efficiently protecting data and functions
play

Efficiently Protecting Data and Functions Thomas Schneider - PowerPoint PPT Presentation

Aug 23, 2023 •669 likes •1.31k views

Efficiently Protecting Data and Functions Thomas Schneider CROSSING Summer School September 13, 2019 1 Based on joint works with Daniel gnes Daniel Gnther Kiss Demmler and many more. 2 Outline 1. Secure Function Evaluation

  1. Efficiently Protecting Data and Functions Thomas Schneider CROSSING Summer School September 13, 2019 1

  2. Based on joint works with… Daniel Ágnes Daniel Günther Kiss Demmler … and many more. 2

  3. Outline 1. Secure Function Evaluation with Mixed Protocols 2. Private Function Evaluation of Boolean Circuits 3

  4. Outline 1. Secure Function Evaluation with Mixed Protocols 2. Private Function Evaluation of Boolean Circuits 4

  5. Secure Function Evaluation (SFE) SFE % # ! !(#, %) 5

  6. Secure Function Evaluation (SFE) Public function !(⋅,⋅) Is S • compute arbitrary function ! richer? x < y • on private data ', ( Client , Server - • without trusted third party • reveal nothing but result ) = !(', () Private data ' Private data ( x = $1 Mio y = $2 Mio SFE Example: Yao’s Millionaires’ Problem true ) = !(', () 6

  7. Applications of Secure Function Evaluation (Small Selection) Auctions [NPS99], ... Remote Diagnostics [BPSW07], ... DNA Searching [TKC07], ... Biometric Identification [EFGKLT09], ... Medical Diagnostics [BFKLS S 09], ... 7

  8. Implementing Secure Function Evaluation Function Idea Boolean Arithmetic Representation Circuits Circuits Protocol DGK Paillier OT Yao GMW Point-and- Fixed-Key Optimizations Free-XOR Half-Gates permute Garbling 8

  9. Example for Mixed-Protocol SFE: Minimum Euclidean Distance Minimum Euclidean Distance: min(∑ d i= 1 ( S i ,1 – C i ) 2 , …, ∑ d i=1 ( S i,n – C i ) 2 ) l Server holds database S , client holds query C l Used in biometric matching (face-recognition, fingerprint, …) Function Arithmetic Boolean Circuits Circuits DGK Paillier OT Yao GMW 9

  10. Example for Mixed-Protocol SFE: Minimum Euclidean Distance Minimum Euclidean Distance: min(∑ d i= 1 ( S i ,1 – C i ) 2 , …, ∑ d i=1 ( S i,n – C i ) 2 ) l Server holds database S , client holds query C l Used in biometric matching (face-recognition, fingerprint, …) Function Arithmetic Boolean Circuits Circuits DGK Paillier OT Yao GMW 10

  11. Example for Mixed-Protocol SFE: Minimum Euclidean Distance Minimum Euclidean Distance: min(∑ d i= 1 ( S i ,1 – C i ) 2 , …, ∑ d i=1 ( S i,n – C i ) 2 ) l Server holds database S , client holds query C l Used in biometric matching (face-recognition, fingerprint, …) Function Arithmetic Boolean Circuits Circuits DGK Paillier OT Yao GMW 11

  12. The ABY Framework [DSZ15] c=a*b A A rithmetic sharing: v = a + b mod 2 ℓ c a ● Free addition / cheap multiplication , b ● Good for multiplication B Y B oolean sharing: v = a ⊕ b [GMW87] Free XOR / one message per AND c=a*b ● Good for multiplexing ● Multiplication (32-bit) Y ao's garbled circuits: S: k 0 ,k 1 ; C: k v [Yao86] Protocol Yao Mixed Free XOR / no interaction per AND ● LAN [μs] 1.1 0.1 Good for comparison ● Comm. 100 5 [KB] [D S Z15] D. Demmler, T. Schneider, M. Zohner: ABY – A Framework for Efficient Mixed-Protocol Secure Two-party Computation. In NDSS’15. 12

