an optimal distributed discrete log protocol with
play

An Optimal Distributed Discrete Log Protocol with Applications to - PowerPoint PPT Presentation

May 20, 2023 •32 likes •472 views

An Optimal Distributed Discrete Log Protocol with Applications to Homomorphic Secret Sharing Itai Dinur 1 , Nathan Keller 2 and Ohad Klein 2 1 Department of Computer Science, Ben-Gurion University, Israel 2 Department of Mathematics, Bar-Ilan

  1. An Optimal Distributed Discrete Log Protocol with Applications to Homomorphic Secret Sharing Itai Dinur 1 , Nathan Keller 2 and Ohad Klein 2 1 Department of Computer Science, Ben-Gurion University, Israel 2 Department of Mathematics, Bar-Ilan University, Israel August 22, 2018 Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 1 / 17

  2. The Spaceships Problem Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 2 / 17

  3. The Spaceships Problem Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 2 / 17

  4. The Spaceships Problem Spaceships land on adjacent cells of random numbers array. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 2 / 17

  5. The Spaceships Problem Spaceships land on adjacent cells of random numbers array. Cannot communicate . Allowed to read T cells. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 2 / 17

  6. The Spaceships Problem Spaceships land on adjacent cells of random numbers array. Cannot communicate . Allowed to read T cells. Must eventually stop. Goal: Stop on the same cell with high probability. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 2 / 17

  7. The Spaceships Problem Spaceships land on adjacent cells of random numbers array. Cannot communicate . Allowed to read T cells. Must eventually stop. Goal: Stop on the same cell with high probability. Do not know who is on the left. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 2 / 17

  8. The Spaceships Problem Spaceships land on adjacent cells of random numbers array. Cannot communicate . Allowed to read T cells. Must eventually stop. Goal: Stop on the same cell with high probability. Do not know who is on the left. Main Problem How can the spaceships maximize their meeting probability? What is this highest probability (depending on T )? Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 2 / 17

  9. Basic algorithm Algorithm: Basic 1: function Basic ( array , start , T ) return arg min i ∈ [ start , start + T ) { array [ i ] } ; 2: Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 3 / 17

  10. Basic algorithm Algorithm: Basic 1: function Basic ( array , start , T ) return arg min i ∈ [ start , start + T ) { array [ i ] } ; 2: Analysis Alice & Bob fail to synchronize iff minimum in on one of the ends. Probability = 2 / ( T + 1). Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 3 / 17

  11. Homomorphic Secret Sharing Homomorphic Secret Sharing – introduced by Boyle,Gilboa, Ishai [ BGI ] (CRYPTO’16) as a more practical alternative to FHE (Fully-Homomorphic-Encryption). Suppose we wish to securely compute in the cloud. HSS enables to distribute the evaluation of a public function f on a secret input x among two servers, each receiving a secret share y or z , so that f ( x ) can easily be recovered from f ′ ( y ) and f ′ ( z ). Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 4 / 17

  12. Homomorphic Secret Sharing Homomorphic Secret Sharing – introduced by Boyle,Gilboa, Ishai [ BGI ] (CRYPTO’16) as a more practical alternative to FHE (Fully-Homomorphic-Encryption). Suppose we wish to securely compute in the cloud. HSS enables to distribute the evaluation of a public function f on a secret input x among two servers, each receiving a secret share y or z , so that f ( x ) can easily be recovered from f ′ ( y ) and f ′ ( z ). Each of y and z computationally hides x . ‘Share’ and ‘Join’ are cheap. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 4 / 17

  13. HSS & Applications BGI constructed a group based HSS protocol. Security Relies only on DDH (Decisional-Diffie-Hellman) Hardness assumption. Low communication complexity . Applicable only for functions f inside the class of ‘ branching programs ’. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 5 / 17

  14. HSS & Applications BGI constructed a group based HSS protocol. Security Relies only on DDH (Decisional-Diffie-Hellman) Hardness assumption. Low communication complexity . Applicable only for functions f inside the class of ‘ branching programs ’. Applications PIR : Private information retrieval (with branching program predicate). SMPC : Secure multi-party computation in sublinear communication (leveled circuits). Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 5 / 17

