computation for mali licious
play

Computation for Mali licious Adversaries and an Honest Majority Jun - PowerPoint PPT Presentation

Dec 30, 2023 •141 likes •699 views

Hig igh-Throughput Secure Three-Party Computation for Mali licious Adversaries and an Honest Majority Jun Furukawa*, Yehuda Lindell**, Ariel Nof** and Or Weinstein** *NEC corporation, Israel **Bar-Ilan University, Israel Eurocrypt 2017

  1. Hig igh-Throughput Secure Three-Party Computation for Mali licious Adversaries and an Honest Majority Jun Furukawa*, Yehuda Lindell**, Ariel Nof** and Or Weinstein** *NEC corporation, Israel **Bar-Ilan University, Israel Eurocrypt 2017

  2. Secure Three-Party Computation wit ith an Honest Majority 𝑦 1 𝑦 2 𝑔(𝑦 1 , 𝑦 2 , 𝑦 3 ) 𝑦 3

  3. Secure Three-Party Computation wit ith an Honest Majority 𝑦 1 𝑦 2 𝑔(𝑦 1 , 𝑦 2 , 𝑦 3 ) 𝑦 3

  4. Secure Three-Party Computation wit ith an Honest Majority 𝑦 1 𝑦 2 𝑔(𝑦 1 , 𝑦 2 , 𝑦 3 ) 𝑦 3 • Functionality is represented by a Boolean circuit • Security with abort

  5. High-Throughput Secure Three-Party Computation with an Honest Majority

  6. High-Throughput Secure Three-Party Computation with an Honest Majority 𝑢 𝑡𝑢𝑏𝑠𝑢 𝑢 𝑓𝑜𝑒 f How much time it takes to compute a function?

  7. High-Throughput Secure Three-Party Computation with an Honest Majority 𝑢 𝑡𝑢𝑏𝑠𝑢 𝑢 𝑓𝑜𝑒 f How much time it takes to compute a function? Latency

  8. High-Throughput Secure Three-Party Computation with an Honest Majority 1 𝑡𝑓𝑑 f f f f f f f f f 𝑢 𝑡𝑢𝑏𝑠𝑢 𝑢 𝑓𝑜𝑒 f How much time it takes to How many functions can we compute a function? compute in one sec? Latency

  9. High-Throughput Secure Three-Party Computation with an Honest Majority 1 𝑡𝑓𝑑 f f f f f f f f f 𝑢 𝑡𝑢𝑏𝑠𝑢 𝑢 𝑓𝑜𝑒 f How much time it takes to How many functions can we compute a function? compute in one sec? Latency Throughput

  10. Low Latency VS. High-Throughput High-Throughput Low Latency

  11. Low Latency VS. High-Throughput High-Throughput Low Latency • Constant rounds of communication 𝑄 1 𝑄 2 “ the garbled-circuit approach ”

  12. Low Latency VS. High-Throughput High-Throughput Low Latency • Low bandwidth • Constant rounds of • Simple Computations communication 𝑄 𝑄 1 1 𝑄 2 𝑄 2 “ the secret-sharing approach ” “ the garbled-circuit approach ”

  13. Low Latency VS. High-Throughput High-Throughput Low Latency • Low bandwidth • Constant rounds of • Simple Computations communication 𝑄 𝑄 1 1 𝑄 2 𝑄 2 “ the secret-sharing approach ” “ the garbled-circuit approach ”

  14. The Starting Point: The Semi-honest protocol of [AFLNO16 16] • Based on replicated secret sharing • Requires 1 bit of communication sent by each party per AND gate. • Speed: compute over 7 billion AND gates per second • Concretely, over 1,300,000 AES operations per second

  15. From Semi-Honest to Malicious adversary ry • Sharing the inputs • Emulating the circuit • Output Reconstruction

  16. From Semi-Honest to Malicious adversary ry How to force the corrupted party to share its • Sharing the inputs inputs “ correctly ” ? How to verify AND gates were computed • Emulating the circuit correctly? How to verify that the output was • Output Reconstruction reconstructed correctly?

  17. From Semi-Honest to Malicious adversary ry How to force the corrupted party to share its • Sharing the inputs inputs “ correctly ” ? How to verify AND gates were computed • Emulating the circuit correctly? How to verify that the output was • Output Reconstruction reconstructed correctly?