  13. The ABY Framework [DSZ15] C++-Framework for efficient hybrid SFE • Efficient secure two-party computation protocols & conversions using symmetric crypto • Code: https://encrypto.de/code/ABY Function Circuit Protocols Program automated manual manual A >_ Idea B Y [D S Z15] D. Demmler, T. Schneider, M. Zohner: ABY – A Framework for Efficient Mixed-Protocol Secure Two-party Computation. In NDSS’15. 13

  14. HDL Circuits [DDKSSZ15] Compilation from HDL into SFE and efficient building blocks • Function description in Verilog/VHDL (or via high-level synthesis in C) • Extends TinyGarble by hardware synthesis for depth-optimized circuits: [SHS S K15] E. Songhori, S. Hussain, A.-R. Sadeghi, T. Schneider, F. Koushanfar: TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits. In S&P’15. Function HDL Circuit Protocols Program automated automated manual manual A 1 >_ 2 Idea *.vhdl 3 4 B Y 5 [DDKS S Z15] D. Demmler, G. Dessouky, F. Koushanfar, A.-R. Sadeghi, T. Schneider, S. Zeitouni. Automated Synthesis of Optimized Circuits for Secure Computation. In CCS’15. 14

  15. HyCC [BDKKS18] Fully automated compilation from C into hybrid SFE • Extension of CBMC-GC and combination with ABY: [HFKV12] A. Holzer, M. Franz, S. Katzenbeisser, H. Veith: Secure Two-party Computations in ANSI C. In CCS‘12 . • Automated partitioning and protocol selection Function C Circuit Protocols Program automated automated automated manual A 1 >_ 2 Idea *.c 3 4 B Y 5 [BDKK S 18] N. Büscher, D. Demmler, S. Katzenbeisser, D. Kretzmer, T. Schneider. HyCC: Compilation of Hybrid Protocols for Practical Secure Computation. In CCS’18. 15

  16. HyCC – Hybrid MPC Applications Protocol online runtime: Protocol online runtime: Biometric Matching (n=1000) Textbook Gauss Solver (n=10) Runtime Runtime Runtime Runtime Total LAN WAN LAN WAN Communication Yao GC (Y) 1,177 ms 1,789 ms Y 429 ms 631 ms 31 MB GMW (B) 2,932 ms 7,974 ms A + Y 256 ms 4,235 ms 10 MB LSS and GMW 131 ms 4,249 ms (A+B) Protocol online runtime: LSS and Yao GC 70 ms 584 ms MiniONN CNN (Relu, MNIST dataset) (A+Y) Runtime Runtime LAN WAN All circuits compiled with HyCC and evaluated [LJLA17] 5,740 ms - in the ABY framework. LAN: 1Gbit / WAN: 100Mbit and 100ms RTT. A + Y 1,621 ms 5,882 ms 16

  17. Outline 1. Secure Function Evaluation with Mixed Protocols 2. Private Function Evaluation of Boolean Circuits 17

  18. Secure Function Evaluation of Boolean Circuits Boolean circuit % # !(#, %) , 18

  19. Private Function Evaluation (PFE) PFE ! # !(#) 19

  20. Private Function Evaluation of Boolean Circuits PFE C # !(#) 20

  21. Applications of PFE of Boolean Circuits Solvency verification Smart metering Insurance rate & credit Private databases risk assessment 21

  22. Challenges – Hiding the Circuit • Public: 1 = 4 Number of inputs 1 • Number of outputs 2 • ? ? Number of gates 3 • 3 = 4 ? ? • Private: • Functionality of gates ? • Topology of circuit 2 = 1 22

  23. Universal Circuit (UC) There exists a Boolean circuit 6, of size Θ 8 log 8 s.t. for any Boolean function ! of size 8 6, can be programmed to compute !. Leslie G. Valiant 1976 ! 6, 23

