PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
computation for mali licious

Computation for Mali licious Adversaries and an Honest Majority Jun - PowerPoint PPT Presentation

Dec 30, 2023 β€’141 likes β€’699 views

Hig igh-Throughput Secure Three-Party Computation for Mali licious Adversaries and an Honest Majority Jun Furukawa*, Yehuda Lindell**, Ariel Nof** and Or Weinstein** *NEC corporation, Israel **Bar-Ilan University, Israel Eurocrypt 2017

  1. Hig igh-Throughput Secure Three-Party Computation for Mali licious Adversaries and an Honest Majority Jun Furukawa*, Yehuda Lindell**, Ariel Nof** and Or Weinstein** *NEC corporation, Israel **Bar-Ilan University, Israel Eurocrypt 2017

  2. Secure Three-Party Computation wit ith an Honest Majority 𝑦 1 𝑦 2 𝑔(𝑦 1 , 𝑦 2 , 𝑦 3 ) 𝑦 3

  3. Secure Three-Party Computation wit ith an Honest Majority 𝑦 1 𝑦 2 𝑔(𝑦 1 , 𝑦 2 , 𝑦 3 ) 𝑦 3

  4. Secure Three-Party Computation wit ith an Honest Majority 𝑦 1 𝑦 2 𝑔(𝑦 1 , 𝑦 2 , 𝑦 3 ) 𝑦 3 β€’ Functionality is represented by a Boolean circuit β€’ Security with abort

  5. High-Throughput Secure Three-Party Computation with an Honest Majority

  6. High-Throughput Secure Three-Party Computation with an Honest Majority 𝑒 𝑑𝑒𝑏𝑠𝑒 𝑒 π‘“π‘œπ‘’ f How much time it takes to compute a function?

  7. High-Throughput Secure Three-Party Computation with an Honest Majority 𝑒 𝑑𝑒𝑏𝑠𝑒 𝑒 π‘“π‘œπ‘’ f How much time it takes to compute a function? Latency

  8. High-Throughput Secure Three-Party Computation with an Honest Majority 1 𝑑𝑓𝑑 f f f f f f f f f 𝑒 𝑑𝑒𝑏𝑠𝑒 𝑒 π‘“π‘œπ‘’ f How much time it takes to How many functions can we compute a function? compute in one sec? Latency

  9. High-Throughput Secure Three-Party Computation with an Honest Majority 1 𝑑𝑓𝑑 f f f f f f f f f 𝑒 𝑑𝑒𝑏𝑠𝑒 𝑒 π‘“π‘œπ‘’ f How much time it takes to How many functions can we compute a function? compute in one sec? Latency Throughput

  10. Low Latency VS. High-Throughput High-Throughput Low Latency

  11. Low Latency VS. High-Throughput High-Throughput Low Latency β€’ Constant rounds of communication 𝑄 1 𝑄 2 β€œ the garbled-circuit approach ”

  12. Low Latency VS. High-Throughput High-Throughput Low Latency β€’ Low bandwidth β€’ Constant rounds of β€’ Simple Computations communication 𝑄 𝑄 1 1 𝑄 2 𝑄 2 β€œ the secret-sharing approach ” β€œ the garbled-circuit approach ”

  13. Low Latency VS. High-Throughput High-Throughput Low Latency β€’ Low bandwidth β€’ Constant rounds of β€’ Simple Computations communication 𝑄 𝑄 1 1 𝑄 2 𝑄 2 β€œ the secret-sharing approach ” β€œ the garbled-circuit approach ”

  14. The Starting Point: The Semi-honest protocol of [AFLNO16 16] β€’ Based on replicated secret sharing β€’ Requires 1 bit of communication sent by each party per AND gate. β€’ Speed: compute over 7 billion AND gates per second β€’ Concretely, over 1,300,000 AES operations per second

  15. From Semi-Honest to Malicious adversary ry β€’ Sharing the inputs β€’ Emulating the circuit β€’ Output Reconstruction

  16. From Semi-Honest to Malicious adversary ry How to force the corrupted party to share its β€’ Sharing the inputs inputs β€œ correctly ” ? How to verify AND gates were computed β€’ Emulating the circuit correctly? How to verify that the output was β€’ Output Reconstruction reconstructed correctly?

