fast distributed rsa key generation for fast distributed
play

FAST DISTRIBUTED RSA KEY GENERATION FOR FAST DISTRIBUTED RSA KEY - PowerPoint PPT Presentation

Oct 05, 2023 •192 likes •458 views

Making malicious security orders of magnitude more efficient than previous efficient than previous FAST DISTRIBUTED RSA KEY GENERATION FOR FAST DISTRIBUTED RSA KEY GENERATION FOR semi-honest SEMI-HONEST AND MALICIOUS ADVERSARIES Tore

  1. Making malicious security orders of magnitude more efficient than previous efficient than previous FAST DISTRIBUTED RSA KEY GENERATION FOR FAST DISTRIBUTED RSA KEY GENERATION FOR semi-honest SEMI-HONEST AND MALICIOUS ADVERSARIES Tore Frederiksen 3 , Yehuda Lindell 1,2 , Valery Osheter 2 , Benny Pinkas 1 15 min vs. 41 sec 15 min vs. 41 sec 3: 1: 2:

  2. OUTLINE • Introduction • Semi-honest construction • Malicious construction • Efficiency • Conclusion • Conclusion 06-10-2018 Page 2

  3. INTRODUCTION – PUBLIC KEY ENCRYPTION m m 06-10-2018 Page 3

  4. INTRODUCTION – DISTRIBUTED PKE m 06-10-2018 Page 4

  5. INTRODUCTION – MOTIVATION • Sometimes it can also be used for distributed signature schemes schemes – Which is an end in itself • Relevant for MPC protocols – CDN01, semi-homomorphic PKE – DPSZ12, somewhat-homomorphic PKE – DPSZ12, somewhat-homomorphic PKE • Cloud based key management – – 06-10-2018 Page 5

  6. INTRODUCTION – RSA • 06-10-2018 Page 6

  7. INTRODUCTION – DISTRIBUTED RSA • 06-10-2018 Page 7

  8. INTRODUCTION – DISTRIBUTED RSA • 06-10-2018 Page 8

  9. INTRODUCTION – INTUITION Candidate generation Candidate generation Construct modulus Verify modulus Construct keys 06-10-2018 Page 9

  10. OUTLINE • Introduction • Semi-honest construction • Malicious construction • Efficiency • Conclusion • Conclusion 06-10-2018 Page 10

  11. SEMI-HONEST – CANDIDATE GENERATION • 06-10-2018 Page 11

  12. SEMI-HONEST – CONSTRUCT MODULUS • 06-10-2018 Page 12

  13. SEMI-HONEST – VERIFY MODULUS • Biprimality test [BF01] False positive positive prob ½ Repeat 06-10-2018 Page 14

  14. SEMI-HONEST – CONSTRUCT KEYS • 06-10-2018 Page 16

  15. OUTLINE • Introduction • Semi-honest construction • Malicious construction • Efficiency • Conclusion • Conclusion 06-10-2018 Page 17

  16. MALICIOUS – IDEA • Allow adversary to fail good candidates • Accepted key must be “good” without leakage • Accepted key must be “good” without leakage • Selective failure prevention • Input consistency • Correctness of biprimality • Correctness of biprimality 06-10-2018 Page 18

  17. MALICIOUS – STEPS • Selective failure prevention – Do OT on random, linear encoding – Do OT on random, linear encoding – Use linearity to obtain correct product – Randomness ensures leakage on encoding does not leak on input • Input consistency – Commitments based on AES encryption – Zero-knowledge of correct encryption – Very efficient commit-many-open-few – Very efficient commit-many-open-few • Correctness of biprimality (zero-knowledge) – Almost standard proof-of-knowledge of discrete log – Few “commitments” on top to ensure composability 06-10-2018 Page 19

  18. MALICIOUS – CONSISTENCY • “Commitment” by encrypting using AES • Efficient commit-many-open-few 06-10-2018 Page 21

  19. MALICIOUS – VERIFY MODULUS 06-10-2018 Page 22

  20. MALICIOUS – VERIFY MODULUS Zero-knowledge 06-10-2018 Page 23

  21. OUTLINE • Introduction • Semi-honest construction • Malicious construction • Efficiency • Conclusion • Conclusion 06-10-2018 Page 24

