two round information theoretic mpc with malicious
play

Two Round Information-Theoretic MPC with Malicious Security - PowerPoint PPT Presentation

Aug 12, 2023 •523 likes •1.11k views

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain EUROCRYPT 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

  1. Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain EUROCRYPT 2019

  2. Adversarial Model

  3. Adversarial Model Malicious Adversary

  4. Adversarial Model Malicious Adversary Corrupts < "/2 parties (Honest Majority)

  5. Honest Majority MPC

  6. Honest Majority MPC Information-Theoretic security is possible. [Ben-Or, Goldwasser, Widgerson’88] Typically UC secure Simulation proofs are typically straight-line Round complexity lower bounds of dishonest majority do not apply. 4 rounds necessary for dishonest majority in the plain model [Garg- Mukherjee-Pandey-Polychroniadou16]

  7. Honest Majority MPC Information-Theoretic security is possible. [Ben-Or, Goldwasser, Widgerson’88] Typically UC secure Simulation proofs are typically straight-line Round complexity lower bounds of dishonest majority do not apply. 4 rounds necessary for dishonest majority in the plain model [Garg- Mukherjee-Pandey-Polychroniadou16]

  8. Honest Majority MPC Information-Theoretic security is possible. [Ben-Or, Goldwasser, Widgerson’88] Typically UC secure Simulation proofs are typically straight-line Round complexity lower bounds of dishonest majority do not apply. 4 rounds necessary for dishonest majority in the plain model [Garg- Mukherjee-Pandey-Polychroniadou16]

  9. Honest Majority MPC: Applications Useful for constructing efficient ZK-protocols.

  10. Honest Majority MPC: Applications (Courtesy: Sergey Gorbunov’s talk)

  11. History of IT-MPC Round Class of Corruption Adversary Complexity Functions Threshold [BGW’88] > # of P/Poly t<n/2 Malicious multiplications [BB’89, IK’00, constant NC 1 t<n/2 Malicious AIK’06] [IKP’10] 2 NC 1 t<n/3 Malicious Security with selective abort [GIS’18, ABT’18] 2 NC 1 t<n/2 Semi-honest [ABT’19] 2 NC 1 t<n/2 Malicious Security with selective abort

  12. Our Results Round Complexity Class of Functions Corruption Threshold Adversary 2 NC 1 t<n/2 Malicious Security with Abort over Broadcast + P2P Security with Selective Abort over P2P

  13. This Talk Round Complexity Class of Functions Corruption Threshold Adversary 2 NC 1 t<n/2 Malicious Security with Abort over Broadcast + P2P Security with Selective Abort over P2P

  14. Our Strategy 2 Round IT-MPC Constant Round IT-MPC (Privacy with Knowledge of (Security with Abort) Outputs) Broadcast + P2P Broadcast + P2P 2 Round IT-MPC (Security with Abort) Broadcast + P2P

  15. Security with Abort Party 2 ! Trusted Party Party 1 Party 3

  16. Security with Abort ! 2 ! 1 Party 2 % ! 3 Trusted Party Party 1 Party 3

  17. Security with Abort ! 2 ! 1 Party 2 % = '(! 1, ! 2, ! 3 ) ' ! 3 Trusted Party Party 1 Party 3

  18. Security with Abort ! 2 ! 1 Party 2 % = '(! 1, ! 2, ! 3 ) ' ! 3 %’ = % ,- ⊥ Trusted Party Party 1 Party 3

  19. Security with Abort ! 2 ! 1 %’ Party 2 % = '(! 1, ! 2, ! 3 ) ' ! 3 %’ = % ,- ⊥ Trusted Party Party 1 %’ Party 3

  20. Security with Abort Privacy ! 2 and ! 3 remain hidden $

  21. Security with Abort Privacy ! 2 and ! 3 remain hidden $ Output Correctness Honest Parties either output $ ! % , ! ' , ! ( or ⊥

  22. Privacy with Knowledge of Outputs Privacy ! 2 and ! 3 remain hidden $ Output Correctness Honest Parties either output $ ! % , ! ' , ! ( or ⊥

  23. First Step 2 Round IT-MPC Constant Round IT-MPC (Privacy with Knowledge of (Security with Abort) Outputs) Broadcast + P2P Broadcast + P2P Multi-Key MAC 2 Round IT-MPC (Security with Abort) Broadcast + P2P