  17. From Semi-Honest to Malicious adversary ry How to force the corrupted party to share its β€’ Sharing the inputs inputs β€œ correctly ” ? How to verify AND gates were computed β€’ Emulating the circuit correctly? How to verify that the output was β€’ Output Reconstruction reconstructed correctly?

  18. Verification of AND Gates A β€œ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 β‹… 𝑐

  19. Verification of AND Gates A β€œ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 β‹… 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated by computing an AND gate Let 𝑏 , 𝑐 , 𝑑 be a random triple

  20. Verification of AND Gates A β€œ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 β‹… 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated by computing an AND gate Let 𝑏 , 𝑐 , 𝑑 be a random triple

  21. Verification of AND Gates A β€œ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 β‹… 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated If 𝑏 , 𝑐 , 𝑑 is a β€œ valid ” triple, then we by computing an AND gate can use 𝑏 , 𝑐 , 𝑑 to detect cheating Let 𝑏 , 𝑐 , 𝑑 be a random triple in 𝑦 , 𝑧 , 𝑨 with probability 1.

  22. Verification of AND Gates A β€œ multiplication triple ” is a triple of shares 𝑏 , 𝑐 , 𝑑 such that 𝑑 = 𝑏 β‹… 𝑐 Let 𝑦 , 𝑧 , 𝑨 be a triple generated If 𝑏 , 𝑐 , 𝑑 is a β€œ valid ” triple, then we by computing an AND gate can use 𝑏 , 𝑐 , 𝑑 to detect cheating Let 𝑏 , 𝑐 , 𝑑 be a random triple in 𝑦 , 𝑧 , 𝑨 with probability 1. Sub-protocol β€œ triple verification without opening ” Communication: 2 bits per each party

  23. The Protocol On-line protocol 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates 4. Reconstruct Output 3 bits per AND gate

  24. The Protocol On-line protocol 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates Output 𝑢 triples 4. Reconstruct Output 3 bits per AND gate

  25. The Protocol Pre-processing protocol On-line protocol 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates Output 𝑢 triples 4. Reconstruct Output 3 bits per AND gate

  26. The Protocol Pre-processing protocol On-line protocol ? 1. Share the inputs 2. Run the Semi-honest protocol 3. Verify all ANDs gates Output 𝑢 triples 4. Reconstruct Output 3 bits per AND gate

  27. Generation of f Random Multiplication Triples β€’ 𝑏 , [𝑐] are generated without any interaction! β€’ [𝑑] is computed using the semi-honest protocol

  28. Generation of f Random Multiplication Triples β€’ 𝑏 , [𝑐] are generated without any interaction! 1 bit of communication! β€’ [𝑑] is computed using the semi-honest protocol

  29. Generation of f Random Multiplication Triples β€’ 𝑏 , [𝑐] are generated without any interaction! 1 bit of communication! β€’ [𝑑] is computed using the semi-honest protocol How to verify that the triple is valid?

  30. Generation of f Random Multiplication Triples . . .

  31. Generation of f Random Multiplication Triples Random permutation . . .

  32. Generation of f Random Multiplication Triples Random Open C permutation triples . . .

  33. Generation of f Random Multiplication Triples Random Open C permutation triples If one of the opened triples is incorrect, the honest parties will detect it and abort . . .

