collusion preserving computation
play

Collusion-Preserving Computation Jol Alwen (ETH Zrich) Jonathan - PowerPoint PPT Presentation

Feb 15, 2023 •277 likes •970 views

Collusion-Preserving Computation Jol Alwen (ETH Zrich) Jonathan Katz (U. Maryland) Ueli Maurer (ETH Zrich) Vassilis Zikas (U. Maryland) Overview l Motivation & Goals l Definition l Fall-back Security l Synchronization

  1. Collusion-Preserving Computation Joël Alwen (ETH Zürich) Jonathan Katz (U. Maryland) Ueli Maurer (ETH Zürich) Vassilis Zikas (U. Maryland)

  2. Overview l Motivation & Goals l Definition l Fall-back Security l Synchronization Pollution l Implications for Game Theory l Future Directions

  3. Goals (1)

  4. Goals (1) l Primary Goal: A realization notion bounding the capabilities of deviating coalitions even in the presence of arbitrary composition.

  5. Goals (1) l Primary Goal: A realization notion bounding the capabilities of deviating coalitions even in the presence of arbitrary composition. “R realizes F” = R can be used in place of F l

  6. Goals (1) l Primary Goal: A realization notion bounding the capabilities of deviating coalitions even in the presence of arbitrary composition. “R realizes F” = R can be used in place of F l “capabilities of deviating coalitions” = such l that even collaborating “dishonest” players can do no more with R then they could with F

  7. Goals (1) l Primary Goal: A realization notion bounding the capabilities of deviating coalitions even in the presence of arbitrary composition. “R realizes F” = R can be used in place of F l “capabilities of deviating coalitions” = such l that even collaborating “dishonest” players can do no more with R then they could with F “arbitrary composition” = regardless of any l concurrent activities in which they may be involved.

  8. Example Use Cases

  9. Example Use Cases l Composable Game Theory. Extreme case of deviating coalitions. l

  10. Example Use Cases l Composable Game Theory. Extreme case of deviating coalitions. l l Collusion-Free (CF) MPC robust in the presence of side-channels. CF (provably) not concurrently composable l

  11. Example Use Cases l Composable Game Theory. Extreme case of deviating coalitions. l l Collusion-Free (CF) MPC robust in the presence of side-channels. CF (provably) not concurrently composable l l Other (intuitive) examples requiring bounds on collaborating dishonest players. Incoercability: Coercer/Informant & Coercee. l Auctions: Bid fixing by corrupt bidders. l Bounded Isolation: Useful for say, poker or bridge l

  12. Goals (2)

  13. Goals (2) Generic definition independent of l communication resource R. Better for comparing different − constructions. Allows investigating minimal properties − for resource R used to realize a given F.

  14. Goals (2) Generic definition independent of l communication resource R. Better for comparing different − constructions. Allows investigating minimal properties − for resource R used to realize a given F. Non-triviality: strong fall-back security even l if R “miss-behaves”.

  15. Goals (2) Generic definition independent of l communication resource R. Better for comparing different − constructions. Allows investigating minimal properties − for resource R used to realize a given F. Non-triviality: strong fall-back security even l if R “miss-behaves”. Concrete communication resource R & l construction for many F.

  16. Goals (2) Generic definition independent of l communication resource R. Better for comparing different − constructions. Allows investigating minimal properties − for resource R used to realize a given F. Non-triviality: strong fall-back security even l if R “miss-behaves”. Concrete communication resource R & l construction for many F. Explore implications for composable Game l

  17. Related Work

  18. Related Work l SFE/MPC [GMW, BGW,...] First generic realization notions. l Not generally composable − Gives deviating coalitions arbitrary (internal) − capabilities (monolithic adversary)

  19. Related Work l SFE/MPC [GMW, BGW,...] First generic realization notions. l Not generally composable − Gives deviating coalitions arbitrary (internal) − capabilities (monolithic adversary) l Arbitrary composition [Can, PW, CLOS, CDPW,...] Exa: UC, GUC, JUC, etc. l But monolithic adversary −

  20. Related Work l SFE/MPC [GMW, BGW,...] First generic realization notions. l Not generally composable − Gives deviating coalitions arbitrary (internal) − capabilities (monolithic adversary) l Arbitrary composition [Can, PW, CLOS, CDPW,...] Exa: UC, GUC, JUC, etc. l But monolithic adversary − l Collusion-Free (CF) computation [LMPS, ILM, ASV, AKLPSV] Bounds deviating coalitions (via split adversaries) l

