efficient implementation of the orlandi protocol
play

Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc - PowerPoint PPT Presentation

Aug 15, 2023 •126 likes •434 views

What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam Thomas P Nielsen 1 1 The Alexandra

  1. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam Thomas P Nielsen 1 1 The Alexandra Institute 2 Eindhoven University of Technology Applied Cryptography and Network Security, 2010 Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  2. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Outline What (is it all about?) 1 What is Secure Multiparty Computation What is the Orlandi Protocol 2 Why (is the Orlandi protocol interesting?) Active security and self-trust Its practical Solves real-world problems How (did we make it practical?) 3 The Orlandi Protocol in VIFF Efficient Paillier is required Rewrite key steps in C Summary 4 Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  3. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is Secure Multiparty Computation Outline What (is it all about?) 1 What is Secure Multiparty Computation What is the Orlandi Protocol 2 Why (is the Orlandi protocol interesting?) Active security and self-trust Its practical Solves real-world problems How (did we make it practical?) 3 The Orlandi Protocol in VIFF Efficient Paillier is required Rewrite key steps in C Summary 4 Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  4. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is Secure Multiparty Computation Secure Multiparty Computation (SMC) In Secure Multiparty Computation (SMC) we have: a number of parties P 1 , . . . , P n each having input x i the parties wish to jointly compute a function y = f ( x 1 , . . . , x n ) s.t. x i is not revealed to others than P i and y is correct Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  5. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is Secure Multiparty Computation The Millionaires Example Two millionaires, want to know who is richer, without revealing the precise amount of their wealth. Andrew C. Yao, “Protocols for Secure Computations” (1982). Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  6. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is Secure Multiparty Computation What problems does SMC solve? SMC enables joint computation on confidential information: information can be a resource of vital importance and considerable economic value confidentiality of information can be crucial significant value can often be obtained by combining confidential information Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  7. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is Secure Multiparty Computation Real-world Examples Auctions Benchmarking (e.g. total CO 2 emission from all cargo ships) Online games (e.g. poker - only I should learn the value of my cards) Procurements Data mining Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  8. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is the Orlandi Protocol Outline What (is it all about?) 1 What is Secure Multiparty Computation What is the Orlandi Protocol 2 Why (is the Orlandi protocol interesting?) Active security and self-trust Its practical Solves real-world problems How (did we make it practical?) 3 The Orlandi Protocol in VIFF Efficient Paillier is required Rewrite key steps in C Summary 4 Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  9. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is the Orlandi Protocol High level Description Protocol for secure multiparty computation: let s = � n i = 1 s i mod p where s i ∈ Z p then a share is ( s i , C ) allows + , − , and ∗ addition and subtraction are straight forward in an additive scheme multiplication is separated into a preprocessing and an online part preprocessing creates a set of triples ( a , b , c ) s.t. a ∗ b = c online part does actual multiplication and one multiplication consumes one triple Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  10. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is the Orlandi Protocol Random Triple Generation Random Triple Generation takes the security parameter s and a number M as input and generates M triples ( a , b , c ) s.t. a ∗ b = c : generate a set of triples D : D = ∅ For i = 1 , . . . , κ M do: D = D ∪ TripleTest () (where κ > 1 is an overhead factor depending on s ) compute a random subset T ⊂ D and check that they are correct use the rest to “distill” M triples Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  11. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is the Orlandi Protocol Triple Test and Triple Generation Triple Test generates one triple a , b , c uses two triples generated by Triple Generation use one to check the other to reduce the probability for overflow Triple Generation: generates one triple a , b , c uses the homomorphic properties of the Paillier cryptosystem encrypted computation could overflow require that N >> p Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  12. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary What is the Orlandi Protocol Online Multiplication Given a triple ( a , b , c ) , multiplication [ x ] ∗ [ y ] is defined as: d = Open ([ x ] − [ a ]) 1 e = Open ([ y ] − [ b ]) 2 [ z ] = e [ x ] + d [ y ] − de + [ c ] 3 uses one broadcast to every party and some local computations - fast. Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  13. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Active security and self-trust Outline What (is it all about?) 1 What is Secure Multiparty Computation What is the Orlandi Protocol 2 Why (is the Orlandi protocol interesting?) Active security and self-trust Its practical Solves real-world problems How (did we make it practical?) 3 The Orlandi Protocol in VIFF Efficient Paillier is required Rewrite key steps in C Summary 4 Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  14. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Active security and self-trust Attractive Security Model Self-trust - All shares are required to reconstruct the secret values Active security - An adversary cannot change a share or deviate from the protocol without the other parties notices A corrupt party may block the computation 2 to n players Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  15. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Its practical Outline What (is it all about?) 1 What is Secure Multiparty Computation What is the Orlandi Protocol 2 Why (is the Orlandi protocol interesting?) Active security and self-trust Its practical Solves real-world problems How (did we make it practical?) 3 The Orlandi Protocol in VIFF Efficient Paillier is required Rewrite key steps in C Summary 4 Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  16. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Its practical Experiment Setup The benchmarks were performed by using 10 identical computers: 1 GHz dual-core AMD Opteron 2216 processors with 2x1 Mb level 2 cache 2 Gb RAM running Red Hat Enterprise Linux 5.2 64bit x86 architecture gigabit Ethernet, round-trip latency of 0.104 ms. 1024-bits key size for the Paillier cryptosystem One of the machines were used as coordinator. Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

