breaking the circuit size barrier in secret sharing
play

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu - PowerPoint PPT Presentation

Feb 16, 2024 •40 likes •790 views

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret Secret Sharing

  1. Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018

  2. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret

  3. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3

  4. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3

  5. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret?

  6. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret? Threshold Secret Sharing [Shamir’79] Any subset of ≥ k participants can recover the secret. Any subset of < k participants learns no information.

  7. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret? Threshold Secret Sharing [Shamir’79] Any subset of ≥ k participants can recover the secret. Any subset of < k participants learns no information. General Secret Sharing [ISN’89] monotone F : { 0 , 1 } n → { 0 , 1 } Any subset X that F ( X ) = 1 can recover the secret. Any subset X that F ( X ) = 0 learns no information.

  8. Secret Sharing [Blakley’79,Shamir’79,Ito-Saito-Nishizeki’87] Secret share 1 share 5 share 2 share 4 share 3 Can this subset of participants recover the secret? Threshold Secret Sharing [Shamir’79] Any subset of ≥ k participants can recover the secret. Any subset of < k participants learns no information. General Secret Sharing [ISN’89] monotone F : { 0 , 1 } n → { 0 , 1 } Any subset X that F ( X ) = 1 can recover the secret. Any subset X that F ( X ) = 0 learns no information.

  9. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire ◮ Output wire tag: the secret s � ◮ AND gate: additively share the output wire tag ◮ OR gate: copy the output wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  10. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire ◮ Output wire tag: the secret s � ◮ AND gate: additively share the output wire tag ◮ OR gate: copy the output wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  11. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s ◮ Output wire tag: the secret s � ◮ AND gate: additively share the output wire tag ◮ OR gate: copy the output wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  12. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � ◮ The i -th participant’s share: x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  13. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  14. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  15. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  16. A General Secret Sharing Scheme [Benaloh-Leichter’88] F is computed by some monotone formula ◮ Generate a tag for each wire s s.t. r 1 + r 2 + r 3 ◮ Output wire tag: the secret s � ◮ AND gate: additively share = s r 1 r 3 the output wire tag ◮ OR gate: copy the output r 2 wire tag � � � r 1 r 2 r 3 ◮ The i -th participant’s share: r 1 r 2 r 3 x 1 x 2 x 3 x 4 all tags of its input wires Total share size = formula size of F ≤ ˜ O (2 n )

  17. Key Complexity Measure: Total Share Size Upper Bounds Share size = O (monotone formula size) [Benaloh-Leichter’88]

  18. Key Complexity Measure: Total Share Size Upper Bounds Share size = O (monotone formula size) [Benaloh-Leichter’88] Share size = O (monotone span program size) [Karchmer-Wigderson’93]

  19. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) .

  20. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) . Lower Bounds Exists an explicit F s.t. total share size = ˜ Ω( n 2 ). [Csirmaz’97]

  21. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) . Lower Bounds Exists an explicit F s.t. total share size = ˜ Ω( n 2 ). [Csirmaz’97] (No better lower bounds, even existentially.)

  22. Key Complexity Measure: Total Share Size Upper Bounds 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = O (monotone span program size) ≤ poly( n ) . Lower Bounds Exists an explicit F s.t. total share size = ˜ Ω( n 2 ). [Csirmaz’97] (No better lower bounds, even existentially.) Can we do better? 30 + -year-old open problem

  23. Our Results Yes, we can! Theorem 1 Every monotone F has a secret sharing scheme with share size 2 0 . 994 n .

  24. Key Complexity Measure: Total Share Size Upper Bounds: Linear Linear Secret Sharing Linear 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = Θ(monotone span program size) ≤ poly( n ) . Lower Bounds: Linear Linear Secret Sharing Linear Exists { F n } s.t. total share size = ˜ Ω(2 n / 2 ). Can we do better?

  25. Key Complexity Measure: Total Share Size Upper Bounds: Linear Linear Secret Sharing Linear 2 n Share size = O (monotone formula size) ≤ poly( n ) . 2 n Share size = Θ(monotone span program size) ≤ poly( n ) . Lower Bounds: Linear Linear Secret Sharing Linear Exists { F n } s.t. total share size = ˜ Ω(2 n / 2 ). (2 Ω( n ) for an explicit { F n } [Pitassi-Robere’18]) Can we do better?