  34. Generation of f Random Multiplication Triples Random Open C permutation triples . . .

  35. Generation of f Random Multiplication Triples Split into N Random Open C buckets of permutation triples equal size 𝐢 1 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . 𝐢 2 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . . . 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ 𝐢 𝑂

  36. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 βˆ’ 𝟐 triples 𝐢 1 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . 𝐢 2 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . . . . . . 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ 𝐢 𝑂

  37. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 βˆ’ 𝟐 triples 𝐢 1 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . If one of the . buckets is β€œ mixed ” , 𝐢 2 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ the honest parties . . . will detect it and . . abort . . 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ 𝐢 𝑂

  38. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 βˆ’ 𝟐 triples 𝐢 1 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . 𝐢 2 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . . . . . . 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ 𝐢 𝑂

  39. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 βˆ’ 𝟐 triples 𝐢 1 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . 𝐢 2 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . . . . . . 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ 𝐢 𝑂

  40. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 βˆ’ 𝟐 triples 𝐢 1 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . 𝐢 2 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . . . . . . 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ 𝐢 𝑂

  41. Generation of f Random Multiplication Triples Verify the Split into N Random Open C first triple in buckets of permutation triples each bucket equal size using 𝜸 βˆ’ 𝟐 triples 𝐢 1 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . 𝐢 2 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ . . . . . . . 𝛾 π‘’π‘ π‘—π‘žπ‘šπ‘“π‘‘ 𝐢 𝑂

Recommend

Scaling Up Renewable Energy Program in Mali (SREP-MALI INVESTMENT PLAN) Presentation to the

Scaling Up Renewable Energy Program in Mali (SREP-MALI INVESTMENT PLAN) Presentation to the

Republic of Mali Ministry of Energy and Water Scaling Up Renewable Energy Program in Mali (SREP-MALI INVESTMENT PLAN) Presentation to the SREP Sub-committee 1 st November 2011 1 Overview of the Presentation I. Country and Energy sector

482 views β€’ 30 slides
MALI: An attractive investment destination Why is Mali an attractive investment destination? The

MALI: An attractive investment destination Why is Mali an attractive investment destination? The

MALI: An attractive investment destination Why is Mali an attractive investment destination? The country has The right Key competitive conditions advantages Preferential A favorable investment Opportunities in access to key

698 views β€’ 33 slides
Mali Mali media presentationJan 2019 A leading African gold miner Jabal Sayid (50%)

Mali Mali media presentationJan 2019 A leading African gold miner Jabal Sayid (50%)

Mali Mali media presentationJan 2019 A leading African gold miner Jabal Sayid (50%) Loulo-Gounkoto Morila (40%) Massawa Kibali (45%) Tongon North Mara Bulyanhulu Lumwana (63.7%) Buzwagi Gold production Projects Acacia (63.9%

1.48k views β€’ 37 slides
Pr Projec ject Mali t Mali So Some meone ne or r So Some

Pr Projec ject Mali t Mali So Some meone ne or r So Some

Pr Projec ject Mali t Mali So Some meone ne or r So Some mething thing of f Value alue to Our ur Community mmunity Th The e Ubele Ubele In Ini4

550 views β€’ 11 slides
Pour sortir de la violence au nord du Mali cest lensemble du Sahel qui a besoin dun

Pour sortir de la violence au nord du Mali cest lensemble du Sahel qui a besoin dun

Pour sortir de la violence au nord du Mali cest lensemble du Sahel qui a besoin dun vritable plan Marshall Serge Michailof Colloque FERDI 29 juin 2012 Tout le nord du Mali et une bonne part du Sahara se sont transforms de zone

1.9k views β€’ 15 slides
Spotlight on Rural Supply: Critical factors to create successful mobile money agents. By Sarah

Spotlight on Rural Supply: Critical factors to create successful mobile money agents. By Sarah

Spotlight on Rural Supply: Critical factors to create successful mobile money agents. By Sarah Zhou and Aakash Sethi 70% OF GLOBAL POOR LIVE IN RURAL AREAS BASIC GEOGRAPHY: Mali and Chad Chad Mali Background on Mali and Chad In contrast

