it’s a probability distribution) 𝑦 Z ≥ 0 > U 𝑦 Z = 1 Z[\ Total number of circuits 𝑜 𝑦 Z Probability of evaluating 𝑗 circuits

  18. Pr failure 𝑇 =?@A , 𝑇 <=> ≤ 𝜁 Security ∀ 𝑇 <=> , Pr 𝑇 =?@A = 𝑇 <=> ≤ 𝜁 Holds Probability that evaluator picks any ∀𝑏 ∈ 0,1 > , Pr(𝑇 =?@A = 𝑏) ≤ 𝜁 SPECIFIC strategy a is bounded by 𝜁 .

  19. ∀𝑏 ∈ 0,1 > , Pr (𝑇 =?@A = 𝑏) ≤ 𝜁 𝑦 Z ≤ 𝑜 𝑦 Z ≤ 𝑜 𝑦 Z ≤ 𝑜 𝑦 Z ≤ 𝑜 𝑦 Z ≤ 𝑜 ⋅ 𝜁 ⋅ 𝜁 ⋅ 𝜁 ⋅ 𝜁 ⋅ 𝜁 𝑗 𝑗 𝑗 𝑗 𝑗 Each pure strategy can be picked with probability at most 𝜁 . There are > Z pure strategies that evaluate 𝑗 circuits.

  20. Recap Minimize: > U(𝑗𝑠 + 𝑜 − 𝑗)𝑦 Z Z[\ Subject to: 𝑦 Z ≥ 0 > U 𝑦 Z = 1 Z[\ 𝑦 Z ≤ 𝜁 𝑜 𝑗

  21. Fractional Knapsack Problem Unit Cost: 𝑜 𝑠 + 𝑜 − 1 2𝑠 + 𝑜 − 2 𝑜𝑠 𝑜 𝑜 𝑜 𝑜 Units 0 1 2 𝑜 A greedy algorithm Capacity: solves it in linear 1/𝜁 units time.

  22. Find the Best 𝑜 • Exhaustively search every 𝑜 Achievable with the SingleCut strategy of Required by the [Lindell, Crypto13]. Range of 𝑜 security parameter 𝜁 1 𝑠 + 1 1 log d log d 𝜁 2 𝜁 to find the one with minimal cost. • Limitation: 𝑜 is publicly fixed. Followup at: https://github.com/Opt-Cut-N-Choose

  23. Sample SingleCut Strategy for AES 𝒐 = 𝟓𝟏 𝒐 = 𝟑𝟑𝟕𝟖 𝒋 𝒚 𝒋 as % 𝒋 𝒚 𝒋 as % Classical Strategy Our technique 9.09 X 10 lmm 9.09 X 10 lmm 0 0 2.06 X 10 lo ⋯ ⋯ 1 11.9 X 10 \ 2.34 X 10 l7 19 2 12.5 X 10 \ 1.77 X 10 lm 20 3 99.8 X 10 \ ⋯ ⋯ 4 9.09 X 10 lmm 40 Save 77.5% b/w Bandwidth cost ratio: 𝑠 = 4533 For AES

  24. Improvements on SingleCut 80% 60% Savings 40% 20% 0% 10 0 10 1 10 4 10 2 10 3 Cost Ratio r cost this work Savings=1− cost best prior work

  25. Improvements on SingleCut 80% 60% Savings AES 40% fp-multiply 20% 0% 10 0 10 1 10 4 10 2 10 3 Cost Ratio r

  26. Formulation for MajorityCut Minimize: > U(𝑗𝑠 + 𝑜 − 𝑗)𝑦 Z Z[\ Subject to: 𝑦 Z ≥ 0 > U 𝑦 Z = 1 Z[\ }~• (>,d€) 𝑦 Z X 𝑜 − 𝑐 / 𝑜 U ≤ 𝜁 𝑗 − 𝑐 𝑗 Z[€ See the paper for details.

  27. Sample MajorityCut Strategy 𝒐 = 𝟐𝟖𝟔 𝒋 𝒚 𝒋 as % 𝒋 𝒚 𝒋 as % Classical Strategy 𝒐 = 𝟐𝟑𝟓 Our technique 1 X 10 l7 7 17 1.23 9 X 10 l7 9 19 5.36 𝒋 𝒚 𝒋 as % 7 X 10 lƒ 11 21 20.9 4.54 X 10 ld 23 13 72.2 43 100 15 0.25 Save 26.6% time Time cost ratio: 𝑠 = 10

  28. Improvements on MajorityCut 100% 80% 60% Savings 40% 20% 0% 10 0 10 2 10 4 10 6 10 8 Cost ratio r cost this work Savings=1− cost best prior work

  29. Improvements on MajorityCut 100% 80% 60% Savings AES 40% fp-multiply 20% 0% 10 0 10 2 10 4 10 6 10 8 Cost ratio r

  30. Improvements on BatchedCut 50% N=100 40% N is the size N=200 of the circuit. N=10000 30% Savings 20% 10% 0% 10 0 10 1 10 2 10 3 10 4 10 5 Cost ratio r cost this work Savings=1− cost best prior work