  26. Our Results Yes, we can! Theorem 2 Every monotone F has a linear secret sharing with share size 2 0 . 999 n .

  27. Our Results Yes, we can! Theorem 2 Every monotone F has a linear secret sharing with share size 2 0 . 999 n . Corollary Every monotone F has a monotone span program of size 2 0 . 999 n .

  28. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I Prop. II

  29. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II

  30. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II 2 n Formula size � log(#Monotone Functions) ≥ poly( n )

  31. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II 2 n Formula size × log(#Base Gates) ≥ log(#Monotone Functions) ≥ poly( n )

  32. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n Prop. II 2 n Formula size × log(#Base Gates) ≥ log(#Monotone Functions) ≥ poly( n ) ⇒ Requires 2 ˜ Ω(2 n ) gates in formula basis. =

  33. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n using an extended basis of 2 ˜ Ω(2 n ) gates Prop. II

  34. Our Approach Every monotone F can be computed by a monotone formula s.t. Prop. I has size 2 0 . 994 n using an extended basis of 2 ˜ Ω(2 n ) gates Prop. II every gate in the basis is a monotone function that has an efficient secret sharing scheme

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod

Towards Breaking the Exponential Barrier for General Secret Sharing Tianren Liu Vinod Vaikuntanathan Hoeteck Wee MIT MIT CNRS and ENS May 6, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret s { 0 , 1 }

1.02k views • 85 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
Breaking the sample size barrier in reinforcement learning via model-based methods

Breaking the sample size barrier in reinforcement learning via model-based methods

Breaking the sample size barrier in reinforcement learning via model-based methods plug-in Yuxin Chen EE, Princeton University Gen Li Yuejie Chi Yuantao Gu Yuting Wei Tsinghua EE CMU ECE Tsinghua EE CMU

912 views • 72 slides
Breaking the Sample Size Barrier in Model-Based Reinforcement Learning Yuting Wei Carnegie

Breaking the Sample Size Barrier in Model-Based Reinforcement Learning Yuting Wei Carnegie

Breaking the Sample Size Barrier in Model-Based Reinforcement Learning Yuting Wei Carnegie Mellon University Nov, 2020 Gen Li Yuejie Chi Yuantao Gu Yuxin Chen Tsinghua EE CMU ECE Tsinghua EE Princeton EE Reinforcement learning (RL) 3 /

1.57k views • 78 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion &amp; UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013

Secret Sharing Using Non-Commutative Groups Bren Cavallo The Graduate Center, CUNY 5/30/2013 Outline 1. Introduction 2. Shamir Secret Sharing and Habeeb-Kahrobaei-Shpilrain secret sharing 3. Adjustments to HKS secret sharing and analysis

444 views • 27 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and

Homomorphic Secret Sharing for Low Degree Polynomials Russell W. F. Lai, Giulio Malavolta , and Dominique Schrder Friedrich-Alexander University Erlangen-Nrnberg Homomorphic Secret Sharing A secret-sharing scheme allows a client to share his

247 views • 14 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with

Securing Secret Sharing Against Leakage and Tampering Ashutosh Kumar Based on joint works with Vipul Goyal, Raghu Meka, and Amit Sahai Secret Sharing secret s n s 1 s i Correctness: Any out of parties can

1.72k views • 144 slides
A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su,

A Latin square autotopism secret sharing scheme Talk by Rebecca J. Stones Co-authors: Ming Su, Xiaoguang Liu, Gang Wang, (Nankai University) and Sheng Lin (Tianjin University of Technology). September 12, 2014 Secret sharing schemes Secret

1.43k views • 86 slides
Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic

Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic

Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic dependency model of parallel texts Matthias Buch-Kromann Copenhagen Business School Theoretical and Methodological Issues in Machine Translation Skvde,

373 views • 25 slides
Rotor-routing, smoothing kernels, and reduction of variance: breaking the O(1/n) barrier Jim