  17. What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Its practical Online Multiplication n 2 3 4 5 6 7 8 9 time 27.4 15.9 19.7 22.8 25.6 26.7 28.2 35.9 stdvar 0.1 3.5 4.7 6.7 7.4 6.8 8.1 8.3 Figure: The average execution time in ms. as function of the number of parties, n Thomas P. Jakobsen, Marc X. Makkes, and Janus Dam Nielsen The Alexandra Institute

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F :

Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F :

June 20, 2016 Yassine Hamoudi Carnegie Mellon University Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F : cost of the most efficient randomized protocol with error 1 3 Alice Bob channel Number

1.15k views • 112 slides
Efficient Implementation of a Generalized Pair HMM for Efficient Implementation of a Generalized

Efficient Implementation of a Generalized Pair HMM for Efficient Implementation of a Generalized

Efficient Implementation of a Generalized Pair HMM for Efficient Implementation of a Generalized Pair HMM for Comparative Gene Finding Comparative Gene Finding B. Majoros M. Pertea S.L. Salzberg ab initio (optional) gene finder genome 1

572 views • 34 slides
Energy-Efficient Communication Protocol for Wireless Microsensor Networks Juhana Yrjl

Energy-Efficient Communication Protocol for Wireless Microsensor Networks Juhana Yrjl

Energy-Efficient Communication Protocol for Wireless Microsensor Networks Juhana Yrjl jayrjola@cc.hut.fi T-79.194 Seminar on theoretical computer science 2005 Algorithmics of sensor networks Energy-Efficient Communication Protocol for

387 views • 20 slides
The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The Netherlands August 24, 2015 Latincrypt 2015, Guadalajara, Mexico Joint work with Claudio Orlandi 2 OTs 1 Sender Receiver 2 OTs

930 views • 28 slides
NTP, a misunderstood protocol designing an efficient NTP subnet: the Opera case Who is this guy?

NTP, a misunderstood protocol designing an efficient NTP subnet: the Opera case Who is this guy?