  31. Conclusion Cut-and-choose protocols should be appropriately configured based on the security requirement and the cost ratio benchmarked at run-time. The game solvers are available at https://github.com/cut-n-choose. Ruiyu Zhu: zhu52@indiana.edu

Recommend

The Real Game of Life Why? How do you choose? Decision Making Game! 1) Tradeoffs 2) Unintended

The Real Game of Life Why? How do you choose? Decision Making Game! 1) Tradeoffs 2) Unintended

The Real Game of Life Why? How do you choose? Decision Making Game! 1) Tradeoffs 2) Unintended Consequences 3) Payback period 4) Risk or Uncertainty 5) Time period Rules There will be 4 rounds, and some surprises. At the beginning

456 views • 31 slides
HTML5 Game Development In-depth RICHARD DAVEY, PHOTON STORM LTD. Introduction Choose the

HTML5 Game Development In-depth RICHARD DAVEY, PHOTON STORM LTD. Introduction Choose the

HTML5 Game Development In-depth RICHARD DAVEY, PHOTON STORM LTD. Introduction Choose the platform When to use DOM / CSS Preparing Graphics What well cover Preparing Audio Game Frameworks Physics Libraries Distribution Who am I? Who do

1.08k views • 49 slides
Scalability + Performance a choose your own adventure game hosted by James Cox 1 Tuesday, 1

Scalability + Performance a choose your own adventure game hosted by James Cox 1 Tuesday, 1

Scalability + Performance a choose your own adventure game hosted by James Cox 1 Tuesday, 1 April 2008 1 Begin Your Adventure... Art &amp; The End Planning Hosting &amp; Deployment Ruby &amp; Rails Caching Testing MySQL 2 Tuesday,

229 views • 20 slides
Connect your device to application GAME ENGINE ON ANDROID Julian Chu Agenda We Love Game Why

Connect your device to application GAME ENGINE ON ANDROID Julian Chu Agenda We Love Game Why

Connect your device to application GAME ENGINE ON ANDROID Julian Chu Agenda We Love Game Why need Game Engine What is Game Engine How many Game Engine Get one for You Implementation We Love Game Do You Love Playing Game? I DO

777 views • 50 slides
Interactive Media and Game Development Frontiers 2008 Mark Claypool What Do You Think Goes

Interactive Media and Game Development Frontiers 2008 Mark Claypool What Do You Think Goes

Interactive Media and Game Development Frontiers 2008 Mark Claypool What Do You Think Goes Into Developing Games? Choose a game youre familiar with Assume you are inspired (or forced or paid) to re-engineer the game Take 1-2

572 views • 38 slides
e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and

e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and

e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and Learning Outcomes Feedback to date and evaluation plans Game Style Game style encompasses two genres of game o Platform game fast action

575 views • 22 slides
A game of matching pennies column L R row T 2,0 0,1 B 0,1 1,0 People last names

A game of matching pennies column L R row T 2,0 0,1 B 0,1 1,0 People last names

A game of matching pennies column L R row T 2,0 0,1 B 0,1 1,0 People last names A-M play ROW (choose T, B) People last names N-Z play COLUMN (choose L, R) A game of matching pennies: Mixed-strategy equilibrium

601 views • 33 slides
e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and

e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and

e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and Learning Outcomes Feedback to date and evaluation plans Game Style Game is a detective game where the player investigates microbial problems.

572 views • 19 slides
Lecture 8 Backward Induction 14.12 Game Theory Muhamet Yildiz 1 Road Map 1. Backward Induction

Lecture 8 Backward Induction 14.12 Game Theory Muhamet Yildiz 1 Road Map 1. Backward Induction

Lecture 8 Backward Induction 14.12 Game Theory Muhamet Yildiz 1 Road Map 1. Backward Induction 2. Examples 3. Application: Stackelberg Duopoly 4. [Next Application: Negotiation] 2 Definitions Perfect-Information game is a game in which all

331 views • 11 slides
More examples of BNE: Application to the game of chicken Felix Munoz-Garcia EconS 503 -

More examples of BNE: Application to the game of chicken Felix Munoz-Garcia EconS 503 -

More examples of BNE: Application to the game of chicken Felix Munoz-Garcia EconS 503 - Washington State University Teenagers and the Game of Chicken Rebel Without a Cause (1955) starring James Dean Two teenagers simultaneously drive their cars

290 views • 12 slides
E - L E A R N I N G G A M E EVERY GAME WILL START WITH SIMPLE MENU YOU CAN

E - L E A R N I N G G A M E EVERY GAME WILL START WITH SIMPLE MENU YOU CAN

2 D P I X E L E - L E A R N I N G G A M E EVERY GAME WILL START WITH SIMPLE MENU YOU CAN EITHER CHOOSE : PLAY : SETTINGS : QUIT HERE WE CAN ADJUST OUR RESOLUTION OR MAKE IT FULL SCREEN THE BOTTOM

118 views • 10 slides
College Application Seminar Ancaster High School September 25, 2019 WHY CHOOSE COLLEGE?

College Application Seminar Ancaster High School September 25, 2019 WHY CHOOSE COLLEGE?

