Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa - PowerPoint PPT Presentation

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU

Secure Two-Party Computation 𝒛 𝒚 𝑄 2 𝑄 1 𝑔(𝑦, 𝑧)

Non-Interactive Secure Computation (NISC) 𝑁 1 𝒛 𝒚 𝑄 𝑁 2 𝑄 2 1

Non-Interactive Secure Computation (NISC) 𝑁 1 • Over the internet 𝒛 𝒚 𝑄 𝑁 2 𝑄 2 • Without coordination 1 • Email • Bulletin boards

Non-Interactive Secure Computation (NISC) 𝑁 1 • Over the internet 𝒛 𝒚 𝑄 𝑁 2 𝑄 2 • Without coordination 1 • Email • Bulletin boards Comparable to best 2PC [AMPR14]

Batched 2PC 𝒚 𝟐 𝒛 𝟐 𝑄 2 𝑄 1 𝒚 𝟑 𝒛 𝟑 ⋮ 𝒚 𝑶 𝒛 𝑶

Batched 2PC • Better amortized efficiency 𝒚 𝟐 𝒛 𝟐 • 𝑚𝑝𝑕𝑂 improvement 𝑄 2 𝑄 1 • [NO09,FJNNO13, LR14,HKKKM14, … ] 𝒚 𝟑 𝒛 𝟑 ⋮ 𝒚 𝑶 𝒛 𝑶

Batched 2PC • Better amortized efficiency 𝒚 𝟐 𝒛 𝟐 • 𝑚𝑝𝑕𝑂 improvement 𝑄 2 𝑄 1 • [NO09,FJNNO13, LR14,HKKKM14, … ] 𝒚 𝟑 𝒛 𝟑 ⋮ 4 rounds 𝒚 𝑶 𝒛 𝑶

Best of Both Worlds 𝑵 𝟐 𝑦 1 𝑧 1 • 𝑈𝑥𝑝 𝑠𝑝𝑣𝑜𝑒𝑡 ⋮ ⋮ 𝑦 𝑂 𝑧 𝑂 𝑄 𝑵 𝟑 • 𝑚𝑝𝑕𝑂 𝑗𝑛𝑞𝑠𝑝𝑤𝑓𝑛𝑓𝑜𝑢 1 𝑄 2

Yao’s Garbled Circuits 𝐷 𝑦, 𝑧 = 𝑔(𝑦, 𝑧) 1 , 𝑙 1 1 𝑙 0 𝐻𝐷 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒) 3 , 𝑙 1 3 𝑙 0 2 , 𝑙 1 2 𝑙 0 AND 𝐻𝐽 𝑦 𝐻𝐽 𝑦 ← 𝐻𝐽𝑜(𝑦, 𝑡𝑒) 𝒛 𝒚 𝐻𝐷 Evaluator Garbler 3 ) 𝑑 0,0 = 𝐹 𝑙 0 2 (𝑙 0 1 ,𝑙 0 3 ) 𝑑 0,1 = 𝐹 𝑙 0 2 (𝑙 0 1 ,𝑙 1 Oblivious Transfer 𝐻𝐽 𝑧 𝒈(𝒚, 𝒛) 3 ) 𝑑 1,0 = 𝐹 𝑙 1 2 (𝑙 0 1 ,𝑙 0 3 ) 𝑑 1,1 = 𝐹 𝑙 1 2 (𝑙 1 1 ,𝑙 1

Cut-and-Choose 2PC (majority) 𝑦 𝐻𝐷 1 𝐻𝐷 1 𝑦 𝑨 2 𝐻𝐷 2 𝐻𝐷 2 𝒚 𝐻𝐷 3 𝐻𝐷 3 ⋮ 𝑄 1 𝑨 4 𝑨 = 𝑔(𝑦, 𝑧) 𝐻𝐷 4 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 5 𝑨 6 𝑦 𝐻𝐷 6 𝐻𝐷 6

Cut-and-Choose 2PC (Forge and Lose) 𝑦 𝐻𝐷 1 𝐻𝐷 1 𝑦 𝑨 2 𝐻𝐷 2 𝐻𝐷 2 𝑨 𝒚 𝐻𝐷 3 𝐻𝐷 3 𝑨′ ⋮ Cheating 𝑄 1 Recovery 𝑨 4 𝐻𝐷 4 𝐻𝐷 4 𝑦 2PC 𝐻𝐷 5 𝐻𝐷 5 𝑨 6 𝑦 𝐻𝐷 6 𝐻𝐷 6 𝑦