  15. HSS & Applications BGI constructed a group based HSS protocol. Security Relies only on DDH (Decisional-Diffie-Hellman) Hardness assumption. Low communication complexity . Applicable only for functions f inside the class of ‘ branching programs ’. Applications PIR : Private information retrieval (with branching program predicate). SMPC : Secure multi-party computation in sublinear communication (leveled circuits). Requires an algorithm solving the Distributed-Discrete-Log problem ( DDLOG ). Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 5 / 17

  16. Overview of BGI’s HSS Protocol (1) Let x = ( x 1 , . . . , x n ) ∈ { 0 , 1 } n be a secret input. We wish to compute f ( x ) ∈ Z , where f contains instructions of the form: 1) v i ← v j ± v k for variables v i , v j , v k ∈ Z . 2) v i ← v j · x k where x k is an input bit. 3) v i ← x k . Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 6 / 17

  17. Overview of BGI’s HSS Protocol (1) Let x = ( x 1 , . . . , x n ) ∈ { 0 , 1 } n be a secret input. We wish to compute f ( x ) ∈ Z , where f contains instructions of the form: 1) v i ← v j ± v k for variables v i , v j , v k ∈ Z . 2) v i ← v j · x k where x k is an input bit. 3) v i ← x k . Share x : Let G be a cryptographic group generated by g . Choose random y i , z i with x i = y i + z i , and share y i , z i respectively. Also, publish g x i . (Actually, use something similar to El-Gamal.) Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 6 / 17

  18. Overview of BGI’s HSS Protocol (1) Let x = ( x 1 , . . . , x n ) ∈ { 0 , 1 } n be a secret input. We wish to compute f ( x ) ∈ Z , where f contains instructions of the form: 1) v i ← v j ± v k for variables v i , v j , v k ∈ Z . 2) v i ← v j · x k where x k is an input bit. 3) v i ← x k . Share x : Let G be a cryptographic group generated by g . Choose random y i , z i with x i = y i + z i , and share y i , z i respectively. Also, publish g x i . (Actually, use something similar to El-Gamal.) Evaluation of f ′ almost identical to evaluation of f . We maintain that at any time t , v t i ( x ) = v t i ( y ) + v t i ( z ). Trivial for instructions 1 & 3. What about 2? Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 6 / 17

  19. Overview of BGI’s HSS Protocol (2) How would we implement v i ← v j · x k ? We only have v j and g x k ! Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 7 / 17

  20. Overview of BGI’s HSS Protocol (2) How would we implement v i ← v j · x k ? We only have v j and g x k ! We can compute g v i = g v j x k , but we do not have v i . We seek for an efficient probabilistic algorithm A : G → Z / | G | satisfying: Simplified DDLOG problem Let u , v ∈ { 0 , 1 } , then Pr [ A ( g u ) + A ( g v ) � = u + v ] ≤ δ, for a minimal δ > 0, depending on the complexity of A . Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 7 / 17

  21. Overview of BGI’s HSS Protocol (2) How would we implement v i ← v j · x k ? We only have v j and g x k ! We can compute g v i = g v j x k , but we do not have v i . We seek for an efficient probabilistic algorithm A : G → Z / | G | satisfying: Simplified DDLOG problem Let u , v ∈ { 0 , 1 } , then Pr [ A ( g u ) + A ( g v ) � = u + v ] ≤ δ, for a minimal δ > 0, depending on the complexity of A . Can binary expand v j and assume v j ∈ { 0 , 1 } . Degenerate formulation due to usage t �→ g t , instead of El-Gamal. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 7 / 17

  22. DDLOG & Spaceships problems DDLOG problem Let G be a cyclic cryptographic group, with a generator g . Find probabilistic algorithms A , B : G → Z / | G | , so that A ( g x +1 ) − B ( g x ) � = 1 � � ∀ x ∈ Z : Pr ≤ δ, for a minimal δ > 0, depending on the time complexity of A , B . Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 8 / 17

