constant rate oblivious transfer from noisy channels
play

Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai - PowerPoint PPT Presentation

Nov 18, 2023 •292 likes •1.25k views

Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O strovsky Manoj P rabhakaran Amit S ahai Jrg W ullschleger Tuesday, August 23, 2011 Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai

  1. Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O strovsky Manoj P rabhakaran Amit S ahai Jürg W ullschleger Tuesday, August 23, 2011

  2. Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O strovsky Manoj P rabhakaran Amit S ahai Jürg W ullschleger Tuesday, August 23, 2011

  3. Noisy Channel & Crypto Tuesday, August 23, 2011

  4. Noisy Channel & Crypto From our point of view, an ideal communication line is a sterile, cryptographically uninteresting entity. Noise, on the other hand, breeds disorder, uncertainty, and confusion. Thus, it is the cryptographer’s natural ally. Claude Crépeau & Joe Kilian, 1988. Tuesday, August 23, 2011

  5. Noisy Channel & Crypto Tuesday, August 23, 2011

  6. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] Tuesday, August 23, 2011

  7. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] Tuesday, August 23, 2011

  8. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] X 0 ,X 1 b X b OT [R’81,W’83] Tuesday, August 23, 2011

  9. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] X X 0 ,X 1 b X ⊕ b X b OT BSC [R’81,W’83] Tuesday, August 23, 2011

  10. Noisy Channel & Crypto • Wyner’s wire-tap channel: information-theoretically secret communication, without shared keys [W’75] • Oblivious Transfer from noisy channel [CK’88] • OT is complete for secure computation [K’88] X X 0 ,X 1 b X ⊕ b X b OT BSC [R’81,W’83] Tuesday, August 23, 2011

  11. Constant Rate Tuesday, August 23, 2011

  12. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication Tuesday, August 23, 2011

  13. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? Tuesday, August 23, 2011

  14. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k Tuesday, August 23, 2011

  15. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) Tuesday, August 23, 2011

  16. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) Tuesday, August 23, 2011

  17. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) • [HIKN’08] O(1) for semi-honest security Tuesday, August 23, 2011

  18. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) • [HIKN’08] O(1) for semi-honest security • Goal: To get O(1) (Can’t do better even given free noiseless channels [WW’10] ) Tuesday, August 23, 2011

  19. Constant Rate • cf. Shannon’s Channel Coding Theorem: O(1) many uses of BSC per bit of communication • How many uses of BSC per OT instance? or more general noisy channels • [CK’88] O( k 11 ) to get a security error of 2 - k • [C’97] O( k 3 ) • [CMW’04] O( k 2+ ε ) • [HIKN’08] O(1) for semi-honest security • Goal: To get O(1) (Can’t do better even given free noiseless channels [WW’10] ) Tuesday, August 23, 2011

  20. Overview Tuesday, August 23, 2011

  21. Overview • Plan: use IPS construction [IPS’08] to compile a semi- honest secure “inner protocol” and an honest-majority secure “outer protocol” using a few string -OTs Tuesday, August 23, 2011

  22. Overview • Plan: use IPS construction [IPS’08] to compile a semi- honest secure “inner protocol” and an honest-majority secure “outer protocol” using a few string -OTs • A modified compiler so that the inner-protocol can use noisy channels. Requires inner protocol to be “error tolerant” Tuesday, August 23, 2011

  23. Overview Harder to detect cheating in inner- • Plan: use IPS construction [IPS’08] to compile a semi- protocol (by honest secure “inner protocol” and an honest-majority partial oblivious secure “outer protocol” using a few string -OTs monitoring), as there is a noisy • A modified compiler so that the inner-protocol can channel involved. use noisy channels. Requires inner protocol to be Will require the “error tolerant” inner-protocol to be secure against active corruption of a small fraction of channel instances Tuesday, August 23, 2011

  24. Overview Harder to detect cheating in inner- • Plan: use IPS construction [IPS’08] to compile a semi- protocol (by honest secure “inner protocol” and an honest-majority partial oblivious secure “outer protocol” using a few string -OTs monitoring), as there is a noisy • A modified compiler so that the inner-protocol can channel involved. use noisy channels. Requires inner protocol to be Will require the “error tolerant” inner-protocol to • Constant-rate inner and outer protocols from be secure against active corruption literature [GMW’87+HIKN’08,DI’06+CC’06] of a small fraction of channel instances Tuesday, August 23, 2011