  22. EFFICIENCY – IMPLEMENTATION 2048 RSA • 06-10-2018 Page 26

  23. IMPLEMENTATION – EXPERIMENTS Malicious! • Azure using multi-threaded Xeon machine • Single-thread min 56, max 598, average 182 seconds • 8-thread, average 41 seconds • Best previous 15 minutes for semi-honest [HMR+12] Phase Percentage Candidate generation 10 Construct modulus Construct modulus 55 55 Verify modulus 6 Zero-knowledge 16* Other 13 06-10-2018 Page 27

  24. OUTLINE • Introduction • Semi-honest construction • Malicious construction • Efficiency • Conclusion • Conclusion 06-10-2018 Page 28

  25. CONCLUSION • New protocol for malicious distributed RSA generation – Malicious security almost for free – Malicious security almost for free – No specific number theoretic assumptions – Implementation • New efficient commit-many-open-few protocol • Effective selective failure prevention for multiplication using OT 06-10-2018 Page 29

  26. Thank you for your attention! Tore Frederiksen Cryptography Engineer tore.frederiksen@alexandra.dk Cutting-edge IT research and technology

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Sol Fast Distributed Computation Over Slow Networks Fan Lai , Jie You, Xiangfeng Zhu Harsha V.

Sol Fast Distributed Computation Over Slow Networks Fan Lai , Jie You, Xiangfeng Zhu Harsha V.

Sol Fast Distributed Computation Over Slow Networks Fan Lai , Jie You, Xiangfeng Zhu Harsha V. Madhyastha, Mosharaf Chowdhury 1 Distributed Data Processing is Ubiquitous Distributed computation in Local-Area Networks (LAN) To accelerate

1.92k views • 77 slides
Nimbus: Running Fast, Distributed Computations with Execution Templates Omid Mashayekhi

Nimbus: Running Fast, Distributed Computations with Execution Templates Omid Mashayekhi

Nimbus: Running Fast, Distributed Computations with Execution Templates Omid Mashayekhi (omidm@stanford.edu) Hang Qu Chinmayee Shah Philip Levis February 2016 Nimbus: Running Fast, Distributed Computations with Execution Templates Omid

303 views • 8 slides
A Distributed Multi-GPU System for Fast Graph Processing Z. Jia, Y. Kwon, G. Shipman, P.

A Distributed Multi-GPU System for Fast Graph Processing Z. Jia, Y. Kwon, G. Shipman, P.

A Distributed Multi-GPU System for Fast Graph Processing Z. Jia, Y. Kwon, G. Shipman, P. McCormick, M. Erez, A. Aiken Presented by Oliver Hope 1 / 11 What is Lux? / Contributions of paper Computational Model: 2 execution models A dynamic

354 views • 11 slides
Distributed Fusion in Sensor Distributed Fusion in Sensor Networks Networks Jie Gao Computer

Distributed Fusion in Sensor Distributed Fusion in Sensor Networks Networks Jie Gao Computer

Distributed Fusion in Sensor Distributed Fusion in Sensor Networks Networks Jie Gao Computer Science Department Stony Brook University Papers Papers [Xiao04] Lin Xiao, Stephen Boyd, Fast Linear Iterations for Distributed Averaging ,

659 views • 50 slides
Fast Distributed Process Creation with the XMOS XS1 Architecture James Hanlon Department of

Fast Distributed Process Creation with the XMOS XS1 Architecture James Hanlon Department of

Fast Distributed Process Creation with the XMOS XS1 Architecture James Hanlon Department of Computer Science University of Bristol, UK 20 th June 2011 Introduction Processors as a resource Scalable parallel programming Contributions

597 views • 25 slides
Fast Algorithms for Distributed Optimization over Time-varying Graphs Angelia.Nedich@asu.edu

Fast Algorithms for Distributed Optimization over Time-varying Graphs Angelia.Nedich@asu.edu

Fast Algorithms for Distributed Optimization over Time-varying Graphs Angelia.Nedich@asu.edu School of Electrical, Computer, and Energy Engineering Arizona State University at Tempe Collaborative work with Wei (Wilbur) Shi and Alexander

701 views • 41 slides
Fast and Generic Collectives for Distributed ML Guanhua Wang , Shivaram Venkataraman, Amar

