better 2 round adaptive mpc
play

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and - PowerPoint PPT Presentation

Oct 30, 2023 •143 likes •974 views

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of MPC Adaptive corruptions: Adaptive corruptions: adversary can decide who to corrupt adaptively during the adversary can decide who to corrupt

  1. Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU

  2. Adaptive Security of MPC Adaptive corruptions: Adaptive corruptions: adversary can decide who to corrupt adaptively during the adversary can decide who to corrupt adaptively execution during the execution

  3. Adaptive Security of MPC Adaptive corruptions: adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n )

  4. Adaptive Security of MPC Adaptive corruptions: adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n )

  5. Adaptive Security of MPC Adaptive corruptions: adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n )

  6. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate communication (without knowing x 1 , …, x n ) 2. simulate r i of corrupted parties, consistent with communication and x i x j r j

  7. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: x j r j c = Enc(m; r) Example: encryption

  8. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate fake ciphertext c (without knowing m) x j r j c = Enc(m; r) Example: encryption

  9. Adaptive Security of MPC Adaptive corruptions: x i r i adversary can decide who to corrupt adaptively during the execution Simulator: 1. simulate fake ciphertext c (without knowing m) 2. upon corruption, learn m and provide consistent r, sk x j r j c = Enc(m; r) Example: encryption

  10. Full Adaptive Security Full adaptive security: ● No erasures

  11. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted

  12. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted

  13. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted Fully adaptively secure, constant rounds protocols appeared only recently: CGP15, DKR15, GP15. Before: number of rounds ~ depth of the circuit (e.g. CLOS02)

  14. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted Fully adaptively secure, constant rounds protocols appeared only recently: CGP15, DKR15, GP15. Before: number of rounds ~ depth of the circuit (e.g. CLOS02) Full adaptive security for randomized functionalities: ● Randomness of the computation remains hidden even when all parties are corrupted

  15. Full Adaptive Security Full adaptive security: ● No erasures ● Security even when all parties are corrupted Fully adaptively secure, constant rounds protocols appeared only recently: CGP15, DKR15, GP15. Before: number of rounds ~ depth of the circuit (e.g. CLOS02) Full adaptive security for randomized functionalities: ● Randomness of the computation remains hidden even when all parties are corrupted Example: F internally chooses random primes p, q, and outputs N = pq. Most protocols (e.g. CLOS02) reveal p, q, when all parties are corrupted.

  16. Full Adaptive Security # of # of rounds assumptions parties Canetti, Goldwasser, 2 2 OWF Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF Rao’15 iO Garg, Polychroniadou’15 n 2 TDP subexp. iO Only 3 fully adaptively secure protocols with constant rounds - but with a CRS* Only one of them is 2 round MPC. *need a CRS even for HBC case!

  17. Full Adaptive Security # of # of rounds assumptions parties Canetti, Goldwasser, 2 2 OWF Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF Rao’15 iO Garg, Polychroniadou’15 n 2 TDP subexp. iO Q1: can we build 2 round MPC with global (non-programmable) CRS?

  18. Full Adaptive Security # of # of rounds assumptions global CRS parties Canetti, Goldwasser, 2 2 OWF + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS?

  19. Full Adaptive Security # of # of rounds assumptions global CRS parties Canetti, Goldwasser, 2 2 OWF + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)?

  20. Full Adaptive Security # of # of rounds assumptions global CRS randomized parties functionalities Canetti, Goldwasser, 2 2 OWF + + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)?

  21. Full Adaptive Security # of # of rounds assumptions global CRS randomized parties functionalities Canetti, Goldwasser, 2 2 OWF + + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - - subexp. iO (even in HBC case) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)? Q3: can we build 2 round MPC from weaker assumptions? (e.g. remove the need for subexp. iO)

  22. Full Adaptive Security # of # of rounds assumptions global CRS randomized parties functionalities Canetti, Goldwasser, 2 2 OWF + + Poburinnaya’15 subexp iO Dachman-Soled, Katz, n 4 OWF + + Rao’15 iO Garg, Polychroniadou’15 n 2 TDP - - subexp. iO (even in HBC case) This work n 2 injective OWF + + iO (comp. close) Q1: can we build 2 round MPC with global (non-programmable) CRS? Q2: can we compute all randomized functionalities (even not adaptively well formed, e.g. N = pq)? Q3: can we build 2 round MPC from weaker assumptions? (e.g. remove the need for subexp. iO)

  23. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed.

  24. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed. The first two-round fully adaptive MPC without subexp. iO assumption; The first two-round fully adaptive MPC with global CRS.

  25. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed. The first two-round fully adaptive MPC without subexp. iO assumption; The first two-round fully adaptive MPC with global CRS. Part II: Theorem (informal): Assuming iO for circuits and TDPs, there exists RAM-efficient statistically sound NIZK .