189 views β€’ 16 slides
Formal Definition of Computation Formal Definition of Computation p.1/28 Computation

Formal Definition of Computation Formal Definition of Computation p.1/28 Computation

Formal Definition of Computation Formal Definition of Computation p.1/28 Computation model The model of computation considered so far is the work performed by a finite automaton Formal Definition of Computation p.2/28

1.27k views β€’ 69 slides
Probabilistic Computation Lecture 13 BPP vs. PH 1 Recap 2 Recap Probabilistic computation 2

Probabilistic Computation Lecture 13 BPP vs. PH 1 Recap 2 Recap Probabilistic computation 2

Probabilistic Computation Lecture 13 BPP vs. PH 1 Recap 2 Recap Probabilistic computation 2 Recap Probabilistic computation NTM (on random certificates) for L: 2 Recap Probabilistic computation NTM (on random certificates)

1.43k views β€’ 95 slides
Massively Parallel Computation Philip Bille Sequential Computation Computation. Read and

Massively Parallel Computation Philip Bille Sequential Computation Computation. Read and

Massively Parallel Computation Philip Bille Sequential Computation Computation. Read and write in storage Arithmetic and boolean operations Control-flow (if-then-else, while-do, ..) Scalability. Massive data. 001111 E

337 views β€’ 23 slides
Model of Computation and Runtime Analysis Model of Computation Model of Computation Specifies

Model of Computation and Runtime Analysis Model of Computation Model of Computation Specifies

Model of Computation and Runtime Analysis Model of Computation Model of Computation Specifies Set of operations Cost of operations (not necessarily time) Examples Turing Machine Random Access Machine (RAM) PRAM Map

574 views β€’ 18 slides
randomized computation Sometimes randomness helps in computation. randomized computation Augment

randomized computation Sometimes randomness helps in computation. randomized computation Augment

randomized computation Sometimes randomness helps in computation. randomized computation Augment our usual Turing machines with a read-only tape of random bits . start 0 2 accept 1 # # 0 1 1 0

736 views β€’ 24 slides
case presentation Guida Landour, MD, PhD Department of Neurology Teaching Hospital of Point

case presentation Guida Landour, MD, PhD Department of Neurology Teaching Hospital of Point

Neurogenetic diseases in Mali: case presentation Guida Landour, MD, PhD Department of Neurology Teaching Hospital of Point G Bamako, Mali Introduction Neurogenetic diseases are neglected - incurable and debilitating - social

189 views β€’ 15 slides
Evaluating Climate Services: Lessons from Mali Edward R Carr Humanitarian Response and

Evaluating Climate Services: Lessons from Mali Edward R Carr Humanitarian Response and

Evaluating Climate Services: Lessons from Mali Edward R Carr Humanitarian Response and Development Lab Department of Geography University of South Carolina Malis Agrometeorologial Program Pilot phase (4 villages, 16 farmers) was very

240 views β€’ 10 slides
Au 196.97 Lithium Development & Gold Exploration Mali & Cote dIvoire, West Africa

Au 196.97 Lithium Development & Gold Exploration Mali & Cote dIvoire, West Africa

79 Au 196.97 Lithium Development & Gold Exploration Mali & Cote dIvoire, West Africa May 2020 IMPORTANT NOTICE 1 DISCLAIMER The information contained in this document (Presentation) has been prepared by Kodal Minerals plc

694 views β€’ 15 slides
A NEW MALI GOLD EXPLORER MAY 2019 DISCLAIMER AND COMPETENT PERSONS STATEMENTS This

A NEW MALI GOLD EXPLORER MAY 2019 DISCLAIMER AND COMPETENT PERSONS STATEMENTS This

A NEW MALI GOLD EXPLORER MAY 2019 DISCLAIMER AND COMPETENT PERSONS STATEMENTS This presentation (the Presentation) has been prepared by Indiana Resources Limited (Indiana). No party other than Indi ana has authorised or caused