Fast and Generic Collectives for Distributed ML Guanhua Wang , Shivaram Venkataraman, Amar

Fast and Generic Collectives for Distributed ML Guanhua Wang , Shivaram Venkataraman, Amar Phanishayee Jorgen Thelin, Nikhil R. Devanur, Ion Stoica 1 DNNs empower state-of-the-art results across many different applications Image Classification

1.02k views • 84 slides
Distributed Fast Multiple Method Hao Gao CS598 APK Dec 13, 2017 Why FMM? Direct Evaluation

Distributed Fast Multiple Method Hao Gao CS598 APK Dec 13, 2017 Why FMM? Direct Evaluation

Distributed Fast Multiple Method Hao Gao CS598 APK Dec 13, 2017 Why FMM? Direct Evaluation O(MN) too costly for large problem FMM solves this problem in linear time - O(M+N) In this class, used to evaluate layer potentials Idea:

309 views • 12 slides
Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed

Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed

Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed Reda 1,2 Gerald Q. Maguire Jr. 1 Dejan Kostic 1 Marco Canini 3 1 KTH Royal Institute of Technology 2 Universit Catholique de Louvain 3 KAUST

959 views • 33 slides
Fast distributed approximation algorithms for vertex cover and set cover in anonymous networks

Fast distributed approximation algorithms for vertex cover and set cover in anonymous networks

Fast distributed approximation algorithms for vertex cover and set cover in anonymous networks Jukka Suomela Helsinki Institute for Information Technology HIIT University of Helsinki, Finland Braunschweig, 29 November 2010 3 1378 Joint

630 views • 47 slides
Piccolo: Building fast distributed programs with partitioned tables Russell Power Jinyang Li

Piccolo: Building fast distributed programs with partitioned tables Russell Power Jinyang Li

Piccolo: Building fast distributed programs with partitioned tables Russell Power Jinyang Li New York University Motivating Example: PageRank for each node X in graph: Repeat until for each edge X Z: convergence next[Z] += curr[X] Fits

649 views • 32 slides
Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin

Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin

Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin Beineke, Florian Klein, Michael Schttner Institut fr Informatik, Heinrich-Heine-Universitt Dsseldorf Outline Motivation The In-Memory

323 views • 21 slides
Temporally Distributed Networks for Fast Video Semantic Segmentation Ping Hu 1 Fabian Caba

Temporally Distributed Networks for Fast Video Semantic Segmentation Ping Hu 1 Fabian Caba

Temporally Distributed Networks for Fast Video Semantic Segmentation Ping Hu 1 Fabian Caba Heilbron 2 Oliver Wang 2 Zhe Lin 2 Stan Sclaroff 1 Federico Perazzi 2 1 Boston University 2 Adobe Research Challenge Video Semantic Segmentation frame

984 views • 11 slides
FaSST: Fast, Scalable, and Simple Distributed Transactions with Two-Sided (RDMA) Datagram RPCs

FaSST: Fast, Scalable, and Simple Distributed Transactions with Two-Sided (RDMA) Datagram RPCs

FaSST: Fast, Scalable, and Simple Distributed Transactions with Two-Sided (RDMA) Datagram RPCs Anuj Kalia (CMU) Michael Kaminsky (Intel Labs) David Andersen (CMU) 1 One-slide summary Node 1 Node 2 One-sided (READ) NIC Two-sided (SEND)

236 views • 13 slides
FaSST: Fast, Scalable, and Simple Distributed Transactions with Two-Sided (RDMA) Datagram RPCs

FaSST: Fast, Scalable, and Simple Distributed Transactions with Two-Sided (RDMA) Datagram RPCs

FaSST: Fast, Scalable, and Simple Distributed Transactions with Two-Sided (RDMA) Datagram RPCs Anuj Kalia (CMU), Michael Kaminsky (Intel Labs), David Andersen (CMU) RDMA Modes of communication One-sided RDMA (CPU bypass) RDMA is a

1.05k views • 71 slides
Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts

Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts

Monter nterey-Sali Salinas nas Transit ansit Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast ast Facts acts 231,706 miles between preventable accidents 89% on time

198 views • 19 slides
Parallelism, Multicore, and Synchronization Hakim Weatherspoon CS 3410 Computer Science