  21. CF is not Composable

  22. CF is not Composable l = 2-party null functionality (does nothing) F l Define and protocol π = ( , ) π 2 π 1 R

  23. CF is not Composable l = 2-party null functionality (does nothing) F l Define and protocol π = ( , ) π 2 π 1 R R π 2 2k π 1 m ∈ {0,1} k r ← {0,1} (unif. rand.) k r' ∈ {0,1} If r' = r ⇒ a := m a Else ⇒ a := ⊥

  24. CF is not Composable l = 2-party null functionality (does nothing) F l Define and protocol π = ( , ) π 2 π 1 R R π 2 2k π 1 m ∈ {0,1} k r ← {0,1} (unif. rand.) k r' ∈ {0,1} If r' = r ⇒ a := m a Else ⇒ a := ⊥ r is uniform random and allows no communication between F l π 1 simulators. ⇒ Can always simulate for with a = ⊥ . ⇒ CF-realizes via π . R F

  25. CF is not Composable l = 2-party null functionality (does nothing) F l Define and protocol π = ( , ) π 2 π 1 R R π 2 2k π 1 m ∈ {0,1} k r ← {0,1} (unif. rand.) k r' ∈ {0,1} If r' = r ⇒ a := m a Else ⇒ a := ⊥ r is uniform random and allows no communication between F l π 1 simulators. ⇒ Can always simulate for with a = ⊥ . ⇒ CF-realizes via π . R F Now compose with ; a k -bit channel from P2 → P1. Use it transmit r . C l So P2 can learn m from . But using & the simulators can C F R communicate at most k. I.e. π is no longer simulatable!

  26. Composable CF → Collusion-Preservation

  27. Composable CF → Collusion-Preservation l Goal: Add composability to CF.

  28. Composable CF → Collusion-Preservation l Goal: Add composability to CF. l Idea: Add an environment (as in UC-style realization notions) to CF → CP .

  29. Composable CF → Collusion-Preservation l Goal: Add composability to CF. l Idea: Add an environment (as in UC-style realization notions) to CF → CP . l Immediate results: Dummy (adversary) lemma and (G)UC l composition theorems hold essentially unchanged.

  30. Composable CF → Collusion-Preservation l Goal: Add composability to CF. l Idea: Add an environment (as in UC-style realization notions) to CF → CP . l Immediate results: Dummy (adversary) lemma and (G)UC l composition theorems hold essentially unchanged. CP strictly generalizes (G)UC realization l notions.

  31. Construction (1)

  32. Construction (1) l CP Construction for F using resource R: Trivial Idea: Resource R = Functionality F. l

  33. Construction (1) l CP Construction for F using resource R: Trivial Idea: Resource R = Functionality F. l l Issues: R depends on F l We show that to some extent such a − dependency is unavoidable. However at least R must only be − “programmable” but not fully “non-uniform”.

  34. Construction (1) l CP Construction for F using resource R: Trivial Idea: Resource R = Functionality F. l l Issues: R depends on F l We show that to some extent such a − dependency is unavoidable. However at least R must only be − “programmable” but not fully “non-uniform”. If R mis-behaves all bets are off. l Usually we don't care about this case. But trust − is a rare commodity.

  35. Fallback Security

  36. Fallback Security l Def. “Fallback Security” = Security attained when protocol is run using an arbitrary communication resource.

  37. Fallback Security l Def. “Fallback Security” = Security attained when protocol is run using an arbitrary communication resource. l Example: Protocol π CP-realizes R from F with GUC-Fallback Security. If π is run with R then F is CP-realized. l If π is run with any R* then F is GUC-realized. l

  38. Fallback Security l Def. “Fallback Security” = Security attained when protocol is run using an arbitrary communication resource. l Example: Protocol π CP-realizes R from F with GUC-Fallback Security. If π is run with R then F is CP-realized. l If π is run with any R* then F is GUC-realized. l l Now trivial construction no longer works because it achieves no fallback security.

  39. Construction (2)

  40. Construction (2) l Recall CF construction of Mediated Model of [ASV, AKLPSV]. Idea: “assisted SFE in the mediator's head” For functionality F, let protocol π = GMW(F). l “Mediator” resource M runs π on behalf of players “in l her head”. Player Pi's internal state in π shared between Pi and l M. Next protocol msg generated and Pi's state updated l via 2-party SFE between Pi and M.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated Model in the Mediated Model Jol Alwen (NYU) Jonathan Katz (U. Maryland) Yehuda Lindell (Bar-Ilan U.) Giuseppe Persiano (U. Salerno) abhi

519 views • 25 slides
The Phantom Tollbooth: Privacy-Preserving Toll Collection in the Presence of Driver Collusion

The Phantom Tollbooth: Privacy-Preserving Toll Collection in the Presence of Driver Collusion