412 views β€’ 16 slides
Workshop, European Caf Debate and presentation of initial findings in Mali Deliverable 7.12

Workshop, European Caf Debate and presentation of initial findings in Mali Deliverable 7.12

Workshop, European Caf Debate and presentation of initial findings in Mali Deliverable 7.12 (Version 1; 27.11.2017) Prepared by: ARGA Project acronym: EUNPACK Project full title: Good intentions, mixed results A conflict sensitive

337 views β€’ 8 slides
On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin

On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin

On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin ANSSI, France 18 April, EUROCRYPT 2012 Yannick Seurin (ANSSI) Exact Security of Schnorr Signatures EUROCRYPT 2012 1 / 28 Introduction Introduction

1.45k views β€’ 117 slides
Recommendation on Data Missing Not at Random A Doubly Robust Joint Learning Approach Rating

Recommendation on Data Missing Not at Random A Doubly Robust Joint Learning Approach Rating

Recommendation on Data Missing Not at Random A Doubly Robust Joint Learning Approach Rating Matrix Item 1 Item 2 Item 3 ... Item M User 1 4 ... User 2 2 ... User 3 5 ... 5 ... ... ... ... ... ... User N 2 ... 1 Rating

911 views β€’ 26 slides
(Still) Exploiting TCP Timestamps Veit N. Hailperin 1 1 scip AG Hack in Paris, June 2015 Veit N.

(Still) Exploiting TCP Timestamps Veit N. Hailperin 1 1 scip AG Hack in Paris, June 2015 Veit N.

(Still) Exploiting TCP Timestamps Veit N. Hailperin 1 1 scip AG Hack in Paris, June 2015 Veit N. Hailperin (scip AG) (Still) Exploiting TCP Timestamps HiP 2015 1 / 47 About Me Security Consultant & Researcher @ scip AG @fenceposterror

623 views β€’ 47 slides
Randomized methods for machine learning David Lopez-Paz, FAIR May 17, 2016

Randomized methods for machine learning David Lopez-Paz, FAIR May 17, 2016

Randomized methods for machine learning David Lopez-Paz, FAIR May 17, 2016 http://tinyurl.com/randomized-practical Some random examples Building atomic bombs Truncated SVD Dimensionality reduction Kernel methods for big data Nonlinear

970 views β€’ 81 slides
Improved Bounds on the Dot Product under Random Projection and Random Sign Projection Ata Kab

Improved Bounds on the Dot Product under Random Projection and Random Sign Projection Ata Kab

Improved Bounds on the Dot Product under Random Projection and Random Sign Projection Ata Kab an School of Computer Science The University of Birmingham Birmingham B15 2TT, UK http://www.cs.bham.ac.uk/ axk KDD 2015, Sydney, 10-13

280 views β€’ 23 slides
to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram

to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram

CrashMonkey: A Framework to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram University of Texas at Austin Crash Consistency File-system updates change multiple blocks on storage Data blocks, inodes,

499 views β€’ 46 slides
Thresholds in random CSPs Nike Sun (Berkeley) Counting complexity and phase transitions Simons

Thresholds in random CSPs Nike Sun (Berkeley) Counting complexity and phase transitions Simons

Thresholds in random CSPs Nike Sun (Berkeley) Counting complexity and phase transitions Simons Institute, Berkeley 28 January 2016 Plan for the talk Introduction: random k -SAT model Threshold conjecture, Friedguts theorem Statistical

1.67k views β€’ 142 slides
An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010

An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010

An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010 1 / 10 Lattice-Based Crypto L R n b 2 b 1 2 / 10 Lattice-Based Crypto L R n p 1 p 2 2 / 10 Lattice-Based Crypto L R n b 2 p 1 b 1 =

975 views β€’ 60 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilitiesβ€”Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Blogs Contact

Newsletter

Stay Informed & Inspiredβ€”Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2025 SAMBUZ, All right reserved.