Parallelism, Multicore, and Synchronization Hakim Weatherspoon CS 3410 Computer Science

Parallelism, Multicore, and Synchronization Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon, Bala, Bracy, McKee, and Sirer, Roth, Martin] Announcements P4-Buffer Overflow is due today Due Tuesday, April

1.41k views • 114 slides
Identifying Frequent Items in Sliding Windows over On-Line Packet Streams Alejandro Lpez-Ortiz

Identifying Frequent Items in Sliding Windows over On-Line Packet Streams Alejandro Lpez-Ortiz

Identifying Frequent Items in Sliding Windows over On-Line Packet Streams Alejandro Lpez-Ortiz School of Computer Science University of Waterloo Joint work with Lukasz Golab (Waterloo), David DeHaan (Waterloo), Erik Demaine (MIT), and J.

673 views • 12 slides
Lab 4 preview Hung-Wei Tseng In Lab 4... You will be extending the datapath and control unit

Lab 4 preview Hung-Wei Tseng In Lab 4... You will be extending the datapath and control unit

Lab 4 preview Hung-Wei Tseng In Lab 4... You will be extending the datapath and control unit to support branch instructions! The processor already support lw, sw, add, addi, sub, and, or nor, xor We need to support beq, bne,

255 views • 13 slides
Galatians: week 2 Galatians 2:15-21 And count the patience of our Lord as salvation, just as our

Galatians: week 2 Galatians 2:15-21 And count the patience of our Lord as salvation, just as our

Galatians: week 2 Galatians 2:15-21 And count the patience of our Lord as salvation, just as our beloved brother Paul also wrote to you according to the wisdom given him, as he does in all his letters when he speaks in them of these matters.

486 views • 30 slides
MULTI PB USER DATA MIGRATION MARCH 2019 I MARTIN LISCHEWSKI (JSC) RESEARCH AND DEVELOPMENT on

MULTI PB USER DATA MIGRATION MARCH 2019 I MARTIN LISCHEWSKI (JSC) RESEARCH AND DEVELOPMENT on

NEW HPC USAGE MODEL @ JLICH MULTI PB USER DATA MIGRATION MARCH 2019 I MARTIN LISCHEWSKI (JSC) RESEARCH AND DEVELOPMENT on 2.2 Square Kilometres March 2019 Page 2 AT A GLANCE Facts and Figures 1956 11 609.3 5,914 867 Shareholders

429 views • 24 slides
Kensuke Kakiuchi (Nagoya Univ./ The Univ. of Tokyo) Collaborators: Takeru K. Suzuki (The Univ. of

Kensuke Kakiuchi (Nagoya Univ./ The Univ. of Tokyo) Collaborators: Takeru K. Suzuki (The Univ. of

Dec.22, 2017 @Kagoshima Univ. Kensuke Kakiuchi (Nagoya Univ./ The Univ. of Tokyo) Collaborators: Takeru K. Suzuki (The Univ. of Tokyo/ Nagoya Univ.), Yasuo Fukui(Nagoya Univ.), Kazufumi Torii(NRO), Mami Machida(Kyusyu Univ.), Ryoji Matsumoto

711 views • 26 slides
FUGIN ; Cloud-cloud collisions with the FUGIN data Kazufumi Torii

FUGIN ; Cloud-cloud collisions with the FUGIN data Kazufumi Torii

FUGIN ; Cloud-cloud collisions with the FUGIN data Kazufumi Torii NAOJ/NRO Fujita, S, Kohno, M., Nishimura, A., Fukui, Y. (Nagoya Univ.), Kuno, N.(Univ. of Tsukuba), Matsuo, M., Umemoto,T., Minamidani, T.

855 views • 39 slides
Muonium Hyperne Structure Measurement in a Zero/High Magnetic Field at J-PARC

Muonium Hyperne Structure Measurement in a Zero/High Magnetic Field at J-PARC

Muonium Hyperne Structure Measurement in a Zero/High Magnetic Field at J-PARC Shoichiro Nishimura / KEK IMSS for the MuSEUM Collaboration MuSEUM Collaboration MuSEUM | Mu onium S pectroscopy E xperiment U sing M icrowave M. Abe, Y.

209 views • 20 slides

More recommend