  18. Verification of AND Gates A “ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 ⋅ 𝑐

  19. Verification of AND Gates A “ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 ⋅ 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated by computing an AND gate Let 𝑏 , 𝑐 , 𝑑 be a random triple

  20. Verification of AND Gates A “ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 ⋅ 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated by computing an AND gate Let 𝑏 , 𝑐 , 𝑑 be a random triple

  21. Verification of AND Gates A “ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 ⋅ 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated If 𝑏 , 𝑐 , 𝑑 is a “ valid ” triple, then we by computing an AND gate can use 𝑏 , 𝑐 , 𝑑 to detect cheating Let 𝑏 , 𝑐 , 𝑑 be a random triple in 𝑦 , 𝑧 , 𝑨 with probability 1.

  22. Verification of AND Gates A “ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 ⋅ 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated If 𝑏 , 𝑐 , 𝑑 is a “ valid ” triple, then we by computing an AND gate can use 𝑏 , 𝑐 , 𝑑 to detect cheating Let 𝑏 , 𝑐 , 𝑑 be a random triple in 𝑦 , 𝑧 , 𝑨 with probability 1. Sub-protocol “ triple verification without opening ” Communication: 2 bits per each party

  23. The Protocol On-line protocol 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates 4. Reconstruct Output 3 bits per AND gate

  24. The Protocol On-line protocol 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates Output 𝑶 triples 4. Reconstruct Output 3 bits per AND gate

  25. The Protocol Pre-processing protocol On-line protocol 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates Output 𝑶 triples 4. Reconstruct Output 3 bits per AND gate

  26. The Protocol Pre-processing protocol On-line protocol ? 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates Output 𝑶 triples 4. Reconstruct Output 3 bits per AND gate

  27. Generation of f Random Multiplication Triples • 𝑏 , [𝑐] are generated without any interaction! • [𝑑] is computed using the semi-honest protocol

  28. Generation of f Random Multiplication Triples • 𝑏 , [𝑐] are generated without any interaction! 1 bit of communication! • [𝑑] is computed using the semi-honest protocol

  29. Generation of f Random Multiplication Triples • 𝑏 , [𝑐] are generated without any interaction! 1 bit of communication! • [𝑑] is computed using the semi-honest protocol How to verify that the triple is valid?

  30. Generation of f Random Multiplication Triples . . .

  31. Generation of f Random Multiplication Triples Random permutation . . .

  32. Generation of f Random Multiplication Triples Random Open C permutation triples . . .

  33. Generation of f Random Multiplication Triples Random Open C permutation triples If one of the opened triples is incorrect, the honest parties will detect it and abort . . .

  34. Generation of f Random Multiplication Triples Random Open C permutation triples . . .

  35. Generation of f Random Multiplication Triples Split into N Random Open C buckets of permutation triples equal size 𝐶 1 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . 𝐶 2 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . . . 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 𝐶 𝑂

  36. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 − 𝟐 triples 𝐶 1 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . 𝐶 2 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . . . . . . 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 𝐶 𝑂

  37. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 − 𝟐 triples 𝐶 1 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . If one of the . buckets is “ mixed ” , 𝐶 2 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 the honest parties . . . will detect it and . . abort . . 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 𝐶 𝑂

  38. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 − 𝟐 triples 𝐶 1 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . 𝐶 2 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . . . . . . 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 𝐶 𝑂

  39. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 − 𝟐 triples 𝐶 1 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . 𝐶 2 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . . . . . . 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 𝐶 𝑂

  40. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 − 𝟐 triples 𝐶 1 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . 𝐶 2 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . . . . . . 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 𝐶 𝑂

  41. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 − 𝟐 triples 𝐶 1 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . 𝐶 2 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 . . . . . . . 𝛾 𝑢𝑠𝑗𝑞𝑚𝑓𝑡 𝐶 𝑂

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pr Projec ject Mali t Mali So Some meone ne or r So Some

Pr Projec ject Mali t Mali So Some meone ne or r So Some

Pr Projec ject Mali t Mali So Some meone ne or r So Some mething thing of f Value alue to Our ur Community mmunity Th The e Ubele Ubele In Ini4

550 views • 11 slides
Scaling Up Renewable Energy Program in Mali (SREP-MALI INVESTMENT PLAN) Presentation to the

Scaling Up Renewable Energy Program in Mali (SREP-MALI INVESTMENT PLAN) Presentation to the

Republic of Mali Ministry of Energy and Water Scaling Up Renewable Energy Program in Mali (SREP-MALI INVESTMENT PLAN) Presentation to the SREP Sub-committee 1 st November 2011 1 Overview of the Presentation I. Country and Energy sector

481 views • 30 slides
MALI: An attractive investment destination Why is Mali an attractive investment destination? The

MALI: An attractive investment destination Why is Mali an attractive investment destination? The