  26. Our results : Part I: Theorem (informal): Assuming indistinguishability obfuscation for circuits and injective one way functions, there exists 2-round, fully-adaptively-secure, RAM-efficient semi-honest MPC protocol where: - the CRS is global; - even randomized functionalities can be computed. The first two-round fully adaptive MPC without subexp. iO assumption; The first two-round fully adaptive MPC with global CRS. Part II: Theorem (informal): Assuming iO for circuits and TDPs, there exists RAM-efficient statistically sound NIZK . Theorem (GP15, our work): Assuming subexp. iO for circuits and RAM-efficient statistically sound NIZK, there exists 2-round, fully-adaptively-secure, RAM-efficient byzantine MPC protocol.

  27. Part I: HBC protocol with global CRS

  28. First attempt PK x i = Enc PK (x i ) x 1 x 2 x n ...

  29. First attempt - decrypt each using SK PK - output f(x 1 , …, x n ) x i = Enc PK (x i ) x 1 x 2 x n ...

  30. First attempt - decrypt each using SK PK - output f(x 1 , …, x n ) x i = Enc PK (x i ) x 1 x 2 x n ... x 1 x 2 x n ... - decrypt each using SK - output f(x 1 , …, x n ) y = f(x 1 , x 2 , …, x n )

  31. First attempt - decrypt each using SK PK - output f(x 1 , …, x n ) x i = Enc PK (x i ) x 1 x 2 x n ... x 1 x 2 ’ x n ... - decrypt each using SK - output f(x 1 , …, x n ) y’ = f(x 1 , x 2 ’…, x n )

  32. Second attempt PK x i = Commit(x i ; r i ) = Enc PK (x i ||r i ) x i r i opening of comm x 1 x 2 x n ... x 1 r 1 x 2 r 2 x n r n ...

  33. Second attempt - decrypt each using SK PK - verify each x i = Commit(x i ; r i ) - output f(x 1 , …, x n ) = Enc PK (x i ||r i ) x i r i opening of comm x 1 x 2 x n ... x 1 r 1 x 2 r 2 x n r n ...

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Most traditional stories are like a round, crocheted potholder. The storyteller goes round and

Most traditional stories are like a round, crocheted potholder. The storyteller goes round and

Alberta Jones Assistant Professor, School of Education, U of A Southeast Ph.D. Candidate-Indigenous Studies, U of A Fairbanks June, 2016 Most traditional stories are like a round, crocheted potholder. The storyteller goes round and round

575 views • 20 slides
th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round

th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round

th An rs 4 th Ame Ameri rican Le Legion Riders Annual Sum Summit Merry-Go-Round Round Robin Unity Ride District Patch Sonny Decker & Jeff Hawk Merry-Go-Round & The Round Robin These month-long events are intended for our

841 views • 22 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2

210 views • 7 slides
From passivity-based adaptive control to LMI tuned adaptive control or how Alexander Fradkov

From passivity-based adaptive control to LMI tuned adaptive control or how Alexander Fradkov

From passivity-based adaptive control to LMI tuned adaptive control or how Alexander Fradkov convinced me that direct adaptive control can be robust Dimitri Peaucelle FRontiers of ADaptive and nonlinear CONtrol (FRADCON 2018) ECC Workshop,

628 views • 19 slides
Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the

Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the

UN EGM on Strengthening the Demographic Evidence Base For The Post-2015 Development Agenda, New York, 5-6 October 2015 Lessons learned from the 2 0 1 0 round of PHC and planning for the 2 0 2 0 round to m eet the post-2 0 1 5 developm ent

420 views • 15 slides
INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#?

INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#?

-1- INLA workshop quiz Murray Logan August 16, 2016 Table of contents 1 Round 1: What the @#? would you know 1 2 Round 2 - Science and Nature 2 3 Round 3 - Box and Flix 3 4 Round 3 - Balderdash 4 1. Round 1: What the @#? would you

535 views • 5 slides
Group Sequential and Adaptive Designs Part II: Adaptive Designs May 2, 2015 Cyrus Mehta, Ph.D.

Group Sequential and Adaptive Designs Part II: Adaptive Designs May 2, 2015 Cyrus Mehta, Ph.D.

Group Sequential and Adaptive Designs Part II: Adaptive Designs May 2, 2015 Cyrus Mehta, Ph.D. Cytel Inc. Adaptive Designs Adaptive designs are defined as: changes in design or analyses guided by examination of the accumulated

1.11k views • 64 slides
A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented by Orhun Kara 1 Outline The AES A 5-round distinguisher Attack on 7-round AES-192, AES-256 and 8-round AES-256 Some optimizations

504 views • 19 slides
Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes Xiaoyang Dong and Xiaoyun Wang Shandong University, Tsinghua University FSE 2017 Tokyo, Japan Outline 2 Secret-key and Open-key Models u

526 views • 24 slides
Neural Nets for Adaptive Filter and Adaptive Neural Nets as Adaptive Filters Pattern Recognition

Neural Nets for Adaptive Filter and Adaptive Neural Nets as Adaptive Filters Pattern Recognition

Neural Nets for Adaptive Filter and Adaptive Pattern Recognition Brian Young Article Context Neural Nets for Adaptive Filter and Adaptive Neural Nets as Adaptive Filters Pattern Recognition Adaptive Filters Min. Disturb. and LMS