  24. Universal Circuit (UC) There exists a Boolean circuit 6, of size Θ 8 log 8 s.t. for any Boolean function ! of size 8 there exists a programming = such that for any input #: 6, =, # = ! # . # # = Leslie G. Valiant 1976 !(#) 6, =, # = !(#) 24

  25. PFE of Boolean Circuits PFE , ?, @, A # !(#) 25

  26. PFE of Boolean Circuits via SFE of a UC p # 6, ?,@,A ! # = 6, =, # 26

  27. Further Applications of UCs beyond PFE Obfuscation Attribute-based Encryption Adaptively Secure MPC Batch Execution MPC 27

  28. UC Generation gates inputs C (size: 8 = 1 + 2 + 3 ) outputs UC Generation Programming bits p Universal circuit UC 28

  29. Existing UC Constructions [Val76] 1976 [Val76] [Val76] 2-way 4-way 58 log 8 4.758 log 8 Size 3.758 Depth 38 Code [Val76] L. G. Valiant: Universal Circuits (Preliminary Report). In STOC’76. 29

  30. Valiant’s UC Construction C size ≤ 8 8 Graph G C C G C 30

  31. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Universal circuit UC G C UG 31

  32. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Universal circuit UC G C UG 32

  33. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Universal circuit UC G C UG 33

  34. Valiant’s UC Construction C size ≤ 8 8 P ROGRAMMING G ENERATION Graph G C Universal graph UG Embedding E Programming bits p Universal circuit UC 34

  35. 2-way Recursive UG Construction 6H I K L 6H ⁄ 6H ⁄ I K I K LL 6H ⁄ LK KL KK 6H ⁄ 6H ⁄ 6H ⁄ I M I M I M I M ... ... ... ... ... 35

  36. 2-way Recursive UG Construction 6H I K L 6H ⁄ 6H ⁄ I K I K LL 6H ⁄ LK KL KK 6H ⁄ 6H ⁄ 6H ⁄ I M I M I M I M KKL 6H ⁄ LLL 6H ⁄ KLL 6H ⁄ LKL 6H ⁄ LLK KKK KLK LKK 6H ⁄ 6H ⁄ 6H ⁄ 6H ⁄ I N I N I N I N I N I N I N I N 36

  37. A „Small„ Example 1 = 25 Q RS 835 nodes / 3 = 56 869 AND gates 2 = 1 37

  38. Existing UC Constructions [Val76] [K S 08] 1976 2008 [Val76] [Val76] [KS08] 2-way 4-way 1.58 log 2 8 58 log 8 4.758 log 8 Size + 28 log 8 Depth 38 3.758 8 log 8 Code [K S 08] V. Kolesnikov, T. Schneider: A Practical Universal Circuit Construction and Secure Evaluation of Private Functions. In FC’08 . 38

  39. Existing UC Constructions [K S 16] [Val76] [K S 08] [LMS16] 1976 2008 2016 [Val76] [Val76] [KS08] 2-way 4-way 1.58 log 2 8 58 log 8 4.758 log 8 Size + 28 log 8 Depth 38 3.758 8 log 8 Code [K S 16] Á. Kiss, T. Schneider: Valiant's Universal Circuit is Practical. In EUROCRYPT’16. [LMS16] H. Lipmaa, P. Mohassel, S. Sadeghian: Valiant's Universal Circuit: Improvements, Implementation, and Applications. In ePrint 2016/017. 39

  40. Comparison [K S 08] UC Size of the UC [Val76] 2-way UC n=1070 Input circuit size 8 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Citadel: Efficiently Protecting Stacked Memory From Large Granularity Failures Dec 15 th 2014

Citadel: Efficiently Protecting Stacked Memory From Large Granularity Failures Dec 15 th 2014

Citadel: Efficiently Protecting Stacked Memory From Large Granularity Failures Dec 15 th 2014 MICRO-47 Cambridge UK Prashant Nair - Georgia Tech David Roberts - AMD Research Moinuddin Qureshi - Georgia Tech INTRODUCTION TO 3D DRAM DRAM