MALI: An attractive investment destination Why is Mali an attractive investment destination? The country has The right Key competitive conditions advantages Preferential A favorable investment Opportunities in access to key

697 views • 33 slides
Mali Mali media presentationJan 2019 A leading African gold miner Jabal Sayid (50%)

Mali Mali media presentationJan 2019 A leading African gold miner Jabal Sayid (50%)

Mali Mali media presentationJan 2019 A leading African gold miner Jabal Sayid (50%) Loulo-Gounkoto Morila (40%) Massawa Kibali (45%) Tongon North Mara Bulyanhulu Lumwana (63.7%) Buzwagi Gold production Projects Acacia (63.9%

1.48k views • 37 slides
Pour sortir de la violence au nord du Mali cest lensemble du Sahel qui a besoin dun

Pour sortir de la violence au nord du Mali cest lensemble du Sahel qui a besoin dun

Pour sortir de la violence au nord du Mali cest lensemble du Sahel qui a besoin dun vritable plan Marshall Serge Michailof Colloque FERDI 29 juin 2012 Tout le nord du Mali et une bonne part du Sahara se sont transforms de zone

1.9k views • 15 slides
Dansa from Mali: Tempo-Metrical Types in

Dansa from Mali: Tempo-Metrical Types in

Dansa from Mali: Tempo-Metrical Types in Swing-based Meters. Or: Cool things that happen when you speed up a swingin rhythm

787 views • 43 slides
Spotlight on Rural Supply: Critical factors to create successful mobile money agents. By Sarah

Spotlight on Rural Supply: Critical factors to create successful mobile money agents. By Sarah

Spotlight on Rural Supply: Critical factors to create successful mobile money agents. By Sarah Zhou and Aakash Sethi 70% OF GLOBAL POOR LIVE IN RURAL AREAS BASIC GEOGRAPHY: Mali and Chad Chad Mali Background on Mali and Chad In contrast

189 views • 16 slides
how they have survived and how they can be conserved Dr Susan Canney, Director of the Mali

how they have survived and how they can be conserved Dr Susan Canney, Director of the Mali

Malis remarkable desert - adapted elephants: how they have survived and how they can be conserved Dr Susan Canney, Director of the Mali Elephant Project Research Associate, Department of Zoology, University of Oxford Range of habitats

877 views • 54 slides
Workshop, European Caf Debate and presentation of initial findings in Mali Deliverable 7.12

Workshop, European Caf Debate and presentation of initial findings in Mali Deliverable 7.12

Workshop, European Caf Debate and presentation of initial findings in Mali Deliverable 7.12 (Version 1; 27.11.2017) Prepared by: ARGA Project acronym: EUNPACK Project full title: Good intentions, mixed results A conflict sensitive

337 views • 8 slides
Evaluating Climate Services: Lessons from Mali Edward R Carr Humanitarian Response and

Evaluating Climate Services: Lessons from Mali Edward R Carr Humanitarian Response and

Evaluating Climate Services: Lessons from Mali Edward R Carr Humanitarian Response and Development Lab Department of Geography University of South Carolina Malis Agrometeorologial Program Pilot phase (4 villages, 16 farmers) was very

240 views • 10 slides
Print. Winters, Charlene R. Lifting Mali. BYU Magazine Fall 2010: 36-41. Print.

Print. Winters, Charlene R. Lifting Mali. BYU Magazine Fall 2010: 36-41. Print.

Bradbury, Ray. Fahrenheit 451 . The 50 th Anniversary Edition. New York: Ballantine Books, 1953. Print. Winters, Charlene R. Lifting Mali. BYU Magazine Fall 2010: 36-41. Print. Concentration Camps 1933 - 1939. Holocaust Encyclopedia .

597 views • 20 slides
Au 196.97 Lithium Development & Gold Exploration Mali & Cote dIvoire, West Africa

Au 196.97 Lithium Development & Gold Exploration Mali & Cote dIvoire, West Africa

79 Au 196.97 Lithium Development & Gold Exploration Mali & Cote dIvoire, West Africa May 2020 IMPORTANT NOTICE 1 DISCLAIMER The information contained in this document (Presentation) has been prepared by Kodal Minerals plc

694 views • 15 slides
Best Practices Green Business Area in Mali Enabling Enterprise Development: A Selection of Best

Best Practices Green Business Area in Mali Enabling Enterprise Development: A Selection of Best

Best Practices Green Business Area in Mali Enabling Enterprise Development: A Selection of Best Practices in Harnessing Distributed Energy for Productive Uses (Webinar) Jean BILLANT ECODEV programme officer | January 2017 GERES and Sustainable