NTP, a misunderstood protocol designing an efficient NTP subnet: the Opera case Who is this guy? Marco Marongiu Currently working as Senior System Administrator for Opera Software in the Company Headquarters, located in Oslo;

765 views • 64 slides
An Efficient Multicast Protocol in Mobile Ad-hoc Networks Using Forward Error Correction

An Efficient Multicast Protocol in Mobile Ad-hoc Networks Using Forward Error Correction

An Efficient Multicast Protocol in Mobile Ad-hoc Networks Using Forward Error Correction Techniques S. C. Chen, C. R. Dow, P.J. Lin, and S. F. Hwang Department of Information Engineering and Computer Science, Feng Chia University 1 Outline

656 views • 24 slides
Maximising the benefits of the implementation of the Gothenburg Protocol for the achievement of

Maximising the benefits of the implementation of the Gothenburg Protocol for the achievement of

Fr Mensch & Umwelt LOAD 7-2014: Thematic session on monitoring and assessment of atmospheric inputs to the Baltic Maximising the benefits of the implementation of the Gothenburg Protocol for the achievement of the nitrogen reduction

488 views • 9 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Prince William Sound Dispersants Monitoring Protocol: Implementation and Enhancement of SMART

Prince William Sound Dispersants Monitoring Protocol: Implementation and Enhancement of SMART

9/15/16 Prince William Sound Dispersants Monitoring Protocol: Implementation and Enhancement of SMART (Special Monitoring of Applied Response Technologies) DRAFT July 2016 The Need for a PWS Dispersants Use Protocol PWSRCAC volunteers

75 views • 5 slides
EM-MAC: A Dynamic Multichannel Energy-Efficient MAC Protocol for Wireless Sensor Networks Lei

EM-MAC: A Dynamic Multichannel Energy-Efficient MAC Protocol for Wireless Sensor Networks Lei

EM-MAC: A Dynamic Multichannel Energy-Efficient MAC Protocol for Wireless Sensor Networks Lei Tang, Yanjun Sun, Omer Gurewitz, and David B. Johnson Presentation at ACM MobiHoc 2011, May 2011 The Objectives of EM-MAC Spread traffic to

614 views • 24 slides
AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Bjrn Haase, Benot

AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Bjrn Haase, Benot

Products Solutions Services AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Bjrn Haase, Benot Labrique Endress + Hauser Conducta GmbH & Co. KG. Slide 1 07/22/2019 B. Haase, B. Labrique AuCPace: Efficient

1.21k views • 81 slides
Hybrid Energy Efficient Reactive Protocol For Wireless Sensor Networks Prepared by Saad Noor

Hybrid Energy Efficient Reactive Protocol For Wireless Sensor Networks Prepared by Saad Noor

Hybrid Energy Efficient Reactive Protocol For Wireless Sensor Networks Hybrid Energy Efficient Reactive Protocol For Wireless Sensor Networks Prepared by Saad Noor Mohammad (BS Telecom Engg Student) N. Javaid 1 , S. N. Mohammad 1 , K. Latif 1 ,

700 views • 16 slides
Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First

Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First

Efficient Implementation of Cryptographic pairings Mike Scott Dublin City University First Steps To do Pairing based Crypto we need two things Efficient algorithms Suitable elliptic curves We have got both! (Maybe not quite

509 views • 47 slides
MIKEYv2 ldondeti@qualcomm.com Why MIKEYv2? MIKEY is an efficient key management protocol

MIKEYv2 ldondeti@qualcomm.com Why MIKEYv2? MIKEY is an efficient key management protocol

MIKEYv2 ldondeti@qualcomm.com Why MIKEYv2? MIKEY is an efficient key management protocol designed for SRTP keying Used for broadcast keying in 3GPP and OMA Easy to add crypto algorithm and mode negotiation MIKEYv2 finishes in 1 RT

586 views • 9 slides
Resource Mobilization for advancing national Implementation of the Cartagena Protocol on

Resource Mobilization for advancing national Implementation of the Cartagena Protocol on

Resource Mobilization for advancing national Implementation of the Cartagena Protocol on Biosafety Strategic Plan - Assumptions COP-MOP will adopt a number of decisions eg. RA, L&R, identification, documentation and socio-economic

