a simpler variant of universally composable security for
play

A Simpler Variant of Universally Composable Security for Standard - PowerPoint PPT Presentation

Oct 04, 2023 •466 likes •898 views

A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo e H ebant Ecole Normale Sup erieure February 22, 2018 Chlo e H ebant (ENS) Working Group: SUC Security February 22, 2018 1 / 18

  1. A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo´ e H´ ebant Ecole Normale Sup´ erieure February 22, 2018 Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 1 / 18

  2. Introduction 1 Definition Interest Difficulties SUC Model 2 Communication model and rules π SUC-securely computes F SUC composition theorem Conclusion 3 Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 2 / 18

  3. Introduction Definition Context Protocol Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  4. Introduction Definition Context Protocol Proof of security Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  5. Introduction Definition Context Protocol Proof of security Adversary model → who? → capabilities? → goals? Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  6. Introduction Definition Context Protocol Proof of security Security model Adversary model → who? → capabilities? → goals? Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  7. Introduction Definition Context Protocol Proof of security Security model Adversary model → who? → capabilities? → goals? Indistinguishability → Find-then-Guess → Real-or-Random Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  8. Introduction Definition Context Protocol Proof of security Security model Adversary model → who? → capabilities? → goals? Indistinguishability Simulation → Find-then-Guess → Classical Simulation → Real-or-Random → Universal Composability Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 3 / 18

  9. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  10. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  11. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  12. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal protocol, virtual players, ideal adversary Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  13. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal functionality, virtual players, ideal adversary Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  14. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal functionality, virtual players, simulation of the adversary Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  15. Introduction Definition Definition Universal Composability model is a security model for Multi Party Computation : n players P i owning x i , n -variable function f , Compute f ( x 1 , · · · , x n ) = ( y 1 , · · · , y n ) s.t. each P i learns y i and nothing more based on a simulation between a Real World and an Ideal World Real World : protocol, players, adversary Ideal World : ideal functionality, virtual players, simulation of the adversary Ensure that an environment Z can’t distinguish between both worlds Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 4 / 18

  16. Introduction Definition Definition F x 1 y n x 2 x n y 2 y 1 P 1 P n · · · P 2 Figure 1: Ideal World Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 5 / 18

  17. Introduction Definition Definition F x 1 y n x 2 x n y 2 y 1 P 1 P n · · · P 2 Figure 1: Ideal World Construction of UC protocols: Define the ideal Functionality F Construct a protocol Π that realises F Make the proof: construct a simulator S Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 5 / 18

  18. Introduction Interest Interest 1: A can choose a distribution for the inputs In the UC model, no description of: what are the possible actions of the adversary the order of the requests the number of requests Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 6 / 18

  19. Introduction Interest Interest 1: A can choose a distribution for the inputs In the UC model, no description of: what are the possible actions of the adversary the order of the requests the number of requests The execution is taken as a whole: Z chooses the inputs of P i and A Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 6 / 18

  20. Introduction Interest Interest 1: A can choose a distribution for the inputs In the UC model, no description of: what are the possible actions of the adversary the order of the requests the number of requests The execution is taken as a whole: Z chooses the inputs of P i and A ⇒ Model attacks where the inputs are not uniform Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 6 / 18

  21. Introduction Interest Interest 2: The composition theorem Most important interest: If a protocol is UC secure then it is secure for concurrent executions Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 7 / 18

  22. Introduction Interest Interest 2: The composition theorem Most important interest: If a protocol is UC secure then it is secure for concurrent executions Example 1: UC-commitments → ZK Example 2: UC-secure authenticated key exchange + secure symmetric encryption → Secure channels Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 7 / 18

  23. Introduction Interest Interest 2: The composition theorem Most important interest: If a protocol is UC secure then it is secure for concurrent executions Example 1: UC-commitments → ZK Example 2: UC-secure authenticated key exchange + secure symmetric encryption → Secure channels ⇒ Because of these 2 points, the UC model is more secure than the Find-then-Guess or Real-or-Random models Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 7 / 18

  24. Introduction Difficulties Difficulty to define the ideal functionality Ideal Functionality for Secure Message Transfer Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 8 / 18

  25. Introduction Difficulties Difficulty to define the ideal functionality Ideal Functionality for Secure Message Transfer F l STM proceeds as follows: parameterized by leakage function l : { 0 , 1 } ⋆ → { 0 , 1 } ⋆ , Upon receiving an input (Send , sid , m ) from S , verify that sid = ( S , R , sid ′ ) for some R , else ignore the input. Next, send (Sent , sid , l ( m ) , m ) to R . text = private content Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 8 / 18