118 views • 9 slides
Extensible Programming and Modeling Languages Ted Kaminski, Yogesh Mali, August Schwerdfeger and

Extensible Programming and Modeling Languages Ted Kaminski, Yogesh Mali, August Schwerdfeger and

Extensible Programming and Modeling Languages Ted Kaminski, Yogesh Mali, August Schwerdfeger and Eric Van Wyk University of Minnesota September 20, 2012, Lund, Sweden Page 1 Languages are not monolithic. But most language tools

458 views • 24 slides
in Mali - West Africa 26 th May 2016 INVESTOR PRESENTATION (ASX: OKU) Disclaimer The material in

in Mali - West Africa 26 th May 2016 INVESTOR PRESENTATION (ASX: OKU) Disclaimer The material in

Building a Gold Company in Mali - West Africa 26 th May 2016 INVESTOR PRESENTATION (ASX: OKU) Disclaimer The material in this presentation (material) is not and does not constitute an offer, invitation or recommendation to subscribe for, or

407 views • 19 slides
Challenges for the Center of Mali 1. Inner Niger Delta Setting the stage 2. Water Resource

Challenges for the Center of Mali 1. Inner Niger Delta Setting the stage 2. Water Resource

Challenges for the Center of Mali 1. Inner Niger Delta Setting the stage 2. Water Resource Conflicts: Inappropriate conflict management Intensification of violence The rise of inter-community violence 3. Development plans

290 views • 13 slides
On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin

On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin

On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin ANSSI, France 18 April, EUROCRYPT 2012 Yannick Seurin (ANSSI) Exact Security of Schnorr Signatures EUROCRYPT 2012 1 / 28 Introduction Introduction

1.45k views • 117 slides
Recommendation on Data Missing Not at Random A Doubly Robust Joint Learning Approach Rating

Recommendation on Data Missing Not at Random A Doubly Robust Joint Learning Approach Rating

Recommendation on Data Missing Not at Random A Doubly Robust Joint Learning Approach Rating Matrix Item 1 Item 2 Item 3 ... Item M User 1 4 ... User 2 2 ... User 3 5 ... 5 ... ... ... ... ... ... User N 2 ... 1 Rating

911 views • 26 slides
(Still) Exploiting TCP Timestamps Veit N. Hailperin 1 1 scip AG Hack in Paris, June 2015 Veit N.

(Still) Exploiting TCP Timestamps Veit N. Hailperin 1 1 scip AG Hack in Paris, June 2015 Veit N.

(Still) Exploiting TCP Timestamps Veit N. Hailperin 1 1 scip AG Hack in Paris, June 2015 Veit N. Hailperin (scip AG) (Still) Exploiting TCP Timestamps HiP 2015 1 / 47 About Me Security Consultant & Researcher @ scip AG @fenceposterror

623 views • 47 slides
Randomized methods for machine learning David Lopez-Paz, FAIR May 17, 2016

Randomized methods for machine learning David Lopez-Paz, FAIR May 17, 2016

Randomized methods for machine learning David Lopez-Paz, FAIR May 17, 2016 http://tinyurl.com/randomized-practical Some random examples Building atomic bombs Truncated SVD Dimensionality reduction Kernel methods for big data Nonlinear

970 views • 81 slides
Improved Bounds on the Dot Product under Random Projection and Random Sign Projection Ata Kab

Improved Bounds on the Dot Product under Random Projection and Random Sign Projection Ata Kab

Improved Bounds on the Dot Product under Random Projection and Random Sign Projection Ata Kab an School of Computer Science The University of Birmingham Birmingham B15 2TT, UK http://www.cs.bham.ac.uk/ axk KDD 2015, Sydney, 10-13

280 views • 23 slides
to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram

to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram

CrashMonkey: A Framework to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram University of Texas at Austin Crash Consistency File-system updates change multiple blocks on storage Data blocks, inodes,

499 views • 46 slides
Thresholds in random CSPs Nike Sun (Berkeley) Counting complexity and phase transitions Simons

Thresholds in random CSPs Nike Sun (Berkeley) Counting complexity and phase transitions Simons

Thresholds in random CSPs Nike Sun (Berkeley) Counting complexity and phase transitions Simons Institute, Berkeley 28 January 2016 Plan for the talk Introduction: random k -SAT model Threshold conjecture, Friedguts theorem Statistical

1.67k views • 142 slides
An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010

An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010

An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010 1 / 10 Lattice-Based Crypto L R n b 2 b 1 2 / 10 Lattice-Based Crypto L R n p 1 p 2 2 / 10 Lattice-Based Crypto L R n b 2 p 1 b 1 =

975 views • 60 slides

More recommend