College Application Seminar Ancaster High School September 25, 2019 WHY CHOOSE COLLEGE? Less theory and more practical experience 307 degree programs offered A career focused education Preparation for highly competitive

564 views • 29 slides
Meteor Fullstack JavaScript Development Retro42: Our prototype application Why did we choose

Meteor Fullstack JavaScript Development Retro42: Our prototype application Why did we choose

Meteor Fullstack JavaScript Development Retro42: Our prototype application Why did we choose Meteor? What is Meteor? Show me some code! Comparing Meteor vs. MEAN More about Meteor Raimond Reichert, Samuel Zrcher, Ergon Informatik AG

1.2k views • 92 slides
Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to stateful AE Phillip Rogaway Yusi (James) Zhang University of California, Davis, USA C RYPTO 2018 1. Introduction 2. IND|C 3. Examples 1

523 views • 20 slides
Introduction to Game Theory Lecture Note 8: Dynamic Bayesian Games HUANG Haifeng University of

Introduction to Game Theory Lecture Note 8: Dynamic Bayesian Games HUANG Haifeng University of

Preliminary Concepts Sequential Equilibrium Signaling Game Application: The Spence Model Application: Cheap Talk . . Introduction to Game Theory Lecture Note 8: Dynamic Bayesian Games HUANG Haifeng University of California, Merced

746 views • 46 slides
Application of Game Theory to Wireless Power Control Games Networking Equilibrium Analysis

Application of Game Theory to Wireless Power Control Games Networking Equilibrium Analysis

Application of Game Theory to Wireless Networking Tansu Alpcan Introduction Application of Game Theory to Wireless Power Control Games Networking Equilibrium Analysis Stability and Convergence Iterative Schemes Tansu Alpcan

626 views • 44 slides
Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application Had a rough childhood Very misunderstood Performance difference across browsers Benchmark Pros/Cons JavaScript: WebGL &amp; Canvas

939 views • 18 slides
APPLICATION TRAINING DISTRICT GRANT CLUB WORKSHEET You may choose to compile your information

APPLICATION TRAINING DISTRICT GRANT CLUB WORKSHEET You may choose to compile your information

DISTRICT GRANT ONLINE APPLICATION TRAINING DISTRICT GRANT CLUB WORKSHEET You may choose to compile your information using this club worksheet. This is not an application and is not to be submitted to the District. It is simply a tool to

642 views • 28 slides
Algorithmic Game Theory Solution concepts in games Georgios Amanatidis

Algorithmic Game Theory Solution concepts in games Georgios Amanatidis

Algorithmic Game Theory Solution concepts in games Georgios Amanatidis amanatidis@diag.uniroma1.it Based on slides by V. Markakis and A. Voudouris Solution concepts 2 Choosing a strategy... Given a game, how should a player choose his

550 views • 52 slides
VALA VCAL Induction Day Numeracy 19 2 16 Welcome to VCAL Numeracy Introductions Game of 11

VALA VCAL Induction Day Numeracy 19 2 16 Welcome to VCAL Numeracy Introductions Game of 11

VALA VCAL Induction Day Numeracy 19 2 16 Welcome to VCAL Numeracy Introductions Game of 11 You may choose to count by 1, 2 or 3 increments but if you say 11 you are out!! Variations can be as a game of 21 or reverse countdown.

410 views • 39 slides
Scalable and Lightweight CTF Infrastructures Using Application Containers Arvind S Raj, Bithin

Scalable and Lightweight CTF Infrastructures Using Application Containers Arvind S Raj, Bithin

Existing game infrastructures Docker Container-based game infrastructure Evaluation Future work Conclusion Scalable and Lightweight CTF Infrastructures Using Application Containers Arvind S Raj, Bithin Alangot, Seshagiri Prabhu and

400 views • 38 slides
Survey of Artificial Intelligence for Card Games and Its Application to the Swiss Game Jass J.

Survey of Artificial Intelligence for Card Games and Its Application to the Swiss Game Jass J.

Survey of Artificial Intelligence for Card Games and Its Application to the Swiss Game Jass J. Niklaus *1 , M. Alberti *1 , V. Pondenkandath 1 , R. Ingold 1 , M. Liwicki 12 *Equal contribution 1 DIVA Group, University of Fribourg, Switzerland 2

433 views • 19 slides
1 What a Game is Not Outline A bunch of cool features What is a Game? Necessary, but

1 What a Game is Not Outline A bunch of cool features What is a Game? Necessary, but

Outline What is a Game? The Game Development Genres Process: Genres What is a Game? (1 of 4) What is a Game? (2 of 4) Movie? Movie? No interaction , outcome fixed Toy? Toy? Puzzle? No goal , but still fun!

512 views • 4 slides
Presentation language game Instructions Have the Ss in their groups (of 3) and photocopy one set

Presentation language game Instructions Have the Ss in their groups (of 3) and photocopy one set

Presentation language game Instructions Have the Ss in their groups (of 3) and photocopy one set for each group. Cut them up along the lines. Since your class is B2+, you can choose whether you should give them the headings or not. In the first

351 views • 3 slides

More recommend