  23. DDLOG & Spaceships problems DDLOG problem Let G be a cyclic cryptographic group, with a generator g . Find probabilistic algorithms A , B : G → Z / | G | , so that A ( g x +1 ) − B ( g x ) � = 1 � � ∀ x ∈ Z : Pr ≤ δ, for a minimal δ > 0, depending on the time complexity of A , B . Apply a PRF on g t to randomize. BGI used ‘Basic’ algorithm, achieving δ = 1 / T for running time O ( T ). Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 8 / 17

  24. Results (Optimal) Spaceships Algorithm There is an algorithm enabling Alice and Bob to synchronize except for probability O (1 / T 2 ), where T is the number of array-queries. Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 9 / 17

  25. Results (Optimal) Spaceships Algorithm There is an algorithm enabling Alice and Bob to synchronize except for probability O (1 / T 2 ), where T is the number of array-queries. Corollary If Alice and Bob landed with initial distance M of each other, probability of failure would be O ( M / T 2 ). Ohad Klein (BIU) How to Synchronize Efficiently? Aug. 22, 2018 9 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Optimal Control of Discrete Models Suzanne Lenhart University of Tennessee, Knoxville

Optimal Control of Discrete Models Suzanne Lenhart University of Tennessee, Knoxville

Optimal Control of Discrete Models Suzanne Lenhart University of Tennessee, Knoxville Department of Mathematics SL5 p.1/15 Introduction For many populations, births and growth occur in regular times each year (or each cycle). Discrete

474 views • 15 slides
UC UC b Overview Leader Election Protocol Dynamic Voltage Scaling Optimal

UC UC b Overview Leader Election Protocol Dynamic Voltage Scaling Optimal

APPLICATIONS UC UC b Overview Leader Election Protocol Dynamic Voltage Scaling Optimal Reconfiguration of FPGA Memory Interface UC UCb Leader Election Protocol UC UC b Leader Election 2 1 0 3 Protocol by Leslie

917 views • 62 slides
The Arvy Distributed Directory Protocol Pankaj Khanchandani, Roger Wattenhofer ETH Zurich -

The Arvy Distributed Directory Protocol Pankaj Khanchandani, Roger Wattenhofer ETH Zurich -

The Arvy Distributed Directory Protocol Pankaj Khanchandani, Roger Wattenhofer ETH Zurich - Distributed Computing Group (DISCO) Distributed Directory Distributed Directory Shared Token Distributed Directory Distributed Directory

1.51k views • 139 slides
Optimal Distributed Covering Algorithms Ran Ben-Basat 1 , Guy Even 2 , Ken-ichi Kawarabayashi 3 ,

Optimal Distributed Covering Algorithms Ran Ben-Basat 1 , Guy Even 2 , Ken-ichi Kawarabayashi 3 ,

Optimal Distributed Covering Algorithms Ran Ben-Basat 1 , Guy Even 2 , Ken-ichi Kawarabayashi 3 , Gregory Schwartzman 3 1 Harvard 2 Tel-Aviv U. 3 NII 1 / 8 Lower Bound on Number of Communication Rounds Theorem ([KMW16]) Any distributed

274 views • 15 slides
Optimal covering of a straight line application to discrete convexity Jean-Marc Chassery, Isabelle

Optimal covering of a straight line application to discrete convexity Jean-Marc Chassery, Isabelle

Optimal covering of a straight line application to discrete convexity Jean-Marc Chassery, Isabelle Sivignon gipsa-lab, CNRS, Grenoble, France Continuous convexity P Q Optimal covering of a straight line applied to discrete convexity JM

558 views • 17 slides
Optimal Ranges for Cut-O ff Probabilities of Discrete Distributions Derived from Non-Standard

Optimal Ranges for Cut-O ff Probabilities of Discrete Distributions Derived from Non-Standard

Optimal Ranges for Cut-O ff Probabilities of Discrete Distributions Derived from Non-Standard Decks of Cards Project by: Kathryn Nikki Bolinger and Jirani Smith