The Phantom Tollbooth: Privacy-Preserving Toll Collection in the Presence of Driver Collusion Sarah Meiklejohn (UC San Diego) Keaton Mowery (UC San Diego) Stephen Checkoway (UC San Diego) Hovav Shacham (UC San Diego) 1 Motivation: how tolling

2.01k views • 144 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Incentive Engineering for Outsourced Computation in the Face of Collusion Arman Khouzani, Viet

Incentive Engineering for Outsourced Computation in the Face of Collusion Arman Khouzani, Viet

Incentive Engineering for Outsourced Computation in the Face of Collusion Arman Khouzani, Viet Pham , and Carlos Cid Information Security Group Royal Holloway University of London { arman.khouzani, viet.pham.2010, carlos.cid } @rhul.ac.uk

319 views • 17 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
A Collusion Attack on Pairwise Key Presdistribution Schemes for Distributed Sensor Networks

A Collusion Attack on Pairwise Key Presdistribution Schemes for Distributed Sensor Networks

Introduction & background Key-swapping collusion attack Analysis Discussion & Conclusions A Collusion Attack on Pairwise Key Presdistribution Schemes for Distributed Sensor Networks Tyler W Moore University of Cambridge Computer

773 views • 19 slides
Privacy-Preserving Search of Similar Patients in Genomic Data Gilad Asharov Shai Halevi

Privacy-Preserving Search of Similar Patients in Genomic Data Gilad Asharov Shai Halevi

Privacy-Preserving Search of Similar Patients in Genomic Data Gilad Asharov Shai Halevi Yehuda Lindell Tal Rabin Secure Computation Computation on private inputs without revealing anything but the output Applications :

299 views • 25 slides
Fighting Collusion in Auctions Theory & Experiment Audrey Hu Theo Offerman Sander

Fighting Collusion in Auctions Theory & Experiment Audrey Hu Theo Offerman Sander

Fighting Collusion in Auctions Theory & Experiment Audrey Hu Theo Offerman Sander Onderstal Motivation Fighting collusion is a primary concern of auctioneers (Graham and Marshall, 1987; Marshall and Marx, 2006) In the 1980s, 75%

488 views • 22 slides
Competition Policy - Spring 2005 Collusion II Antonio Cabrales & Massimo Motta April 22,

Competition Policy - Spring 2005 Collusion II Antonio Cabrales & Massimo Motta April 22,

Prepared with SEVI SLIDES Competition Policy - Spring 2005 Collusion II Antonio Cabrales & Massimo Motta April 22, 2005 Summary Symmetry helps collusion Multimarket contacts Cartels

522 views • 31 slides
OLIGOPOLY DYNAMICS: COLLUSION AND PRICE WARS Overview Context: Firms interact over time

OLIGOPOLY DYNAMICS: COLLUSION AND PRICE WARS Overview Context: Firms interact over time

OLIGOPOLY DYNAMICS: COLLUSION AND PRICE WARS Overview Context: Firms interact over time possibly using history-dependent strategies Concepts: repeated games, grim strategies, collusion, price wars Economic principle: repetition

375 views • 26 slides
BEWARE Sustainable Beef L i b e r t y H a n g s i n T h e B a l a n c e What Is the GRSB? A

BEWARE Sustainable Beef L i b e r t y H a n g s i n T h e B a l a n c e What Is the GRSB? A

BEWARE Sustainable Beef L i b e r t y H a n g s i n T h e B a l a n c e What Is the GRSB? A legal entity a 501(c) (3) Corporation Organized in Colorado a vehicle to facilitate collusion against freedom loving people collusion |k

1.11k views • 69 slides
Collaboration or Combination? Integration or Collusion? Beware of Antitrust Risks Contracts

Collaboration or Combination? Integration or Collusion? Beware of Antitrust Risks Contracts

Collaboration or Combination? Integration or Collusion? Beware of Antitrust Risks Contracts Mergers Collaboration or Combination? ACOs Networks Integration or Collusion? Employed Beware of Antitrust Risks Physicians Bundled Payments

297 views • 7 slides
Me Merge gers a and Collus Collusion ion in in Al All - Pay Au Auctions and Crowdsourcin

Me Merge gers a and Collus Collusion ion in in Al All - Pay Au Auctions and Crowdsourcin

Me Merge gers a and Collus Collusion ion in in Al All - Pay Au Auctions and Crowdsourcin Crowdsourcing Con g Conte tests sts Omer Lev, Maria Polukarov, Yoram Bachrach & Jeffrey S. Rosenschein AAMAS 2013 St. Paul, Minnesota

570 views • 21 slides
3.6. Tacit Collusion Matilde Machado

3.6. Tacit Collusion Matilde Machado

3.6. Tacit Collusion Matilde Machado 3.6. Colusin Tcita: juegos

372 views • 8 slides
Academic Integrity: Distinguishing Between Collaboration and Collusion Dr Donna M Velliaris