  24. Our Tool: Multi-Key MAC ! " ! # ! $ %

  25. Our Tool: Multi-Key MAC ) * ) + ) , ' ! = #$%& ', ) * , ) + , ) ,

  26. Our Tool: Multi-Key MAC ! ! ! ' ! = #$%& ', ) * , ) + , ) ,

  27. Our Tool: Multi-Key MAC !. #$%&'( (*, ,, - . ) , , !. #$%&'( (*, ,, - 0 ) , * !. #$%&'( (*, ,, - 1 ) , = 3&45 *, - . , - 0 , - 1

  28. Our Tool: Multi-Key MAC (Correctness) !. #$%&'( (*, ,, - . ) YES , , !. #$%&'( (*, ,, - 0 ) YES , * !. #$%&'( (*, ,, - 1 ) , = 3&45 *, - . , - 0 , - 1 YES

  29. Our Tool: Multi-Key MAC (Security) " , & ! , " # , " % & = ()*+ !, " , , " # , " %

  30. Our Tool: Multi-Key MAC (Security) " , ! - , & ’ & " # ! , " # , " % .. 012)34 (!′, &′, " # ) & = ()*+ !, " , , " # , " % NO

  31. Our Tool: Multi-Key MAC (Security) An adversary cannot output any valid " , message-signature pair other than the ! - , & ’ & one it received " # ! , " # , " % .. 012)34 (!′, &′, " # ) & = ()*+ !, " , , " # , " % NO

  32. Using Multi-Key MAC " 1 & = ! (" ) , " + , " , ) ! " 2 " 3

  33. Using Multi-Key MAC # 1 , & ' ( = ! (# ' , # + , # , ) !′ # + , & + . = /012 ((, & 1 , & 2 , & 3 ) # , , & ,

  34. Using Multi-Key MAC ! " , $ " '. )*+,-%(%, &, $ " ) %, & - ’ Trusted Party Party 2

  35. Security with abort: Using Multi-Key MAC ( , , * , ( - , * - !, # !, # %′ Honest Party 3 Trusted Party Honest Party 2 IF !, # = %′((( ) * ) ), (( , , * , ), (( - , * - ))

  36. Security with abort: Using Multi-Key MAC 0 - , , - 0 / , , / (, + (, + '′ Honest Party 3 Trusted Party Honest Party 2 IF (, + = '′((0 3 , 3 ), (0 - , , - ), (0 / , , / )) !. #$%&'(((, +, , - ) !. #$%&'(((, +, , / ) YES YES

  37. Security with abort: Using Multi-Key MAC ! " , $ " ! ' , $ ' %, & %, & )′ Honest Party 3 Trusted Party Honest Party 2 IF %, & ≠ )′((! , $ , ), (! " , $ " ), (! ' , $ ' ))

  38. Security with abort: Using Multi-Key MAC % ( , + ( % ) , + ) !, , !, , #′ Honest Party 3 Trusted Party Honest Party 2 Honest Party 2 IF !, , ≠ #′((% & + & ), (% ( , + ( ), (% ) , + ) )) -. /012#!(!, ,, + ( ) IF ! ≠ #(% & , % ( , % ) ) -. /012#!(!, ,, + ) ) NO NO

  39. Recall: Our Strategy 2 Round IT-MPC Constant Round IT-MPC (Privacy with Knowledge of (Security with Abort) Outputs) Broadcast + P2P Broadcast + P2P Multi-Key MAC 2 Round IT-MPC (Security with Abort) Broadcast + P2P

  40. Second Step 2 Round IT-MPC Constant Round IT-MPC (Privacy with Knowledge of (Security with Abort) Outputs) Broadcast + P2P Broadcast + P2P Multi-Key MAC 2 Round IT-MPC (Security with Abort) Broadcast + P2P

  41. Technique: Round Compression [GGHR’13] Indistinguishability Obfuscation [GLS’15] Witness Encryption + Garbled circuits [GS’17] Bilinear Maps + Garbled circuits [GS’18, BL’18] OT + Garbled Circuits Interactive secure 2 round secure MPC MPC [ACGJ’18] Garbled circuits

  42. Initial Idea [GGHR’13] Replace garbled circuits with Indistinguishability Obfuscation Information-theoretic garbled circuits (IT-GC) [GLS’15] Witness Encryption + Garbled circuits [GS’17] Bilinear Maps + Garbled circuits [GS’18, BL’18] OT + Garbled Circuits Interactive secure 2 round secure MPC MPC [ACGJ’18] Garbled circuits

  43. Round Compression Template !"# $ !"# Commit Inputs % '( !"# $ , '( !"# % , . . !"# & ... Interactive secure 2 round secure MPC MPC

  44. Round Compression Template After Round 2 . . . . . . !"# $ '( !"# !"# '( !"# Commit Inputs . . . % % % '( !"# $ , '( !"# % , . . !"# & ... Interactive secure '( !"# '( !"# $ $ 2 round secure MPC . . . MPC Party 1 Party 2