Homomorphic Commitments • Hiding and Binding • 𝐼𝐷𝑃𝑁 𝑏, 𝑒 𝑏 , 𝐼𝐷𝑃𝑁 𝑐, 𝑒 𝑐 • Open to 𝑏 ⊕ 𝑐 , using opening 𝑒 𝑏 ⊕ 𝑒 𝑐 • Pedersen commitments • OT-based Commitments [LR15] • Non-interactive, rate 1/𝜇 • (OT+ code)-based commitments [FJNT16] • Constant rate, interactive setup • Fiat-Shamir

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗 𝑗 𝑗𝑜 0 Evaluator input 0/1 Probe-resistant encoding Input OT 𝑗 𝑗𝑜 1

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗 𝑗 𝑗𝑜 0 Evaluator input 0/1 Probe-resistant encoding Input OT 𝑗 𝑗𝑜 1 𝑡𝑒 𝑗 Open/evaluate Circuit OT Cut and choose 𝐿 𝑗

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗 𝑗 𝑗𝑜 0 Evaluator input 0/1 Probe-resistant encoding Input OT 𝑗 𝑗𝑜 1 𝑡𝑒 𝑗 Open/evaluate Circuit OT Cut and choose 𝐿 𝑗 permutation bit 𝐼𝐷𝑃𝑁 𝑡 𝑗 , 𝑗 𝑗 𝐷𝑃𝑁 𝑗𝑜 0⊕𝑡 𝑗 , 𝐷𝑃𝑁(𝑗𝑜 1⊕𝑡 𝑗 ) Garbler input 𝐼𝐷𝑃𝑁 𝑦

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗 𝑗 𝑗𝑜 0 Evaluator input 0/1 Probe-resistant encoding Input OT 𝑗 𝑗𝑜 1 𝒕 𝒋 𝑡𝑒 𝑗 Open/evaluate Circuit OT Cut and choose 𝒚 ⊕ 𝒕 𝒋 𝐿 𝑗 permutation bit 𝐼𝐷𝑃𝑁 𝑡 𝑗 , 𝑗 𝑗 𝐷𝑃𝑁 𝑗𝑜 0⊕𝑡 𝑗 , 𝐷𝑃𝑁(𝑗𝑜 1⊕𝑡 𝑗 ) Garbler input 𝐼𝐷𝑃𝑁 𝑦

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗 𝑗 𝑗𝑜 0 Evaluator input 0/1 Probe-resistant encoding Input OT 𝑗 𝑗𝑜 1 𝒕 𝒋 𝑡𝑒 𝑗 Open/evaluate Circuit OT Cut and choose 𝒚 ⊕ 𝒕 𝒋 𝐿 𝑗 permutation bit 𝐼𝐷𝑃𝑁 𝑡 𝑗 , 𝑗 𝑗 𝐷𝑃𝑁 𝑗𝑜 0⊕𝑡 𝑗 , 𝐷𝑃𝑁(𝑗𝑜 1⊕𝑡 𝑗 ) Garbler input 𝐼𝐷𝑃𝑁 𝑦 𝑗 𝑗 𝐼𝐷𝑃𝑁 𝑥 0 𝐼𝐷𝑃𝑁 𝑝𝑣𝑢 0 Cheating recovery 𝑗 ⊕ 𝑥 1 𝑗 = 𝑦 𝑗 𝑗 𝑥 0 𝐼𝐷𝑃𝑁 𝑝𝑣𝑢 1 𝐼𝐷𝑃𝑁 𝑥 1

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗 𝑗 𝑗𝑜 0 Evaluator input 0/1 Probe-resistant encoding Input OT 𝑗 𝑗𝑜 1 𝒕 𝒋 𝑡𝑒 𝑗 Open/evaluate Circuit OT Cut and choose 𝒚 ⊕ 𝒕 𝒋 𝐿 𝑗 permutation bit 𝐼𝐷𝑃𝑁 𝑡 𝑗 𝑗 𝑗 𝐷𝑃𝑁 𝑗𝑜 0⊕𝑡 𝑗 , 𝐷𝑃𝑁(𝑗𝑜 1⊕𝑡 𝑗 ) Garbler input 𝐼𝐷𝑃𝑁 𝑦 , open to zero 𝑗 𝑗 𝐼𝐷𝑃𝑁 𝑥 0 𝐼𝐷𝑃𝑁 𝑝𝑣𝑢 0 Cheating recovery 𝑗 ⊕ 𝑥 1 𝑗 = 𝑦 𝑗 𝑗 𝑥 0 𝐼𝐷𝑃𝑁 𝑝𝑣𝑢 1 𝐼𝐷𝑃𝑁 𝑥 1

