Communication Locality in C i i L li i Secure Multi Party - - PowerPoint PPT Presentation

communication locality in c i i l li i secure multi party
SMART_READER_LITE
LIVE PREVIEW

Communication Locality in C i i L li i Secure Multi Party - - PowerPoint PPT Presentation

Dec 03, 2023 632 likes •1.02k views

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

slide-1
SLIDE 1

C i i L li i Communication Locality in Secure Multi Party Secure Multi-Party Computation Computation

How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting

Elette Boyle Shafi Goldwasser Stefano Tessaro MIT MIT & Weizmann MIT

slide-2
SLIDE 2

Secure Multi-Party Computation (MPC) (MPC)

[Goldreich-Micali-Wigderson87]

slide-3
SLIDE 3

Selection of Prior MPC Work Selection of Prior MPC Work

slide-4
SLIDE 4

Secure Multi-Party Computation (MPC)

slide-5
SLIDE 5

Secure Multi-Party Computation (MPC)

slide-6
SLIDE 6

Today: Communication Locality in MPC

Communication L lit :

T l # i

Locality: Total # parties

each party communicates with throughout protocol lifetime

slide-7
SLIDE 7

Prior Work Prior Work

“Everywhere” MPC not possible

Isolated honest party party

slide-8
SLIDE 8

This Work: This Work:

slide-9
SLIDE 9

General MPC General MPC

slide-10
SLIDE 10

Special Focus: Sublinear Algorithms

  • Example applications:

Transactions of 20-30 yr

  • lds

Transactions of 30-40 yr

  • lds
  • lds
  • lds

Testing for trends Distribution testing

slide-11
SLIDE 11

Securely Evaluating Sublinear Algorithms

In principle: requires much less communication Main Challenge: Must hide which inputs are used!

slide-12
SLIDE 12

Related Work: Sublinear Two-Party Setting

  • Communication-Preserving MPC [Naor-Nissim01]

Sublinear communication – Sublinear communication – Super-polynomial computation

  • MPC on RAM programs

[Ostrovsky-Shoup97, Damgard-Meldgard-Nielsen11, Gordon-Katz- K l ik 12 L O k 13] Kolesnikov+12, Lu-Ostrovsky13]

  • Sublinear MPC for specific functions

p

[Feigenbaum-Ishai-Malkin+01, Indyk-Woodruff06, …]

slide-13
SLIDE 13

MPC for Sublinear Algorithms MPC for Sublinear Algorithms

slide-14
SLIDE 14

Protocol for Sublinear Algorithms: Overview of Algorithms: Overview of Nonadaptive Case p

  • 1. Committee Setup
  • 3. Oblivious Input

Shuffling 2 I t C it t Shuffling

  • 2. Input Commitment

“Supreme” committee Input committees

slide-15
SLIDE 15

PHASE 1: COMMITTEE SETUP

Input Input

Committee Setup

Input Commitment Input Shuffling

slide-16
SLIDE 16

Starting Point: Almost Everywhere Committee Almost-Everywhere Committee Election

[King-Saia-Sanwalani-Vee06]

“Good” path up

[King Saia Sanwalani Vee06]

tree “Good” node >2/3 node >2/3 honest

slide-17
SLIDE 17

Toward Full Agreement Toward Full Agreement

This is (Starting point) where signatures come in

Almost- everywhere “Certified” almost- everywhere Full everywhere All parties agree All parties agree

slide-18
SLIDE 18

Supreme & Input Committees Supreme & Input Committees

S C i I C i

  • Supreme Committee
  • Input Committees

D fi d i PRF Defined using PRF

slide-19
SLIDE 19

PHASE 2: INPUT COMMITMENT

Input Committee

Input Commitment

Input Shuffling Committee Setup

p

[Chor-Goldwasser-Micali-Awerbuch85]

slide-20
SLIDE 20

PHASE 3: INPUT SHUFFLING

Committee Input

Input Shuffling

Committee Setup Input Commitment

Input Shuffling

slide-21
SLIDE 21

Switching Networks Switching Networks

slide-22
SLIDE 22

Oblivious Shuffling Oblivious Shuffling

slide-23
SLIDE 23

Committee Input Input Committee Setup Input Commitment Input Shuffling

slide-24
SLIDE 24

Summary of Contributions Summary of Contributions

slide-25
SLIDE 25
slide-26
SLIDE 26

Our Model Our Model

Setup (eg, PKI) Corruptions Protocol begins begins

slide-27
SLIDE 27
slide-28
SLIDE 28

Phase 1 Overview: Committee Setup

a.e. agreement Starting point: agreement “C tifi d” “Certified” a.e. agreement Full Full agreement

slide-29
SLIDE 29

Phase 1 Overview: Committee Setup

a.e. agreement Starting point: agreement “C tifi d” “Certified” a.e. agreement Full All parties agree on value Full agreement All parties agree on value

slide-30
SLIDE 30

Protocol for Sublinear Algorithms: Overview

  • 1. Communication Graph

+ Committee Setup

  • 3. Input Shuffling

+ Committee Setup 2 I t C it t

  • 2. Input Commitment

“Supreme” committee Input committees

slide-31
SLIDE 31

Combining Signatures into Certificate

  • Option 1: Append as list
  • Option 2: Use Multisignatures [***]

Multisigs: Multisigs: Can combine sigs on same msg into short object

slide-32
SLIDE 32

Step 2: Input Commitment Step 2: Input Commitment

FHE-Encrypted input NIZK Proof of CT validity NIZK Proof of Consistency Second Encryption

  • f input
slide-33
SLIDE 33

PHASE 1: COMMITTEE SETUP COMMITTEE SETUP

Committee Setup Input Commitment Input Shuffling

slide-34
SLIDE 34

Analyzing Communication Analyzing Communication

Protocol Step Comm Locality Comm cxy # Rounds Protocol Step Comm Locality Comm cxy # Rounds A.e. leader election Certifying a.e. To full agreement Input commitment For adaptive Gen shuffle perm Implementing h ffl For adaptive algorithms shuffle Choosing inputs

slide-35
SLIDE 35

This Talk: This Talk:

Protocol for sublinear algorithms (Thm Protocol for sublinear algorithms (Thm 2) + Complexity Analysis Extension to general functions (Thm 1)

Sanjam Garg Abhishek Jain Amit Sahai Stefano Tessaro Shafi Goldwasser Yael Tauman Gil Segev Daniel Wichs

slide-36
SLIDE 36

Achieving Full Agreement Achieving Full Agreement

Almost- “Certified”

almost

Full What about isolated honest parties?? everywhere

almost- everywhere

Full …

. . . . .

To be used

Can achieve with Pseudorandom Function Family:

later!