  26. Introduction Difficulties Difficulty to define the ideal functionality Ideal Functionality for Secure Message Transfer F l STM proceeds as follows: parameterized by leakage function l : { 0 , 1 } ⋆ → { 0 , 1 } ⋆ , Upon receiving an input (Send , sid , m ) from S , verify that sid = ( S , R , sid ′ ) for some R , else ignore the input. Next, send (Sent , sid , l ( m ) , m ) to R . text = private content For example: leaking l ( m ) = length( m ) is important because no cryptosystem can fully hide the size of the information being encrypted Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 8 / 18

  27. Introduction Difficulties Difficulties in proofs In UC model, proofs more complex than in game based security: no rewind, need extractable inputs ⇒ protocol more complex no end when the adversary wins ⇒ proofs more complex Chlo´ e H´ ebant (ENS) Working Group: SUC Security February 22, 2018 9 / 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove. ASIACRYPT 2018 J. P. Degabriele M. Fischlin 1 What this talk is about We propose and explore new security definitions for symmetric encryption

819 views • 24 slides
A Universally Composable Framework for the Privacy of Email Ecosystems Pyrros Chaidos 1 , Olga

A Universally Composable Framework for the Privacy of Email Ecosystems Pyrros Chaidos 1 , Olga

A Universally Composable Framework for the Privacy of Email Ecosystems Pyrros Chaidos 1 , Olga Fourtounelli 1 , Aggelos Kiayas 2 , Thomas Zacharias 2 1 : National & Kapodistrian University of Athens 2 : University of Edinburgh This project

557 views • 28 slides
Universally Composable and Privacy-Preserving Audit Logs Using Bulletin Board Anna Kaplan, Zcash

Universally Composable and Privacy-Preserving Audit Logs Using Bulletin Board Anna Kaplan, Zcash

Universally Composable and Privacy-Preserving Audit Logs Using Bulletin Board Anna Kaplan, Zcash Foundation & Technical University of Munich Joint work with Jan Camenisch, Manu Drijvers, and Maria Dubovitskaya (all at DFINITY) Work was

884 views • 30 slides
Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N.

Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N.

Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N. Dttling, G. Hartung, J. Mller-Quade, and M. Nagel Faculty of Computer Science Institute for Theoretical Informatics Research Group for

643 views • 60 slides
Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel

Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel

Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel Jost Ueli Maurer ETH Zurich Crypto 2020, August 17-21, 2020 Motivation: how to best define security? Aug 17, 2020 2 Daniel Jost Defining Security

1.25k views • 46 slides
EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE & EXTENSIBLE REST API REST API Thierry Delprat td@nuxeo.com https://github.com/tiry/ AGENDA AGENDA Quick introduction provide some context API design

1.37k views • 75 slides
Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

handshake 1 Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g , where K fg can be hash AB authentication not mutual connection hijacking off-line password attack compromise of database

424 views • 16 slides
Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in my patient pathogenic or benign? "The Doctor" by Sir Luke Fildes (1891) Drop in genome price drives increase in patient variant

500 views • 22 slides
<? <?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant

<? <?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant

<? <?php php $ret = $ret = foo foo($a ($a); ); // C++ // C++ Variant v_ret Variant v_ret; ; Variant Variant v_a v_a; ; v_ret v_ret = = f_foo f_foo(v_a (v_a); ); Facebook 2010 (confidential) <?php <?

287 views • 12 slides
N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented

N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented

N-variants N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. Presented by: Stephen McLaughlin Presented by: Stephen McLaughlin N-Variant SystemsA Secretless Framework for Security through N-variants The

549 views • 28 slides
IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be

IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be

IDN Variant TLDs Program Update IDN Variant TLDs Program Origins No variants of gTLDs will be delegated until appropriate variant management solutions are developed http://www.icann.org/en/groups/board/do

533 views • 31 slides
Iteration hypotheses and the strong sealing of universally Baire sets W. Hugh Woodin Harvard

Iteration hypotheses and the strong sealing of universally Baire sets W. Hugh Woodin Harvard

Iteration hypotheses and the strong sealing of universally Baire sets W. Hugh Woodin Harvard University November 2018 Universally Baire sets Definition (Feng-Magidor-Woodin) A set A R n is universally Baire if: For all topological

1.23k views • 88 slides
Variant Effect Predictor Demo: The Variant Effect Predictor (VEP)

Variant Effect Predictor Demo: The Variant Effect Predictor (VEP)

Variant Effect Predictor Demo: The Variant Effect Predictor (VEP) We have identified five variants on human chromosome nine, an A deletion at 128328461, C->A

301 views • 7 slides
Variant-Related Issues Variant TLD Issues Project Goal

Variant-Related Issues Variant TLD Issues Project Goal

Variant-Related Issues Variant TLD Issues Project Goal Iden0fy and agree on issues related to variants that should be included in the report 2

218 views • 10 slides
Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2.

Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2.