Single NISC 𝐻𝐷 𝑗 ← 𝐻𝑏𝑠𝑐(𝐷, 𝑡𝑒 𝑗 ) 𝐻𝐽 𝑦 𝐻𝐷 𝑗 𝐿 𝑗 𝑗 𝑗𝑜 0 Evaluator input 0/1 Probe-resistant encoding Input OT 𝑗 𝑗𝑜 1 𝒋 , 𝒑𝒗𝒖 𝟐 𝒋 𝒑𝒗𝒖 𝟏 𝒕 𝒋 𝑡𝑒 𝑗 Open/evaluate 𝒋 ⊕ 𝒙 𝟏 𝒋 Circuit OT 𝒑𝒗𝒖 𝟏 Cut and choose 𝒚 ⊕ 𝒕 𝒋 𝐿 𝑗 𝒋 ⊕ 𝒙 𝟐 𝒋 𝒑𝒗𝒖 𝟐 permutation bit 𝐼𝐷𝑃𝑁 𝑡 𝑗 𝑗 𝑗 𝐷𝑃𝑁 𝑗𝑜 0⊕𝑡 𝑗 , 𝐷𝑃𝑁(𝑗𝑜 1⊕𝑡 𝑗 ) Garbler input 𝐼𝐷𝑃𝑁 𝑦 , open to zero 𝑗 𝑗 𝐼𝐷𝑃𝑁 𝑥 0 𝐼𝐷𝑃𝑁 𝑝𝑣𝑢 0 Cheating recovery 𝑗 ⊕ 𝑥 1 𝑗 = 𝑦 𝑗 𝑗 𝑥 0 𝐼𝐷𝑃𝑁 𝑝𝑣𝑢 1 𝐼𝐷𝑃𝑁 𝑥 1

Batch 2PC

Batch 2PC 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7

Batch 2PC 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐶 𝐶 𝐶

Batch 2PC 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐻𝐷 4 𝐻𝐷 1 𝐻𝐷 5 𝐻𝐷 7 𝐻𝐷 6 𝐻𝐷 2 𝐻𝐷 3 𝐶 𝐶 𝐶

Batch 2PC = 𝑂𝜇 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝑂 𝑚𝑝𝑕𝑂 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐻𝐷 4 𝐻𝐷 1 𝐻𝐷 5 𝐻𝐷 7 𝐻𝐷 6 𝐻𝐷 2 𝐻𝐷 3 − 𝑂𝐶 𝐶 𝐶 𝐶 𝑂

Batch 2PC = 𝑂𝜇 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝑂 𝑚𝑝𝑕𝑂 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐻𝐷 4 𝐻𝐷 1 𝐻𝐷 5 𝐻𝐷 7 𝐻𝐷 6 𝐻𝐷 2 𝐻𝐷 3 − 𝑂𝐶 𝐶 𝐶 𝐶 𝑂 1. Obliviously assign circuits to open/evaluate buckets

Batch 2PC = 𝑂𝜇 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝑂 𝑚𝑝𝑕𝑂 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐻𝐷 4 𝐻𝐷 1 𝐻𝐷 5 𝐻𝐷 7 𝐻𝐷 6 𝐻𝐷 2 𝐻𝐷 3 − 𝑂𝐶 𝐶 𝐶 𝐶 𝑂 1. Obliviously assign circuits to open/evaluate buckets 2. Garble inputs before knowing assignment

Batch 2PC = 𝑂𝜇 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝑂 𝑚𝑝𝑕𝑂 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐻𝐷 4 𝐻𝐷 1 𝐻𝐷 5 𝐻𝐷 7 𝐻𝐷 6 𝐻𝐷 2 𝐻𝐷 3 − 𝑂𝐶 𝐶 𝐶 𝐶 𝑂 1. Obliviously assign circuits to open/evaluate buckets 2. Garble inputs before knowing assignment 3. Input consistency before knowing assignment