976 views • 23 slides
Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and Memory Complexities Orr Dunkelman Achiya Bar-On Eyal Ronen Nathan Keller Adi Shamir AES AES is the best known and most widely used secret

863 views • 58 slides
Beyond Adaptive Submodularity: Approximation Guarantees of Greedy Policy with Adaptive

Beyond Adaptive Submodularity: Approximation Guarantees of Greedy Policy with Adaptive

Beyond Adaptive Submodularity: Approximation Guarantees of Greedy Policy with Adaptive Submodularity Ratio Kaito Fujii (UTokyo) & Shinsaku Sakaue (NTT) The 36th I nternational Conference on Machine Learning Jun. 12, 2019 Application: I n fl

955 views • 30 slides
American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch

American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch

American Legion Riders 3 rd Annual Summit Merry-Go-Round Round Robin Unity Ride District Patch Jim Bowers Western Area Chairman ME MERRY RRY-GO GO-RO ROUND ND Su Supp pporti ting Chi hildr dren & & Youth th Program ams

365 views • 17 slides
The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons

The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons

Lorem Ipsum Dolor The long way round Paul Gaudin The long way round - Chapter 1 1989 15%! The lessons - 1 1. What goes up often comes down 2. Be risk aware 3. When you are offered money to buy the business, consider it carefully

379 views • 9 slides
I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday,

I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday,

I-20 East Transit Initiative 2 nd Round of Public Meetings 2 Round of Public Meetings Tuesday, May 3 Wednesday, May 4 Thursday, May 5 Trees Atlanta Lou Walker Senior Center Greenforest Baptist Church 225 Chester Avenue 2538 Panola Road

879 views • 59 slides
Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische Universit at M unchen 2015-9-23 1 Chapter 1 Introduction 2 1 Background 2 This Course 3 1 Background 2 This Course 4 Why Semantics?

538 views • 27 slides
In proof based classes My Background 4x Intro to proofs course 2x Abstract algebra Intro

In proof based classes My Background 4x Intro to proofs course 2x Abstract algebra Intro

In proof based classes My Background 4x Intro to proofs course 2x Abstract algebra Intro to proofs: The Challenge The same question is relevant on day 1 and the last day of class. Example: Show that the sum of two odd integers is

424 views • 9 slides
Lecture 06: DC Properties I 2014-05-22 Dr. Bernd Westphal 06 2014-05-22 main

Lecture 06: DC Properties I 2014-05-22 Dr. Bernd Westphal 06 2014-05-22 main

Real-Time Systems Lecture 06: DC Properties I 2014-05-22 Dr. Bernd Westphal 06 2014-05-22 main Albert-Ludwigs-Universit at Freiburg, Germany Contents & Goals Last Lecture: DC Syntax and Semantics: Abbreviations

403 views • 21 slides
Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim Kanso) May 21, 2010 1/ 38 1. An Introduction to Agda 2. Integrating Automated Theorem Proving into Agda 3. Defining the Mini SAT Solver in Agda

556 views • 38 slides
APA 3 readout problems Philip Rodrigues University of Oxford November 8, 2019 1 First

APA 3 readout problems Philip Rodrigues University of Oxford November 8, 2019 1 First

APA 3 readout problems Philip Rodrigues University of Oxford November 8, 2019 1 First realization of problem Run 10116, plots from David Adams: Two clear problems: FEMB302 timing offset. Seen before with RCE readout FEMB307 data

311 views • 10 slides
Docovery : Toward Generic Automatic Document Recovery Tomasz Kuchta omasz Kuchta Miguel Castro

Docovery : Toward Generic Automatic Document Recovery Tomasz Kuchta omasz Kuchta Miguel Castro

Docovery : Toward Generic Automatic Document Recovery Tomasz Kuchta omasz Kuchta Miguel Castro Cristian Cadar Manuel Costa ASE14, 18 th September 2014 This work is supported by Microsoft Research through its PhD Scholarship Programme

591 views • 38 slides
Math 3230 Abstract Algebra I Sec 3.2: Cosets Slides created by M. Macauley, Clemson (Modified by

Math 3230 Abstract Algebra I Sec 3.2: Cosets Slides created by M. Macauley, Clemson (Modified by

Math 3230 Abstract Algebra I Sec 3.2: Cosets Slides created by M. Macauley, Clemson (Modified by E. Gunawan, UConn) http://egunawan.github.io/algebra Abstract Algebra I Sec 3.2 Cosets Abstract Algebra I 1 / 13 Idea of cosets Copies of the

243 views • 13 slides
Homogeneous spaces as coset spaces of groups from special classes K. Kozlov Lomonosov Moscow

Homogeneous spaces as coset spaces of groups from special classes K. Kozlov Lomonosov Moscow

Example I Partial answer on Questions 1, 2 Example II Decompositions of actions Homogeneous spaces as coset spaces of groups from special classes K. Kozlov Lomonosov Moscow State University PRAGUE TOPOLOGICAL SYMPOSIUM July 2016 K. Kozlov

843 views • 83 slides

More recommend