236 views • 8 slides
TSMP Time Synchronized Mesh Protocol Seminar in Distributed Computing, FS 2010, ETH Zrich

TSMP Time Synchronized Mesh Protocol Seminar in Distributed Computing, FS 2010, ETH Zrich

TSMP Time Synchronized Mesh Protocol Seminar in Distributed Computing, FS 2010, ETH Zrich Joo Moreno TSMP: Time Synchronized Mesh Protocol Overview Definition Background Protocol Details Results Conclusions Seminar in Distributed

1.01k views • 55 slides
A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status Protocol Satoshi Koga, Kouichi Sakurai Satoshi Koga Kyushu University, Japan Background Background Certificate Revocation Problem Certificate

349 views • 10 slides
Rabies in Raccoons: Optimal Control for a Discrete Time Model on a Spatial Grid Wandi Ding, Louis

Rabies in Raccoons: Optimal Control for a Discrete Time Model on a Spatial Grid Wandi Ding, Louis

Rabies in Raccoons: Optimal Control for a Discrete Time Model on a Spatial Grid Rabies in Raccoons: Optimal Control for a Discrete Time Model on a Spatial Grid Wandi Ding, Louis Gross, Keith Langston, Suzanne Lenhart, Les Real University of

516 views • 37 slides
Optimal Control and Dynamic Programming 4SC000 Q2 2017-2018 Duarte Antunes Recall Discrete

Optimal Control and Dynamic Programming 4SC000 Q2 2017-2018 Duarte Antunes Recall Discrete

Optimal Control and Dynamic Programming 4SC000 Q2 2017-2018 Duarte Antunes Recall Discrete Stage decision Continuous-time optimization problems control problems problems Discrete-time system & Differential equations &

822 views • 58 slides
PERFORMANCE OF THE DISTRIBUTED CPA PROTOCOL AND ARCHITECTURE ON TRADITIONAL NETWORKS Kevin

PERFORMANCE OF THE DISTRIBUTED CPA PROTOCOL AND ARCHITECTURE ON TRADITIONAL NETWORKS Kevin

PERFORMANCE OF THE DISTRIBUTED CPA PROTOCOL AND ARCHITECTURE ON TRADITIONAL NETWORKS Kevin Chalmers Institute of Informatics and Digital Innovation Edinburgh Napier University Breakdown Background And why we havent got occam-

242 views • 20 slides
Distributed computation of optimal allocations using potential games Pierre Coucheney, Corinne

Distributed computation of optimal allocations using potential games Pierre Coucheney, Corinne

Distributed computation of optimal allocations using potential games Pierre Coucheney, Corinne Touati, Bruno Gaujal INRIA Alcatel-Lucent Common Lab. Alge(co)Fail B. G. (inria) Algorithms for population games 1 / 30 Motivation: Distributed

541 views • 34 slides
Energetically Optimal Flapping Flight via a Fully Discrete Adjoint Method with Explicit Treatment

Energetically Optimal Flapping Flight via a Fully Discrete Adjoint Method with Explicit Treatment

Energetically Optimal Flapping Flight via a Fully Discrete Adjoint Method with Explicit Treatment of Flapping Frequency Jingyi Wang, Matthew J. Zahr , and Per-Olof Persson CFD-36, Optimization Techniques for CFD AIAA Aviation Sheraton

360 views • 34 slides
A discrete time DP approach on a tree structure for finite horizon optimal control problems

A discrete time DP approach on a tree structure for finite horizon optimal control problems

A discrete time DP approach on a tree structure for finite horizon optimal control problems Maurizio Falcone joint works with A. Alla (PUC, Rio) and L. Saluzzi (GSSI, L Aquila) ICODE Workshop "Numerical Solution of HJB Equations"

721 views • 58 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint work with Sjouke Mauw and Jorge Toro-Pozo) Euro S&P and RFIDSec, 2016 Distance Bounding protocols 1 Beating a grand master: is this a relay

