leakage in the cell probe model lower bounds for response
play

Leakage in the Cell Probe Model Lower Bounds for Response Hiding - PowerPoint PPT Presentation

Jan 04, 2024 •274 likes •1.15k views

Leakage in the Cell Probe Model Lower Bounds for Response Hiding Encrypted Multi-Maps Giuseppe Persiano Universit` a di Salerno June, 2019 Describing joint work with: Sarvar Patel and Kevin Yeo (Google LLC) Giuseppe Persiano (UNISA) June

  1. Leakage in the Cell Probe Model Lower Bounds for Response Hiding Encrypted Multi-Maps Giuseppe Persiano Universit` a di Salerno June, 2019 Describing joint work with: Sarvar Patel and Kevin Yeo (Google LLC) Giuseppe Persiano (UNISA) June 2019 1 / 27

  2. The Model Cell Probe Model for a Data Structure [Yao] Memory is a sequence of cells each of w bits Accessing (reading/writing) a cell cost 1 All computation is for free Classical model used to derive lower bounds for Data Structures Giuseppe Persiano (UNISA) June 2019 2 / 27

  3. The Oblivious Model Oblivious Cell Probe Model [Larsen+Nielsen ’18] In a Client-Server setting Client outsources storage of the DS to an honest-but-curios server Client performs DS operations O = ( op 1 , . . . , op l ) by accessing the Server memory ◮ client can read and write any cell in Server memory ◮ each cell is w -bit wide Client has limited private local memory Server observes the access pattern and the data downloaded � � ◮ view DS ( O ) = view DS ( op 1 ) , . . . , view DS ( op l ) Passive server: performs no computation Operations are performed online Giuseppe Persiano (UNISA) June 2019 3 / 27

  4. Security Notion Definition DS is Oblivious, if for every PPT machine A and any two sequences O and O ′ of the same length � ≤ 1 � �� � � � A (view DS ( O )) = 1 A (view DS ( O ′ )) = 1 � Prob − Prob 4 . � � Giuseppe Persiano (UNISA) June 2019 4 / 27

  5. The array maintenance problem (a.k.a. ORAM) Two operations to maintain an n -slot array A Read( i ) returns the current value stored in A [ i ] Write( i , x ) sets A [ i ] := x Giuseppe Persiano (UNISA) June 2019 5 / 27

  6. The array maintenance problem (a.k.a. ORAM) Two operations to maintain an n -slot array A Read( i ) returns the current value stored in A [ i ] Write( i , x ) sets A [ i ] := x Theorem (Larsen+Nielsen ’18) Expected amortized running time of an ORAM with n b-bit slots is � b w · log nb � Ω c where c is the client memory in bits. Giuseppe Persiano (UNISA) June 2019 5 / 27

  7. The array maintenance problem (a.k.a. ORAM) Two operations to maintain an n -slot array A Read( i ) returns the current value stored in A [ i ] Write( i , x ) sets A [ i ] := x Theorem (Larsen+Nielsen ’18) Expected amortized running time of an ORAM with n b-bit slots is � b w · log nb � Ω c where c is the client memory in bits. Online Read and Write operations with Passive Server Giuseppe Persiano (UNISA) June 2019 5 / 27

  8. Proof strategy for ORAM lower bound [Larsen+Nielsen] The Information Transfer Technique [Pˇ atra¸ scu+Demaine] assign probes to nodes of the Information Tree ◮ each probe to at most one node show that for most nodes v there exists a hard distribution HD v on sequences of operations of the same length that assign lots of probes to v ◮ coding argument leveraging on randomness of the entries of the array invoke obliviousness to show that for each such distribution all nodes must be assigned the same high number of probes Giuseppe Persiano (UNISA) June 2019 6 / 27

  9. Obliviousness very strong requirement it hides the type of operation it hides the parameters of the operations ◮ the content of the array (for Write) ◮ the slot of the operation (for Read and Write) only number of operations is leaked Giuseppe Persiano (UNISA) June 2019 7 / 27

