Fair Secure Computation (or how can I gain strategic advantage by - - PowerPoint PPT Presentation

fair secure computation or how can i gain strategic
SMART_READER_LITE
LIVE PREVIEW

Fair Secure Computation (or how can I gain strategic advantage by - - PowerPoint PPT Presentation

Feb 08, 2024 143 likes •433 views

Rump Session 2016 Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin Kp Ko University Fair Secure Computation ALPTEKN KP Assistant Professor of Computer Science and Engineering

slide-1
SLIDE 1

Rump Session 2016

Fair Secure Computation (or how can I gain strategic advantage by breaking fairness)

Alptekin Küpçü

Koç University

slide-2
SLIDE 2

Fair Secure Computation

ALPTEKİN KÜPÇÜ

Assistant Professor of Computer Science and Engineering

slide-3
SLIDE 3

Secure Multi-Party Computation

12 May 2016 Alptekin Küpçü - Koç University 2

X1 X2 X3 X5 X4 X6

slide-4
SLIDE 4

Secure Multi-Party Computation

12 May 2016 Alptekin Küpçü - Koç University 3

X1 X2 X3 X5 X4 X6

slide-5
SLIDE 5

Secure Multi-Party Computation

12 May 2016 Alptekin Küpçü - Koç University 4

Y1 Y2 Y3 Y5 Y4 Y6

slide-6
SLIDE 6

Secure Multi-Party Computation

12 May 2016 Alptekin Küpçü - Koç University 5

Y3

slide-7
SLIDE 7

SMPC in a Corporate Setting

12 May 2016 Alptekin Küpçü - Koç University 6

I OWN YOU

Y3

slide-8
SLIDE 8

Ideal World

12 May 2016 Alptekin Küpçü - Koç University 7

X1 X2 X3 X5 X4 X6

slide-9
SLIDE 9

Ideal World

12 May 2016 Alptekin Küpçü - Koç University 8

Y1 Y2 Y3 Y5 Y4 Y6

slide-10
SLIDE 10

Real World

12 May 2016 Alptekin Küpçü - Koç University 9

X1 X2 X3 X5 X4 X6

slide-11
SLIDE 11

Simulator

12 May 2016 Alptekin Küpçü - Koç University 10

X1 X2 X3 X5 X4 X6

slide-12
SLIDE 12

Fairness Impossible in General

  • Assume a trusted Arbiter is available
  • Only trusted for fairness, not security
  • May collude with players
  • Should not learn input/output
  • Optimistically employed
  • Must be efficient (otherwise bottleneck)

12 May 2016 Alptekin Küpçü - Koç University 11

slide-13
SLIDE 13

Fairness Impossible in General

  • Assume a trusted Arbiter is available
  • Only trusted for fairness, not security
  • May collude with players
  • Should not learn input/output
  • Optimistically employed
  • Must be efficient (otherwise bottleneck)
  • Ideal TTP Real Arbiter

12 May 2016 Alptekin Küpçü - Koç University 12

slide-14
SLIDE 14

Fair and Secure Computation

  • Fairness extentions and Arbiter

resolutions must be simulated

12 May 2016 Alptekin Küpçü - Koç University 13

slide-15
SLIDE 15

Simulating Fairness

12 May 2016 Alptekin Küpçü - Koç University 14

X1 X2

SECURE 2PC SIMULATION FAIRNESS ARGUMENT

slide-16
SLIDE 16

Simulating Fairness

12 May 2016 Alptekin Küpçü - Koç University 15

X1 X2

SECURE and FAIR 2PC SIMULATION

slide-17
SLIDE 17

Fair and Secure Computation

  • Fairness extentions and Arbiter

resolutions must be simulated

  • Otherwise the protocol may be insecure!

12 May 2016 Alptekin Küpçü - Koç University 16

slide-18
SLIDE 18

Fair and Secure Computation

  • Fairness extentions and Arbiter

resolutions must be simulated

  • Otherwise the protocol may be insecure!
  • Simulator may contact only when

fairness is guaranteed

12 May 2016 Alptekin Küpçü - Koç University 17

slide-19
SLIDE 19

Simulator

12 May 2016 Alptekin Küpçü - Koç University 18

X1 X2 X3 X5 X4 X6

slide-20
SLIDE 20

Ideal World

12 May 2016 Alptekin Küpçü - Koç University 19

Y1 Y2 Y3 Y5 Y4 Y6

slide-21
SLIDE 21

Real World

12 May 2016 Alptekin Küpçü - Koç University 20

slide-22
SLIDE 22

Fair and Secure Computation

  • Fairness extentions and Arbiter

resolutions must be simulated

  • Otherwise the protocol may be insecure!
  • Simulator may contact only when

fairness is guaranteed

  • Otherwise real and ideal world outputs

are distinguishable

12 May 2016 Alptekin Küpçü - Koç University 21

slide-23
SLIDE 23

Fair and Secure Computation

  • Fairness extentions and Arbiter

resolutions must be simulated

  • Otherwise the protocol may be insecure!
  • Simulator may contact only when

fairness is guaranteed

  • Otherwise real and ideal world outputs

are distinguishable

  • Arbiter cannot harm security

12 May 2016 Alptekin Küpçü - Koç University 22

slide-24
SLIDE 24

Our Solutions

12 May 2016 Alptekin Küpçü - Koç University 23

# Participants # Rounds # Messages 2 O(1) O(1) n O(1) O(n^2)

  • OPTIMAL asymptotic performance
  • Cut-and-choose or zero-knowledge
  • Malicious or covert
  • 2PC or MPC
slide-25
SLIDE 25

Comparison

  • Compared to related works, we provide
  • Optimal asymptotic performance
  • Constant round (not gradual release)
  • No broadcast
  • Arbiter load independent of the circuit size
  • Do not require an external payment mechanism
  • In a competitive corporate setting, how can one value

some output that is unknown beforehand?

  • Full simulation proofs
  • Arbiter cannot harm security
  • Also proven via simulation
  • Only fairness is lost if Arbiter colludes with malicious

parties

12 May 2016 Alptekin Küpçü - Koç University 24

slide-26
SLIDE 26

Our Papers

  • Reading
  • Kılınç and Küpçü, CT-RSA 2015, Optimally

Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation

  • Kılınç and Küpçü, FC 2016, Efficiently Making

Secure Two-Party Computation Fair

  • Küpçü and Mohassel, FC 2016, Fast

Optimistically Fair Cut-and-Choose 2PC

  • Funding Acknowlegements
  • TÜBİTAK, the Scientific and Technological

Research Council of TURKEY

  • COST Action IC1306 Cryptoaction

12 May 2016 Alptekin Küpçü - Koç University 25

slide-27
SLIDE 27

ALPTEKİN KÜPÇÜ

Assistant Professor of Computer Science and Engineering

http://crypto.ku.edu.tr