533 views • 40 slides
A method for efficiently calculating head-related transfer functions (HRTFs) directly from head

A method for efficiently calculating head-related transfer functions (HRTFs) directly from head

Paper Number 9892 A method for efficiently calculating head-related transfer functions (HRTFs) directly from head scan point clouds Presented at the 143rd AES Convention October 21, 2017, New York, NY, USA Rahulram Sridhar (presenter) Edgar

600 views • 29 slides
Iterators and Generators Sequences: tuple, list return functions Dictionaries

Iterators and Generators Sequences: tuple, list return functions Dictionaries

4/20/20 Computational Structures in Data Computational Concepts Toolbox Science Data type: values, literals, Higher Order Functions operations, Functions as Values Expressions, Call Functions with functions as argument

55 views • 4 slides
Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig Network Security Group ETH Zrich 1 Why worry about Big Data Security? Security is well understood and well handled! Really? 2 Problem

360 views • 16 slides
16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types

16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types

Data Structures A data structure is a particular way of organizing data in a computer 16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types stack, queue 446 447 Motivation: Stack Examples using a

258 views • 7 slides
Properties of (functions may return functions) Functions may be passed as parameter

Properties of (functions may return functions) Functions may be passed as parameter

Functions as first class citizens Function may be a value of an expression Properties of (functions may return functions) Functions may be passed as parameter functional Functions may be stored in data structures languages

306 views • 11 slides
Efficiently Backing up Terabytes of Data with pgBackRest David Steele LISA 2015 November 11,

Efficiently Backing up Terabytes of Data with pgBackRest David Steele LISA 2015 November 11,

Efficiently Backing up Terabytes of Data with pgBackRest David Steele LISA 2015 November 11, 2015 About the Speaker Senior Data Architect at Crunchy Data Solutions, the PostgreSQL company for secure enterprises. Actively developing

288 views • 15 slides
Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice Nov. 16, 2017 Agenda Why sharing and protecting student data matters Sharing data deep dive Protecting data deep dive Tips

313 views • 30 slides
Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia

Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia

Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia 2017 July 6, 2017 Agenda 1 Why Backup? 2 Living Backups 3 Design 4 Features Performance 5 Changes to Core 6 In The Pipeline 7 8

376 views • 25 slides
Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6 million 63% Identity fraud is a serious issue. people experienced of confirmed data Fraudsters have identity theft in 2014 breaches involved stolen

605 views • 29 slides
Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W.

Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W.

Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W. Embley DEG Lab BYU Computer Science Dept. Supported by National Science Foundation Grant #0083127 Introduction Integrating data from multiple

268 views • 15 slides
Typical Applications Map functions on data structures Scheduling functions PolyTest

Typical Applications Map functions on data structures Scheduling functions PolyTest

Typical Applications Map functions on data structures Scheduling functions PolyTest polymorphic testing monomorphic testing over functions Many, many more...? Today: quantification over functions is avoided No Show

329 views • 16 slides
An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel Abdalla, Fabrice Benhamouda, Alain Passelgue Pseudorandom functions [GGM86] - efficiently computable function : -

1.01k views • 56 slides
Functions http://xkcd.com/221/ Fundamentals of Computer Science Outline Functions

Functions http://xkcd.com/221/ Fundamentals of Computer Science Outline Functions

Functions http://xkcd.com/221/ Fundamentals of Computer Science Outline Functions Library Functions Helper functions Perform calculations Output data Consolidate similar code to one location Functions Flow of

1.01k views • 23 slides
Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed Presidents Executive Council on 13 Jan: recommended to proceed with deploying a Sensitive Data Manager tool on all UND owned computers to

321 views • 6 slides
Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent

Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent

Inducing Efficiently Inducing Efficiently optimizi optimizing outpati ng outpatient i ent induction nduction of labour of labour Janet Lyons Henry Woo MD FRCSC MD MPH CCFP FRCSC Medical Lead, High Risk Obstetrics