290 views • 28 slides
Bio-Bridge Initiative IAC on Capacity-building for the Implementation of the Nagoya Protocol

Bio-Bridge Initiative IAC on Capacity-building for the Implementation of the Nagoya Protocol

Bio-Bridge Initiative IAC on Capacity-building for the Implementation of the Nagoya Protocol June 16, 2016 Context for BBI development Initially proposed by the Republic of Korea, and welcomed by the COP in decisions XII/2, XII/3 Aims

343 views • 19 slides
Beacon detection in PCAP files Supervisor: Sjoerd Peerlkamp[Shell] Leendert van Duijn

Beacon detection in PCAP files Supervisor: Sjoerd Peerlkamp[Shell] Leendert van Duijn

Beacon detection in PCAP files Supervisor: Sjoerd Peerlkamp[Shell] Leendert van Duijn Universiteit van Amsterdam - System and Network Engineering Leendert.vanduijn@os3.nl July 3, 2014 Leendert van Duijn (UvA-SNE) Beacon detection July 3,

224 views • 20 slides
Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is

Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is

Computer Networks Prof. Hema A Murthy Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is large. Data: - stream of bulk data - data can be pipelined - transmit window of date - donot

1.71k views • 13 slides
EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic Context I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs Antreas Dionysiou - Department of Computer Science University of Cyprus

867 views • 39 slides
Panel on collaborative research methodology for large-scale computer systems Grigori Fursin

Panel on collaborative research methodology for large-scale computer systems Grigori Fursin

Panel on collaborative research methodology for large-scale computer systems Grigori Fursin EXADAPT/ASPLOS INRIA, France March 2012 Background 1993-1997 Semiconductor electronics, physics, neural networks First steps on auto-tuning and

950 views • 38 slides
Energy Meter S/W features Mr. N.K. Bhati Yadav Measurements Pvt.Ltd. Udaipur , India 1 Power

Energy Meter S/W features Mr. N.K. Bhati Yadav Measurements Pvt.Ltd. Udaipur , India 1 Power

DRUM TRAINING PROGRAM A U.S. Agency for International Development (USAID) Funded Program Energy Meter S/W features Mr. N.K. Bhati Yadav Measurements Pvt.Ltd. Udaipur , India 1 Power Finance Corporation Ltd. (A Govt. of India

816 views • 78 slides
Algorithms and Applications for the Estimation of Stream Statistics in Networks Aviv Yehezkel

Algorithms and Applications for the Estimation of Stream Statistics in Networks Aviv Yehezkel

Algorithms and Applications for the Estimation of Stream Statistics in Networks Aviv Yehezkel Ph.D. Research Proposal Supervisor: Prof. Reuven Cohen Overview Motivation Introduction Cardinality Estimation Problem Weighted

1.78k views • 133 slides
Practical Guidance for Returning to the Office Presented by 1 Leadership & Staff

Practical Guidance for Returning to the Office Presented by 1 Leadership & Staff

Practical Guidance for Returning to the Office Presented by 1 Leadership & Staff Considerations Office Layout Solutions IT's Role In Return-To-Work Sonja Der Charles Atwell Mark Meszaros Bridge Performance Coaching Washington

619 views • 51 slides
P ART 1: O FF -D ETECTOR E LECTRONICS ECAL T ASKS & ORGANIZATION A REA &

P ART 1: O FF -D ETECTOR E LECTRONICS ECAL T ASKS & ORGANIZATION A REA &

Les Journes CMS-FRANCE S ELECTIVE R EAD - OUT P ROCESSOR J.-L. Faure, O. Gachelin, P . Gras, I. Mandjavidze, M. Mur CEA Saclay, 91191 Gif-sur-Yvette CEDEX, France Irakli.Mandjavidze@cea.fr O UTLINE O FF -D ETECTOR E LECTRONICS S ELECTIVE R EAD

419 views • 31 slides

More recommend