two round secure multiparty computation minimizing public
play

Two-Round Secure Multiparty Computation Minimizing Public Key - PowerPoint PPT Presentation

Jun 30, 2023 •201 likes •628 views

Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg Peihan Miao Akshayaram Srinivasan What did we achieve? Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg

  1. Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg Peihan Miao Akshayaram Srinivasan

  2. What did we achieve?

  3. Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg Peihan Miao Akshayaram Srinivasan

  4. Secure Multiparty Computation (MPC)

  5. What does Two-Round mean? The MPC protocol has two rounds.

  6. Two-Round MPC

  7. Two-Round MPC

  8. Why is round complexity important?

  9. Why is round complexity important? ~200ms my mom me

  10. Why not one round? Because it’s impossible! [HLP’11]

  11. Two-Round MPC?

  12. Can we implement it? Yes, but it’s too slow… Why? Too many public key operations… Why is it bad? Because public key operation is VERY slow! • Symmetric key operations (AES) ~100M/sec • Public (asymmetric) key operations ~10K/sec

  13. Our Main Result

  14. How did we achieve it?

  15. Combine? How to reduce OTs (public key operations) ? 2-round OT extension? Yes! [Beaver’96]

  16. Combine? How to reduce OTs (public key operations) ? No! Why? 2-round OT extension? Yes! [Beaver’96]

  17. Combine? No! Why? 2-round OT extension?

  18. Combine? No! Why? How to solve it? 2-round OT extension?

  19. Combine? No! Why? How to solve it? 2-round OT extension?

  20. Combine? No! Why? How to solve it? 2-round OT extension?

  21. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  22. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  23. Yao’s garbled circuit [Yao’86] Garble 0 1 0 0 1 Garble

  24. Oblivious Transfer (OT) [Rab’81, EGL’85, BCR’86, Kil’88] Oblivious Transfer

  25. Two-Round OT [AIR’01, NP’01, HK’12]

  26. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  27. Two-Round MPC [BL’18, GS’18] Oblivious Transfer Oblivious Transfer … Oblivious Transfer

  28. Two-Round MPC [BL’18, GS’18] … • Decryption secrets are known by Receiver before Round-2 • Decryption secrets are independent Why?

  29. Two-Round MPC [BL’18, GS’18] Round-1 Round-2 … … … … … • Decryption secrets are known by Receiver before Round-2 • Decryption secrets are independent

  30. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  31. OT Extension [Beaver’96] Oblivious Transfer Oblivious Transfer … Oblivious Transfer

  32. Two-Round OT Extension [Beaver’96]  Decryption secrets are known by Receiver before Round-2  Decryption secrets are independent Why?

  33. Two-Round OT Extension [Beaver’96] … … …  Decryption secrets are independent

  34. Combine? No! Why? How to solve it? 2-round OT extension?

  35. Two-Round OT Extension [Beaver’96]  Decryption secrets are known by Receiver before Round-2  Decryption secrets are independent

  36. First Attempt: Modify Two-Round OT Extension  Decryption secrets are known by Receiver before Round-2  Decryption secrets are independent

  37. Two-Round MPC [BL’18, GS’18] Round-1 Round-2 … … … … … Decryption secrets are hard-coded in the garbled circuits; So they should be known before Round-2!

  38. Second Attempt: Weaken Special Properties … Decryption secrets are hard-coded in the garbled circuits; Weakened property: Decryption secrets can be computed So they should be known before Round-2! and fed into the garbled circuits after Round-2.

  39. Summary

  40. Future Work • How to make it more practical? • Making black-box use of crypto operations? • Impossible for 2 rounds! [GMMM’18] talk tomorrow morning :) • Black-box but 3 rounds? • Combining with black-box OT extension [IKNP’03] • Concrete optimization for implementation

  41. Thanks!

Recommend

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele

Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele

Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele Ciampi Vipul Goyal Johns Hopkins University The University of Edinburgh Carnegie Mellon University and NTT Research Abhishek Jain Rafail

1.42k views • 119 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides
Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa Pankova Roman Jagomgis Peeter Laud 1 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty

641 views • 38 slides
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

773 views • 39 slides
k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,

1.03k views • 85 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

846 views • 55 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

492 views • 48 slides
SMCL A Domain-Specific Programming Language for Secure Multiparty Computation Janus Dam Nielsen

SMCL A Domain-Specific Programming Language for Secure Multiparty Computation Janus Dam Nielsen

SMCL A Domain-Specific Programming Language for Secure Multiparty Computation Janus Dam Nielsen and Michael I. Schwartzbach June 14, 2007 Janus Dam Nielsen - PLAS 2007 1/27 Overview Secure Multiparty Computation SMCL Concepts An

284 views • 27 slides
Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012

Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012

Introduction Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012 Ron Steinfeld Secure Multiparty Computation from Graph Colouring July 2012 1/34 Introduction Acknowledgements Based on joint work