Rotor-routing, smoothing kernels, and reduction of variance: breaking the O(1/n) barrier Jim

Rotor-routing, smoothing kernels, and reduction of variance: breaking the O(1/n) barrier Jim Propp (UMass Lowell) ICERM Computational Challenges in Probability Seminar September 11, 2012 Slides for this talk are on-line at

833 views • 48 slides
The NSA sieving circuit D. J. Bernstein University of Illinois at Chicago NSF DMS9970409

The NSA sieving circuit D. J. Bernstein University of Illinois at Chicago NSF DMS9970409

The NSA sieving circuit D. J. Bernstein University of Illinois at Chicago NSF DMS9970409 Sieving c and 611 + c for small c : 1 612 2 2 3 3 2 2 613 3 3 614 2 4 2 2 615 3 5 5 5 616 2 2 2 7 6 2 3 617 7 7 618 2 3 8 2 2 2

630 views • 15 slides
Reasoning and Learning Guy Van den Broeck Northeastern University April 22, 2019 Outline:

Reasoning and Learning Guy Van den Broeck Northeastern University April 22, 2019 Outline:

Towards a New Synthesis of Reasoning and Learning Guy Van den Broeck Northeastern University April 22, 2019 Outline: Reasoning Learning 1. Deep Learning with Symbolic Knowledge 2. Efficient Reasoning During Learning 3. Probabilistic and

976 views • 64 slides
XAFS study of catalytic nanosystems promising for environmental catalysis Siberian Synchrotron

XAFS study of catalytic nanosystems promising for environmental catalysis Siberian Synchrotron

Boreskov Institute of Catalysis SB RAS Budker Institute of Nuclear Physics XAFS study of catalytic nanosystems promising for environmental catalysis Siberian Synchrotron and Terahertz Radiation Centre Yakimchuk E. Application area:

174 views • 14 slides
1 Access Agreement 2 Sampling residential soil with XRF tool 3 Soil sample being removed from

1 Access Agreement 2 Sampling residential soil with XRF tool 3 Soil sample being removed from

1 Access Agreement 2 Sampling residential soil with XRF tool 3 Soil sample being removed from yard 4 Removing surface sample in yard 5 Analyzing soil samples in lab 6 7 8 9 10 Removal using heavy equipment 11 Crew removing soil from

381 views • 15 slides
Introduction to Bayesian Statistics and an Application and an Application Timothy M. Bahr

Introduction to Bayesian Statistics and an Application and an Application Timothy M. Bahr

Introduction to Bayesian Statistics Introduction to Bayesian Statistics and an Application and an Application Timothy M. Bahr Unconfounding the Confounded: Separating Introduction Treatment and Batch Effects in Confounded Definitions

895 views • 71 slides
Nave Bayes Classifiers Lirong Xia Friday, April 8, 2014 Projects Project 3 average: 21.03

Nave Bayes Classifiers Lirong Xia Friday, April 8, 2014 Projects Project 3 average: 21.03

Nave Bayes Classifiers Lirong Xia Friday, April 8, 2014 Projects Project 3 average: 21.03 Project 4 due on 4/18 1 HMMs for Speech 2 Transitions with Bigrams 3 Decoding Finding the words given the acoustics is an HMM

1.01k views • 31 slides
CS 6316 Machine Learning Generative Models Yangfeng Ji Department of Computer Science

CS 6316 Machine Learning Generative Models Yangfeng Ji Department of Computer Science

CS 6316 Machine Learning Generative Models Yangfeng Ji Department of Computer Science University of Virginia Basic Definition Data generation process An idealized process to illustrate the relations among domain set X , label set Y , and the

1.13k views • 101 slides
Clermont works during the April expert week CERN (2014 April 14-15) Romeo Bonnefoy and

Clermont works during the April expert week CERN (2014 April 14-15) Romeo Bonnefoy and

Clermont works during the April expert week CERN (2014 April 14-15) Romeo Bonnefoy and Franois Vazeille Deported HV system: Implementation in the Building 175 Mechanics: Comments Next expert week ? 1 Deported HV system

391 views • 9 slides

More recommend