913 views • 54 slides
Media Gateway Control and the Softswitch Architecture Chapter 6 Introduction Voice over IP

Media Gateway Control and the Softswitch Architecture Chapter 6 Introduction Voice over IP

Media Gateway Control and the Softswitch Architecture Chapter 6 Introduction Voice over IP Lower cost of network implementation Integration of voice and data applications New service features Reduced bandwidth Replacing

664 views • 55 slides
Mu-MASS Laser Current status and updates Zak Burkley &amp; Jesse Zhang Mu-MASS Laser update

Mu-MASS Laser Current status and updates Zak Burkley &amp; Jesse Zhang Mu-MASS Laser update

Mu-MASS Laser Current status and updates Zak Burkley &amp; Jesse Zhang Mu-MASS Laser update Laboratory for Positron and Positronium Physics | | 12.11.19 1 EOM business Qubig EOM with bigger aperture (5mm x 5mm instead of 3mm x 3mm)

361 views • 3 slides
CMS TriDAS project Infrastructure issues for the CMS online farm attila.racz@cern.ch Outline

CMS TriDAS project Infrastructure issues for the CMS online farm attila.racz@cern.ch Outline

CMS TriDAS project Infrastructure issues for the CMS online farm attila.racz@cern.ch Outline Introduction Bill of Material Cooling issues Fire protection Power supplies Networking What next ? / Conclusion July

625 views • 25 slides
Functional Quantum Programming Thorsten Altenkirch University of Nottingham based on joint work

Functional Quantum Programming Thorsten Altenkirch University of Nottingham based on joint work

Functional Quantum Programming Thorsten Altenkirch University of Nottingham based on joint work with Jonathan Grattage and discussions with V.P . Belavkin Functional Quantum Programming p. 1/44 Background Functional Quantum Programming

1.78k views • 146 slides
Multi-touch Interface for Controlling Multiple Mobile Robots Igarashi Laboratory, The University

Multi-touch Interface for Controlling Multiple Mobile Robots Igarashi Laboratory, The University

Multi-touch Interface for Controlling Multiple Mobile Robots Igarashi Laboratory, The University of Tokyo JST, ERATO, IGARASHI Design UI Project Jun Kato 1 Multi-touch Interface for Controlling Multiple Mobile Robots INTRODUCTION 2

345 views • 21 slides
GISpL: Gestures Made Easy Introducing the G estural I nterface Sp ecification L anguage Florian

GISpL: Gestures Made Easy Introducing the G estural I nterface Sp ecification L anguage Florian

GISpL: Gestures Made Easy Introducing the G estural I nterface Sp ecification L anguage Florian Echtler Siemens Corporate Technology Munich Univ. of Applied Sciences Andreas Butz Corporate Technology Ludwig-Maximilians-Universitt Mnchen

536 views • 9 slides
Beyond-the-Desktop Interactive Visualizations Hauptseminar Information Visualization -

Beyond-the-Desktop Interactive Visualizations Hauptseminar Information Visualization -

Beyond-the-Desktop Interactive Visualizations Hauptseminar Information Visualization - Wintersemester 2008/2009&quot; Steffen Wenz LFE Medieninformatik February 16/17 2009 LMU Department of Media Informatics | Hauptseminar WS

259 views • 15 slides
Android APIs 2.0, 2.1 &amp; 2.2 Whats new? Markus Junginger droidcon Berlin 27. Mai 2010

Android APIs 2.0, 2.1 &amp; 2.2 Whats new? Markus Junginger droidcon Berlin 27. Mai 2010

Android APIs 2.0, 2.1 &amp; 2.2 Whats new? Markus Junginger droidcon Berlin 27. Mai 2010 Outline Bluetooth Quick Contacts Multitouch Live Wallpaper External Storage Cloud-to-device service Data backup JIT &amp;

749 views • 34 slides

More recommend