  25. Overview Harder to detect cheating in inner- • Plan: use IPS construction [IPS’08] to compile a semi- protocol (by honest secure “inner protocol” and an honest-majority partial oblivious secure “outer protocol” using a few string -OTs monitoring), as there is a noisy • A modified compiler so that the inner-protocol can channel involved. use noisy channels. Requires inner protocol to be Will require the “error tolerant” inner-protocol to • Constant-rate inner and outer protocols from be secure against active corruption literature [GMW’87+HIKN’08,DI’06+CC’06] of a small fraction • A constant-rate construction for string- OT from of channel instances noisy channel Tuesday, August 23, 2011

  26. String-OT Tuesday, August 23, 2011

  27. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Tuesday, August 23, 2011

  28. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] Tuesday, August 23, 2011

  29. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error Tuesday, August 23, 2011

  30. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error Tuesday, August 23, 2011

  31. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error • String-OT from fuzzy OT (or fuzzy OLE, in fact) Tuesday, August 23, 2011

  32. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error A,C B • String-OT from fuzzy OT (or fuzzy OLE, in fact) OLE AB+C Tuesday, August 23, 2011

  33. String-OT • t -bit string-OT with O ( t ) +poly ( k ) communication (over a noisy channel) Previously, known from OT -like and erasure channels [BCW’03,IMN’06] • Can use current constructions with a constant security parameter to get “fuzzy” OT: i.e., with constant security error • Challenge: change constant security error to negligible error A,C B • String-OT from fuzzy OT (or fuzzy OLE, in fact) OLE AB+C • First, reinterpret fuzzy OLE as a perfect “shaky” OLE Tuesday, August 23, 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Energy transfer rates in turbulent channels with drag reduction at constant power input Davide

Energy transfer rates in turbulent channels with drag reduction at constant power input Davide

Energy transfer rates in turbulent channels with drag reduction at constant power input Davide Gatti, M. Quadrio, Y. Hasegawa, B. Frohnapfel and A. Cimarelli EDRFCM 2017, Villa Mondragone, Monte Porzio Catone www.kit.edu KIT The Research

246 views • 22 slides
A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan 2 Brent Waters 1 1 SRI International 2 MIT CRYPTO 2008 1 / 10 Oblivious Transfer [R81,EGL85,BCR86,C87,K88,CK88,C89,CS91,CGT95,DCP95,FMR96,BC97,. .

1.02k views • 50 slides
Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim) Generic OT 1 / 20 Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim)

852 views • 45 slides
ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim Hila Zarosim TCC 2013 Obli i Oblivious Transfer T f The other message message remains secret to the the receiver Obli i Oblivious

757 views • 38 slides
application: error correcting codes 40 Codes are all around us 41 noisy channels Goal: send a

application: error correcting codes 40 Codes are all around us 41 noisy channels Goal: send a

application: error correcting codes 40 Codes are all around us 41 noisy channels Goal: send a 4-bit message over a noisy communication channel. Say, 1 bit in 10 is flipped in transit, independently. What is the probability that the message

655 views • 27 slides
SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: OT transfer partial A:up, B:down A up I need just information All 2 of one them! But cant

432 views • 20 slides
Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven -

Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven -

Motivation Efficient Priced Oblivious Transfer Optimistic Fair POT Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven - ESAT-COSIC IBBT Africacrypt 2010 A. Rial Optimistic Fair POT Motivation

1.08k views • 78 slides
Discriminative Training February 19, 2013 Tuesday, February 19, 13 Noisy Channels Again p ( e )

Discriminative Training February 19, 2013 Tuesday, February 19, 13 Noisy Channels Again p ( e )

Discriminative Training February 19, 2013 Tuesday, February 19, 13 Noisy Channels Again p ( e ) English source Tuesday, February 19, 13 Noisy Channels Again p ( g | e ) p ( e ) English source German Tuesday, February 19, 13 Noisy

983 views • 82 slides
Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng Zhou University of Connecticut Joint work with Juan Garay (AT&T) and Daniel Wichs (NYU) CRYPTO 2009 Outline Background New Approach

789 views • 36 slides
Queuing Theory Equations Definition = Arrival Rate = Service Rate = / C = Number

Queuing Theory Equations Definition = Arrival Rate = Service Rate = / C = Number

Queuing Theory Equations Definition = Arrival Rate = Service Rate = / C = Number of Service Channels M = Random Arrival/Service rate (Poisson) D = Deterministic Service Rate (Constant rate) M/D/1 case (random Arrival,

415 views • 3 slides
More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad Asharov Hebrew University Yehuda Lindell Bar-Ilan University Thomas Schneider Darmstadt Michael Zohner Darmstadt EUROCRYPT 2015 From Theory to

498 views • 37 slides
The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The Netherlands August 24, 2015 Latincrypt 2015, Guadalajara, Mexico Joint work with Claudio Orlandi 2 OTs 1 Sender Receiver 2 OTs