Batch 2PC = 𝑂𝜇 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝑂 𝑚𝑝𝑕𝑂 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐻𝐷 4 𝐻𝐷 1 𝐻𝐷 5 𝐻𝐷 7 𝐻𝐷 6 𝐻𝐷 2 𝐻𝐷 3 − 𝑂𝐶 𝐶 𝐶 𝐶 𝑂 1. Obliviously assign circuits to open/evaluate buckets 2. Garble inputs before knowing assignment 3. Input consistency before knowing assignment 4. Output recovery before knowing assignment

Batch 2PC = 𝑂𝜇 𝐻𝐷 1 𝐻𝐷 2 𝐻𝐷 3 𝐻𝐷 4 𝐻𝐷 5 𝐻𝐷 6 𝐻𝐷 7 𝑂 𝑚𝑝𝑕𝑂 𝒚 𝟒 , 𝒛 𝟒 𝒚 𝟐 , 𝒛 𝟐 𝒚 𝟑 , 𝒛 𝟑 𝑂 𝐻𝐷 4 𝐻𝐷 1 𝐻𝐷 5 𝐻𝐷 7 𝐻𝐷 6 𝐻𝐷 2 𝐻𝐷 3 − 𝑂𝐶 𝐶 𝐶 𝐶 𝑂 1. Obliviously assign circuits to open/evaluate buckets Naive Solution: Prepare garbled inputs and gadgets for all N possibilities 2. Garble inputs before knowing assignment Perform 1-out-of-N OT for each circuit 3. Input consistency before knowing assignment 4. Output recovery before knowing assignment

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa - PowerPoint PPT Presentation

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party Computation 2 1 (, ) Secure Two-Party Computation 2 1 (, ) Non-Interactive Secure

Non-Blocking Two Phase Commit (2PC) Using Blockchain Paul Ezhilchelvan , Amjad Aldweesh and Aad

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

2PC, Linearizability, Spanner 2020-04-17 Nikita Borisov - UIUC 12 Topics for Today

CS 764: Topics in Database Management Systems Lecture 11: Two-Phase Commit (2PC) Xiangyao Yu

Two-Phase Commit (2PC) Y Site at which Xact originates is coordinator; other sites at which it

Concurrency, 2PL, and 2PC Todays Topics Continue concurrency Review two-phase locking

S7728 - MAGMA Tensors and Batched Computing for Accelerating Applications on GPUs Stan Tomov -

Autotuning Dense Batched QR Factorizations on GPU Wissam M. Sid-Lakhdar Tim A. Davis Xiaoye S.

Hierarchical-matrix Linear Solver on GPU clusters with MAGMA variable-size batched kernel Ichitaro

Batched Dynamic Geometric Problems Jeff Vitter Duke University Center for Geometric and

Efficient Batched Distance and Centrality Computation in Unweighted and Weighted Graphs Manuel

Batched Sparse Matrix Multiplication for Accelerating Graph Convolutional Networks Yusuke Nagasaka

Performance Portable Line Smoother for Multiphysics Problems using Compact Batched BLAS Kyungjoo

On the Memory Requirements of Block Interleaver for Batched Network Codes Hoover H. F. Yin, Ka

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Interim REPORT SEPNOV 2017 MAG INTERACTIVE AB (publ) MAG Interactive is a leading developer

Energy dissipated by a resistor P IV V IR 2 P I R 2 V P R Effective

On pseudointersections and condensers Piotr BorodulinNadzieja joint with Grzegorz Plebanek

Google programmers are doing work on mobile applications first because they are better apps and

Feasibility Study for Reconstructing the Spatial-Temporal Structure of TIDs from High-Resolution

I njection Velocity in Thin-Channel I nAs HEMTs Tae-Woo Kim and Jess A. del Alamo Microsystems

INPUT SWITCHING Speaker: Sandeep Vollala Contributors: Amartya Mazumdar, Ulhas Kotha, Anshuman

4 Network Layer Network Layer Network Layer Network Layer Switching Via Memory Three types of

Switched Differential Algebraic Equations: Solution Theory, Lyapunov Functions, and Stability

Sambuz

Useful Links

Newsletter

Mail Us