1k views • 62 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
MULTIPARTY COMPUTATION WITH REPUTATION SYSTEMS Gilad Asharov Yehuda Lindell Hila Hila Za Zaro

MULTIPARTY COMPUTATION WITH REPUTATION SYSTEMS Gilad Asharov Yehuda Lindell Hila Hila Za Zaro

FAIR AND EFFICIENT SECURE MULTIPARTY COMPUTATION WITH REPUTATION SYSTEMS Gilad Asharov Yehuda Lindell Hila Hila Za Zaro rosim Asiacry acrypt pt 2013 2013 Secure Multi-Party Computation A set of parties who dont trust each other

794 views • 36 slides
Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish

Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish

Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish Dept. of Computer Science, Courant Institute, NYU This is joint work with: Riad S. Wahby (Stanford), Max Howald (Cooper Union and NYU), Siddharth

723 views • 44 slides
Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated Model in the Mediated Model Jol Alwen (NYU) Jonathan Katz (U. Maryland) Yehuda Lindell (Bar-Ilan U.) Giuseppe Persiano (U. Salerno) abhi

519 views • 25 slides
Outline Threshold Homomorphic Cryptosystems (THCs) Basic examples Secure multiparty

Outline Threshold Homomorphic Cryptosystems (THCs) Basic examples Secure multiparty

ECRYPT: Achievements and Perspectives Antwerp / May 27, 2008 PROVILAB Focus 2 Secure Multiparty Computation Based on Threshold Homomorphic Cryptosystems Berry Schoenmakers Coding & Crypto group Dept. Math & CS TU Eindhoven Outline

583 views • 13 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair

Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair of Network Architectures and Services

676 views • 20 slides
Computation in Cryptography Examples: Multiparty Computation (MPC) Non-interactive Zero

Computation in Cryptography Examples: Multiparty Computation (MPC) Non-interactive Zero

Crypto for PRAM from iO ( via Succinct Garbled PRAM) Kai-Min Chung Academia Sinica, Taiwan Joint work with: Yu-Chi Chen, Sherman S.M. Chow, Russell W.F. Lai, Wei-Kai Lin, Hong-Sheng Zhou Computation in Cryptography Examples: Multiparty

382 views • 34 slides
Constant-Overhead Secure Computation using Preprocessing Ivan Damgrd, Sarah Zakarias Aarhus

Constant-Overhead Secure Computation using Preprocessing Ivan Damgrd, Sarah Zakarias Aarhus

Constant-Overhead Secure Computation using Preprocessing Ivan Damgrd, Sarah Zakarias Aarhus University, Denmark Multiparty Computation Goal: Compute circuit UC-securely Unlike previous talk: I Interested in d i complexity of protocol

462 views • 21 slides
On the Exact Round Complexity of Secure Three-Party Computation Arpita Patra, Divya Ravi Indian

On the Exact Round Complexity of Secure Three-Party Computation Arpita Patra, Divya Ravi Indian

On the Exact Round Complexity of Secure Three-Party Computation Arpita Patra, Divya Ravi Indian Institute of Science CRYPTO 2018 Our Objective What is the exact round complexity of 3-party protocols with honest majority under the following

446 views • 10 slides
An Introduction to Practical Multiparty Computation This Talk MPC Frameworks - General

An Introduction to Practical Multiparty Computation This Talk MPC Frameworks - General

Jack Doerner [Northeastern U] An Introduction to Practical Multiparty Computation This Talk MPC Frameworks - General Computation Circuit Structures - Solving Specific Problems The Memory Problem - A Perpetual Bugbear Custom Protocols

855 views • 53 slides
Secure Multiparty Computation Basic Cryptographic Methods Li Xiong CS573 Data Privacy and

Secure Multiparty Computation Basic Cryptographic Methods Li Xiong CS573 Data Privacy and

Secure Multiparty Computation Basic Cryptographic Methods Li Xiong CS573 Data Privacy and Security The Love Game (AKA the AND game) The Love Game (AKA the AND game) He loves She loves me, he loves me, she me not loves me not

947 views • 45 slides
TOWARDS TRANSPARENT ZERO- KNOWLEDGE COMPUTATION - BASED ON 10 YEARS OF COMMERCIAL USE Kurt

TOWARDS TRANSPARENT ZERO- KNOWLEDGE COMPUTATION - BASED ON 10 YEARS OF COMMERCIAL USE Kurt

TOWARDS TRANSPARENT ZERO- KNOWLEDGE COMPUTATION - BASED ON 10 YEARS OF COMMERCIAL USE Kurt Nielsen (Co-founder and CEO Partisia) Transparency and scalability PROTOCOLS PLATFORMS Landmark paper Secure Multiparty Computation Goes Live

773 views • 21 slides

More recommend