Jorge Jimnez Variant calling jjimeneza@cipf.es Index 1. Variant calling pipeline 2. Alignment processing 3. SNP calling 4. Short indel calling 5. VCF format 6. Structural Variation Jorge Jimnez Variant calling jjimeneza@cipf.es

1.12k views • 40 slides
SimpleR SimpleR - goals and intentions A Windows-based interface to R for basic statistics T

SimpleR SimpleR - goals and intentions A Windows-based interface to R for basic statistics T

SimpleR SimpleR - goals and intentions A Windows-based interface to R for basic statistics T Wants to S lower entry barriers for Windows users S support 90% of the needs of 90% of Gunther Maier (potential) users T Does NOT want to Vienna

425 views • 3 slides
THE FICTIONNAL TURN OF TRANSLATION STUDIES Introduction Laura Flica Universitat Oberta de

THE FICTIONNAL TURN OF TRANSLATION STUDIES Introduction Laura Flica Universitat Oberta de

THE FICTIONNAL TURN OF TRANSLATION STUDIES Introduction Laura Flica Universitat Oberta de Catalunya lfolica@uoc.edu Ramon Llad Universitat Autnoma de Barcelona Ramon.llado@uab.cat In Some Versions of Homer, Borges begins his

378 views • 6 slides
Savannah, GA Multi-State Consortia UI IT Systems Development Joe Vitale ITSC Director June

Savannah, GA Multi-State Consortia UI IT Systems Development Joe Vitale ITSC Director June

Information Technology Support Center 33 rd . Annual National UI Issues Conference Savannah, GA Multi-State Consortia UI IT Systems Development Joe Vitale ITSC Director June 19, 2014 1 Information Technology Support Center NASWA Structure

504 views • 31 slides
TECHNICAL READINESS CHECKLIST FOR CROSS-BORDER PAPERLESS TRADE IN MONGOLIA Ulaanbaatar, Mongolia

TECHNICAL READINESS CHECKLIST FOR CROSS-BORDER PAPERLESS TRADE IN MONGOLIA Ulaanbaatar, Mongolia

TECHNICAL READINESS CHECKLIST FOR CROSS-BORDER PAPERLESS TRADE IN MONGOLIA Ulaanbaatar, Mongolia 2 nd May 2019 OVERALL ASSESSMENT Mongolias overall readiness level in ICT infrastructure is fair, and willingness of stakeholders to move

335 views • 18 slides
PILOT PROJECT IMPACT RESIDENCY For circus arts For collectives For organizations Program

PILOT PROJECT IMPACT RESIDENCY For circus arts For collectives For organizations Program

PILOT PROJECT IMPACT RESIDENCY For circus arts For collectives For organizations Program presentation 20192020 Conseil des arts de Montral Impact residency pilot project 1. WHAT DO I NEED TO KNOW BEFORE APPLYING? 1.1. WHO IS ELIGIBLE

550 views • 12 slides
NEW CREATIVE I N T E R C O N N E C T S O L U T I O N S Positioning MOTS by Nicomatic M ilitary

NEW CREATIVE I N T E R C O N N E C T S O L U T I O N S Positioning MOTS by Nicomatic M ilitary

NEW CREATIVE I N T E R C O N N E C T S O L U T I O N S Positioning MOTS by Nicomatic M ilitary O ff T he S helf HIGH QUALITY TAPE&REEL SHORT DELIVERY Military Easy to store Products in stock Civil avionics 24 HOURS delivery Easy to

739 views • 20 slides
Review of Procurement Arrangements & Processes Supply Chain Management - Achievements

Review of Procurement Arrangements & Processes Supply Chain Management - Achievements

Tuesday, 30 September 2014 Review of Procurement Arrangements & Processes Supply Chain Management - Achievements 400k savings delivered Improvement of Hounslow 13/14 Highways Contract Performance of street

329 views • 9 slides
Presentation Pointer User Manual Version 1.6.0 February 2016 www.presentation-assistant.com

Presentation Pointer User Manual Version 1.6.0 February 2016 www.presentation-assistant.com

Presentation Pointer User Manual Version 1.6.0 February 2016 www.presentation-assistant.com Contents Contents Contents

695 views • 21 slides
S8215: Displaying and Interacting with Desktop Apps in VR GTC 2018 // Rouslan Dimitrov Imagine

S8215: Displaying and Interacting with Desktop Apps in VR GTC 2018 // Rouslan Dimitrov Imagine

S8215: Displaying and Interacting with Desktop Apps in VR GTC 2018 // Rouslan Dimitrov Imagine YOUR OWN Holodeck User content from BIOHAZRED Imagine YOUR OWN Holodeck VR Screens User content from BIOHAZRED VR TOOLBOX the App Goal: bring

752 views • 15 slides

More recommend