  45. Round Compression Template: After Round 2 !" #$% & !" #$% !" #$% ' ' Party 1 Party 2

  46. Round Compression Template: After Round 2 !" #$% & Wire Labels for 1 st Message of Party 2 Helper Protocol for OT functionality 1 st Message of Party 2 Wire Labels !" #$% !" #$% ' ' Party 1 Party 2

  47. Initial Idea: Doesn’t Work [GGHR’13] Replace garbled circuits with Indistinguishability Obfuscation Information-theoretic garbled circuits (IT-GC) [GLS’15] Witness Encryption + Garbled circuits Problem [GS’17] Size of the input wire labels in IT-GC Bilinear Maps + Garbled circuits grows exponentially in the depth of the circuit being garbled. [GS’18, BL’18] OT + Garbled Circuits Interactive secure 2 round secure MPC MPC [ACGJ’18] Garbled circuits

  48. Initial Idea: Doesn’t Work [GGHR’13] Replace garbled circuits with Indistinguishability Obfuscation Information-theoretic garbled circuits (IT-GC) [GLS’15] Witness Encryption + Garbled circuits Problem [GS’17] Size of the input wire labels in IT-GC Bilinear Maps + Garbled circuits grows exponentially in the depth of the circuit being garbled. [GS’18, BL’18] OT + Garbled Circuits Interactive secure 2 round secure MPC MPC !"#$ %&' ≈ |*| [ACGJ’18] Garbled circuits

  49. Our Approach !" #$% & Wire Labels for 1 st Message of Party 2 Helper Protocol for OT functionality 1 st Message of Party 2 Wire Labels ( & !" #$% !" #$% ' ' Party 1 Party 2 Similar to the approach used in [BL’18]

Recommend

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain TPMPC 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

925 views • 69 slides
Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil

Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil

Background Classical Tools Beyond Cryptography NSF Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil Regalia Program Director Directorate for Computer &amp; Information Science &amp; Engineering

552 views • 36 slides
INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 2 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 2 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 2 - Elements of Information Theory Matthieu Bloch December 3, 2019 1 TOOLS: TOOLS: CONCENTRATION INEQUALITIES CONCENTRATION INEQUALITIES Lemma (Markov's inequality) Let

340 views • 14 slides
INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 4 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 4 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 4 - Elements of Information Theory Matthieu Bloch December 5, 2019 1 SOURCE CODING SOURCE CODING One-shot source coding with side information Coding consists of encoder

237 views • 6 slides
INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information Theory Matthieu Bloch December 2, 2019 1 CONTEXT AND OBJECTIVES CONTEXT AND OBJECTIVES Context Security is an increasingly problematic

480 views • 27 slides
XCPs Performance in the Presence of Malicious Flows Dina Katabi dk@mit.edu How does XCP

XCPs Performance in the Presence of Malicious Flows Dina Katabi dk@mit.edu How does XCP

XCPs Performance in the Presence of Malicious Flows Dina Katabi dk@mit.edu How does XCP Work? Round Trip Time Round Trip Time Throughput Throughput Feedback Feedback = Feedback + 0.5 packet/sec Congestion Header How does XCP Work?

548 views • 12 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 &quot; 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Information-Theoretic approaches to Information Flow Catuscia Palamidessi INRIA Saclay &amp;

Information-Theoretic approaches to Information Flow Catuscia Palamidessi INRIA Saclay &amp;

Information-Theoretic approaches to Information Flow Catuscia Palamidessi INRIA Saclay &amp; Ecole Polytechnique based on joint work with Mrio S. Alvim and Miguel E. Andrs Pnuelis memorial, 9 May 2010 1 The problem Control the

488 views • 19 slides
Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First

Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First

Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First Conference, Vienna Agenda Background Previous work Information leakage by malicious insider Our Research How to prevent 2 Insider

335 views • 30 slides
2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and

2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and

2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and Process What makes a good application/Tips for applying Questions Who We Are: Over Sixty Years of Community Philanthropy in the Geelong

614 views • 22 slides
2014 Grant Round Information Session Agenda Introduction 2014 Grant Round Changes/What

2014 Grant Round Information Session Agenda Introduction 2014 Grant Round Changes/What

2014 Grant Round Information Session Agenda Introduction 2014 Grant Round Changes/What Remains the same Tips for applying Questions Introduction: Who We Are Formed in 1954 as the Geelong and District Community Chest,

319 views • 20 slides
3. Information-Theoretic Foundations Founder: Claude Shannon, 1940s Gives bounds for:

3. Information-Theoretic Foundations Founder: Claude Shannon, 1940s Gives bounds for:

3. Information-Theoretic Foundations Founder: Claude Shannon, 1940s Gives bounds for: Ultimate data compression Ultimate transmission rate of communication Measure of symbol information: Degree of surprise / uncertainty

758 views • 13 slides
Information Theoretic Security S ennur Ulukus Department of ECE University of Maryland

Information Theoretic Security S ennur Ulukus Department of ECE University of Maryland

Information Theoretic Security S ennur Ulukus Department of ECE University of Maryland ulukus@umd.edu Joint work with Raef Bassily, Ersen Ekrem, Nan Liu, Shabnam Shafiee. 2012 European School of Information Theory April 2012

1.56k views • 129 slides
PE-Miner : Mining Structural Information to Detect Malicious Executables in Realtime M. Zubair

PE-Miner : Mining Structural Information to Detect Malicious Executables in Realtime M. Zubair

PE-Miner : Mining Structural Information to Detect Malicious Executables in Realtime M. Zubair Shafiq, S. Momina Tabish, Fauzan Mirza, Muddassar Farooq RAID,2009

881 views • 36 slides
Coded Modulation An Information-Theoretic Perspective Young-Han Kim http://young-han.kim

Coded Modulation An Information-Theoretic Perspective Young-Han Kim http://young-han.kim

Coded Modulation An Information-Theoretic Perspective Young-Han Kim http://young-han.kim Department of ECE UC San Diego Annual ACC Workshop Tel Aviv University January , Information theory of point-to-point communication

1.58k views • 121 slides
Information-theoretic Planck scale cutoff: Predictions for the CMB Achim Kempf With: A.

Information-theoretic Planck scale cutoff: Predictions for the CMB Achim Kempf With: A.

Information-theoretic Planck scale cutoff: Predictions for the CMB Achim Kempf With: A. Chatwin-Davies (CalTech), R. Martin (U. Cape Town) Departments of Applied Mathematics and Physics Institute for Quantum Computing, University of Waterloo

349 views • 33 slides
Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

ITS335 Malicious Software Malicious Software Propagation Payload Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October

673 views • 30 slides
On the Approximability of Information Theoretic Clustering Ferdiando Cicalese, U. Verona Eduardo

On the Approximability of Information Theoretic Clustering Ferdiando Cicalese, U. Verona Eduardo

1 H(X) 0,75 0,5 0,25 0 0,25 0,5 0,75 1 On the Approximability of Information Theoretic Clustering Ferdiando Cicalese, U. Verona Eduardo Laber, PUC-RIO Lucas Murtinho, PUC-RIO POSTER 165, Pacific Ballroom Impurity Measures Maps a

340 views • 15 slides
ORDER-THEORETIC INVARIANTS IN SET-THEORETIC TOPOLOGY By David Milovich A dissertation submitted

ORDER-THEORETIC INVARIANTS IN SET-THEORETIC TOPOLOGY By David Milovich A dissertation submitted

ORDER-THEORETIC INVARIANTS IN SET-THEORETIC TOPOLOGY By David Milovich A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Mathematics) at the UNIVERSITY OF WISCONSIN MADISON 2009

2.02k views • 174 slides
Can quantum theory be characterized in terms of information-theoretic constraints? Chris Heunen

Can quantum theory be characterized in terms of information-theoretic constraints? Chris Heunen

Can quantum theory be characterized in terms of information-theoretic constraints? Chris Heunen Aleks Kissinger arXiv.org:1604.05948 1 / 33 Information, physics, quantum: the search for links Complexity, Entropy, and the Physics of

759 views • 41 slides
Finding Periodicities in Astronomical Light Curves using Information Theoretic Learning Pablo

Finding Periodicities in Astronomical Light Curves using Information Theoretic Learning Pablo

Finding Periodicities in Astronomical Light Curves using Information Theoretic Learning Pablo Huijse H. Department of Electrical Engineering Universidad de Chile Joint work with: Pavlos Protopapas, Harvard University Jose Pr ncipe,

454 views • 17 slides
An Information-Theoretic Approach to Detecting Changes in Multi-Dimensional Data Streams Auth

An Information-Theoretic Approach to Detecting Changes in Multi-Dimensional Data Streams Auth

An Information-Theoretic Approach to Detecting Changes in Multi-Dimensional Data Streams Auth thors: Presentatio ion: Dasu, T., Krishnan, S., Vincent Chu Venkatasubramanian, S., 22 November 2017 &amp; Yi, K. (2006). Content Introduction

512 views • 48 slides

More recommend