930 views • 28 slides
k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,

1.03k views • 85 slides
Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal Miuda 2 , Ladislav Mita 2 , Jr., Miloslav Duek 2 , Petros Wallden 3 , and Erika Andersson 1 1 SUPA, Institute of Photonics and Quantum Sciences,

752 views • 29 slides
Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad Hajiabadi Daniel Masny Daniel Wichs CISPA Helmholtz Center for Information Security UC Berkeley Visa Research Northeastern University

425 views • 13 slides
Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty December 5, 2016 O. Blazy, C. Chevalier, P . Germouty December 5, 2016 1 / 31 Oblivious Transfer 1 OLBE: A Natural Generalization 2 Adaptive

1.51k views • 88 slides
Data Mining Techniques CS 6220 - Section 3 - Fall 2016 Lecture 16: Association Rules Jan-Willem

Data Mining Techniques CS 6220 - Section 3 - Fall 2016 Lecture 16: Association Rules Jan-Willem

Data Mining Techniques CS 6220 - Section 3 - Fall 2016 Lecture 16: Association Rules Jan-Willem van de Meent (credit: Yijun Zhao, Yi Wang, Tan et al., Leskovec et al.) Apriori: Summary All pairs of sets All pairs Count Count that

639 views • 29 slides
Machine Learning for Survival Analysis Chandan K. Reddy Yan Li Dept. of Computer Science Dept.

Machine Learning for Survival Analysis Chandan K. Reddy Yan Li Dept. of Computer Science Dept.

Machine Learning for Survival Analysis Chandan K. Reddy Yan Li Dept. of Computer Science Dept. of Computational Medicine Virginia Tech and Bioinformatics http://www.cs.vt.edu/~reddy Univ. of Michigan, Ann Arbor 1 Tutorial Outline Basic

1.28k views • 107 slides
Operator equations and domain dependence Hermann Knig Kiel, Germany Bedlewo, July 2014

Operator equations and domain dependence Hermann Knig Kiel, Germany Bedlewo, July 2014

Operator equations and domain dependence Hermann Knig Kiel, Germany Bedlewo, July 2014 Hermann Knig (Kiel) Operator equations Bedlewo, July 2014 1 / 37 Pictures 'ffi.q&o**J \. Figure: Oberwolfach 1986 Hermann Knig (Kiel)

1.01k views • 61 slides
Unix and Undergraduate Teaching Carlo Kopp, BE(Hons), MSc, PhD, PEng Monash University,

Unix and Undergraduate Teaching Carlo Kopp, BE(Hons), MSc, PhD, PEng Monash University,

1/16 Computer Science & Software Engineering http://www.csse.monash.edu.au/ Unix and Undergraduate Teaching Carlo Kopp, BE(Hons), MSc, PhD, PEng Monash University, Clayton, Australia email: carlo@mail.csse.monash.edu.au

691 views • 16 slides
On Nuttalls partition of a three-sheeted Riemann surface and limit zero distribution of

On Nuttalls partition of a three-sheeted Riemann surface and limit zero distribution of

On Nuttalls partition of a three-sheeted Riemann surface and limit zero distribution of HermitePad polynomials Sergey P. Suetin S M I R

851 views • 28 slides
Introduction to the dynamics of holomorphic endomorphisms of P k Dimitra Tsigkari Postgraduate

Introduction to the dynamics of holomorphic endomorphisms of P k Dimitra Tsigkari Postgraduate

Definitions Elements of Pluripotential Theory The Green current of a holomorphic endomorphism Introduction to the dynamics of holomorphic endomorphisms of P k Dimitra Tsigkari Postgraduate Conference in Complex Dynamics, London, 11-13 March

805 views • 37 slides
Game and Learn: An Introduction to Educational Gaming 14. TPCK, SAMR, and Games Ruben R.

Game and Learn: An Introduction to Educational Gaming 14. TPCK, SAMR, and Games Ruben R.

Game and Learn: An Introduction to Educational Gaming 14. TPCK, SAMR, and Games Ruben R. Puentedura, Ph.D The Models TPCK (Mishra & Koehler) y C g o o g n a t e d n e t P PCK PK CK TPCK TPK TCK TK Technology SAMR

368 views • 12 slides
Modular Catalan Numbers, Generalized Motzkin Numbers, and the Tamari Order Nickolas Hein

Modular Catalan Numbers, Generalized Motzkin Numbers, and the Tamari Order Nickolas Hein

Modular Catalan Numbers, Generalized Motzkin Numbers, and the Tamari Order Nickolas Hein University of Nebraska at Kearney 21 May 2016, Lawrence Joint work with Jia Huang, UNK : arbitrary binary operation on C Notation: ab means a

518 views • 18 slides

More recommend