926 views • 67 slides
On ratchet-cap pricing problems under the Levy LIBOR model Hsuan Ku Liu Department of

On ratchet-cap pricing problems under the Levy LIBOR model Hsuan Ku Liu Department of

On ratchet-cap pricing problems under the Levy LIBOR model Hsuan Ku Liu Department of Mathematics and Information Education National Taipei University of Education Outline Outline Simple forwards 1 Modelling jump 2 Arbitrage-free dynamics

512 views • 38 slides
30 Years of DL Research @ UNIPD Maristella Agosti, Giorgio Maria Di Nunzio, Nicola Ferro, Maria

30 Years of DL Research @ UNIPD Maristella Agosti, Giorgio Maria Di Nunzio, Nicola Ferro, Maria

30 Years of DL Research @ UNIPD Maristella Agosti, Giorgio Maria Di Nunzio, Nicola Ferro, Maria Maistro, Stefano Marchesin, Nicola Orio*, Chiara Ponchia*, Gianmaria Silvello Department of Information Engineering *Department of Cultural

782 views • 55 slides
Webinar: Surveying Institutional Preparedness for Research Data Management CARL Portage is

Webinar: Surveying Institutional Preparedness for Research Data Management CARL Portage is

Webinar: Surveying Institutional Preparedness for Research Data Management CARL Portage is supported by directed funding from Innovation, Science & Economic Development Canada flowing through CANARIE. 1 Housekeeping You will be muted

791 views • 45 slides
Shallow lakes in the Netherlands Pristine state: Clear water Abundant submerged vegetation G

Shallow lakes in the Netherlands Pristine state: Clear water Abundant submerged vegetation G

Shallow lakes in the Netherlands Pristine state: Clear water Abundant submerged vegetation G Gradual increase in nutrient d l i i i loading from agricultural run off Sudden transition to turbid state characterized by S dd t iti t t bid

109 views • 9 slides
Computer Graphics (CS 543) L Lecture 6 (Part 1): Implementing 6 (P 1) I l i Transformations

Computer Graphics (CS 543) L Lecture 6 (Part 1): Implementing 6 (P 1) I l i Transformations

Computer Graphics (CS 543) L Lecture 6 (Part 1): Implementing 6 (P 1) I l i Transformations Prof Emmanuel Agu Prof Emmanuel Agu Computer Science Dept. p p Worcester Polytechnic Institute (WPI) Arbitrary Matrices Can multiply by matrices

282 views • 12 slides
GDC: The GNU D Compiler Iain Bucaw @ibuclaw GHM 2013 Iain Bucaw (@ibuclaw) (slide 1) GHM

GDC: The GNU D Compiler Iain Bucaw @ibuclaw GHM 2013 Iain Bucaw (@ibuclaw) (slide 1) GHM

GDC: The GNU D Compiler Iain Bucaw @ibuclaw GHM 2013 Iain Bucaw (@ibuclaw) (slide 1) GHM 2013 1 / 69 Outline History of Porting D Front End (DFE) 1 GDC Current Status 2 The Anatomy of a GCC Front End 3 GDC Extensions 4 Future

907 views • 69 slides
(Outrageously ) Low-Resource Speech Processing NLP @ Deep Learning Indaba, Kenya, 2019

(Outrageously ) Low-Resource Speech Processing NLP @ Deep Learning Indaba, Kenya, 2019

(Outrageously ) Low-Resource Speech Processing NLP @ Deep Learning Indaba, Kenya, 2019 Herman Kamper E&E Engineering, Stellenbosch University, South Africa http://www.kamperh.com/ (Outrageously ) Low-Resource Speech Processing NLP

818 views • 64 slides
presentations some hints some hints How to give good seminar Friedemann Mattern , ETH Zurich

presentations some hints some hints How to give good seminar Friedemann Mattern , ETH Zurich

1 presentations some hints some hints How to give good seminar Friedemann Mattern , ETH Zurich presentations March 2013 Why should we care? Presentation skills are required in professional life Present yourself, your research,

562 views • 31 slides

More recommend