Academic Integrity: Distinguishing Between Collaboration and Collusion Dr Donna M Velliaris

A Clearer Pathway to Institutionalising Academic Integrity: Distinguishing Between Collaboration and Collusion Dr Donna M Velliaris Eynesbury Institute of Business & Technology (EIBT) AUSTRALIA ISANA Conference, Melbourne, December 2015

496 views • 21 slides
The Organization of Contracting in Supply Chains in the Presence of Relational Collusion

The Organization of Contracting in Supply Chains in the Presence of Relational Collusion

The Organization of Contracting in Supply Chains in the Presence of Relational Collusion Alexander E. Saak, IFPRI asaak@cgiar.org David A. Hennessy, Michigan State University hennes64@msu.edu Economic Problem How are effort and investment

217 views • 21 slides
CMS remote data access (AAA) Giacinto DONVITO (INFN-Bari)

CMS remote data access (AAA) Giacinto DONVITO (INFN-Bari)

CMS remote data access (AAA) Giacinto DONVITO (INFN-Bari) Thanks to: Brian Bockelman, Ken Bloom (UNL) Tommaso Boccali, Daniele Bonacorsi (INFN) AAA

359 views • 24 slides
Any Data, Anytime, Anywhere Dan Bradley <dan@hep.wisc.edu> representing the AAA Team At

Any Data, Anytime, Anywhere Dan Bradley <dan@hep.wisc.edu> representing the AAA Team At

Any Data, Anytime, Anywhere Dan Bradley <dan@hep.wisc.edu> representing the AAA Team At OSG All Hands Meeting March 2013, Indianapolis AAA Project Goal Use resources more effectively through remote data access in CMS Sub-goals

436 views • 24 slides
and Privacy in Online Social Networks Ralph Gross Alessandro Acquisti Presenter: Chris Kelley

and Privacy in Online Social Networks Ralph Gross Alessandro Acquisti Presenter: Chris Kelley

Information Revelation and Privacy in Online Social Networks Ralph Gross Alessandro Acquisti Presenter: Chris Kelley Outline Motivation Online Vs. Offline Networks Online Social Networks - Privacy Implications Analysis: The

635 views • 41 slides
1 User-Centered Design (Gould) Focus on users and their tasks early and often in the design

1 User-Centered Design (Gould) Focus on users and their tasks early and often in the design

ICS 463 Human Computer Interaction 9. User-Participation and Prototyping Dan Suthers Spring 2004 User-Centered Approaches (Consider this an extension of the previous two chapters on requirements analysis and design) Why involve users?

439 views • 13 slides
MEMORY ON THE KNL Adrian Jackson adrianj@epcc.ed.ac.uk @adrianjhpc Some slides from Intel

MEMORY ON THE KNL Adrian Jackson adrianj@epcc.ed.ac.uk @adrianjhpc Some slides from Intel

MEMORY ON THE KNL Adrian Jackson adrianj@epcc.ed.ac.uk @adrianjhpc Some slides from Intel Presentations Memory Two levels of memory for KNL Main memory KNL has direct access to all of main memory Similar latency/bandwidth as

507 views • 21 slides
Two Approximate- Programmability Birds, One Statistical- Inference Stone Adrian Sampson

Two Approximate- Programmability Birds, One Statistical- Inference Stone Adrian Sampson

Two Approximate- Programmability Birds, One Statistical- Inference Stone Adrian Sampson University of Washington sa pa APPROX 2014 Assisted approximate programming Statistical inference Cheap check generation 1 Assisted approximate

668 views • 25 slides
CS287 Advanced Robotics Lecture 4 (Fall 2019) Function Approximation Pieter Abbeel UC Berkeley

CS287 Advanced Robotics Lecture 4 (Fall 2019) Function Approximation Pieter Abbeel UC Berkeley

CS287 Advanced Robotics Lecture 4 (Fall 2019) Function Approximation Pieter Abbeel UC Berkeley EECS Value Iteration Impractical for Algorithm: large state spaces Start with for all s. For i = 1, , H For all

1.58k views • 60 slides
CSC 151 Spring 2020 Topic: Project Work Day 2 April 27, 2020 Day 36 Project Deadlines Part 1:

CSC 151 Spring 2020 Topic: Project Work Day 2 April 27, 2020 Day 36 Project Deadlines Part 1:

CSC 151 Spring 2020 Topic: Project Work Day 2 April 27, 2020 Day 36 Project Deadlines Part 1: Project Ideas Due on Tuesday April 21 Give 3 potential project ideas. Part 2: Project Proposal Due on Friday April 24 Decide on a data set and

331 views • 3 slides

More recommend