  10. Obliviousness very strong requirement it hides the type of operation it hides the parameters of the operations ◮ the content of the array (for Write) ◮ the slot of the operation (for Read and Write) only number of operations is leaked In several applications more information is leaked for the sake of efficiency Giuseppe Persiano (UNISA) June 2019 7 / 27

  11. Differential Privacy Definition DS is ( ǫ, δ )-DP, if for every PPT machine A and any two sequences O and O ′ of the same length that differ for exactly one operation � � ≤ e ǫ · Prob � � A (view eMM ( O )) = 1 A (view eMM ( O ′ )) = 1 Prob + δ Giuseppe Persiano (UNISA) June 2019 8 / 27

  12. The Differentially Private RAM Theorem (P+Yeo ’19) For every ǫ > 0 and δ ≤ 1 / 3 , the expected amortized running time of a Differentially Private RAM with n b-bit slots is � b � w · log nb Ω c where c is the client memory in bits. Giuseppe Persiano (UNISA) June 2019 9 / 27

  13. The Differentially Private RAM Theorem (P+Yeo ’19) For every ǫ > 0 and δ ≤ 1 / 3 , the expected amortized running time of a Differentially Private RAM with n b-bit slots is � b � w · log nb Ω c where c is the client memory in bits. Different proof technique Giuseppe Persiano (UNISA) June 2019 9 / 27

  14. Leakage Cell Probe Model A sequence of operations O = ( op 1 , op 2 , . . . , op l ) is associated with leakage L ( O ) L ( O ) = ( L ( op 1 ) , . . . , L ( op l )) Giuseppe Persiano (UNISA) June 2019 10 / 27

  15. Leakage Cell Probe Model A sequence of operations O = ( op 1 , op 2 , . . . , op l ) is associated with leakage L ( O ) L ( O ) = ( L ( op 1 ) , . . . , L ( op l )) Definition DS is Non-Adaptively L -INDSecure, if for every PPT machine A and any two sequences O and O ′ such that L ( O ) = L ( O ′ ), � ≤ 1 � � � � �� A (view DS ( O )) = 1 A (view DS ( O ′ )) = 1 � Prob − Prob 4 . � � Giuseppe Persiano (UNISA) June 2019 10 / 27

  16. Leakage Cell Probe Model A sequence of operations O = ( op 1 , op 2 , . . . , op l ) is associated with leakage L ( O ) L ( O ) = ( L ( op 1 ) , . . . , L ( op l )) Definition DS is Non-Adaptively L -INDSecure, if for every PPT machine A and any two sequences O and O ′ such that L ( O ) = L ( O ′ ), � ≤ 1 � � � � �� A (view DS ( O )) = 1 A (view DS ( O ′ )) = 1 � Prob − Prob 4 . � � Oblivious considers leakage L ( O ) = l Giuseppe Persiano (UNISA) June 2019 10 / 27

  17. Multi-Maps (MM) Multi-Maps A data structure to maintain a collection of pairs ( key ,� v ), where � v = ( v 1 , . . . , v l ) is a tuple 1 Add( key , v ): adds v to the tuple associated with key 2 Get( key ): returns the tuple associated with key Giuseppe Persiano (UNISA) June 2019 11 / 27

  18. Multi-Maps (MM) Multi-Maps A data structure to maintain a collection of pairs ( key ,� v ), where � v = ( v 1 , . . . , v l ) is a tuple 1 Add( key , v ): adds v to the tuple associated with key 2 Get( key ): returns the tuple associated with key A special case of Structured Encryption [Chase-Kamara] Giuseppe Persiano (UNISA) June 2019 11 / 27

  19. Multi-Maps (MM) Multi-Maps A data structure to maintain a collection of pairs ( key ,� v ), where � v = ( v 1 , . . . , v l ) is a tuple 1 Add( key , v ): adds v to the tuple associated with key 2 Get( key ): returns the tuple associated with key A special case of Structured Encryption [Chase-Kamara] A generalization of ORAM: Giuseppe Persiano (UNISA) June 2019 11 / 27

  20. Multi-Maps (MM) Multi-Maps A data structure to maintain a collection of pairs ( key ,� v ), where � v = ( v 1 , . . . , v l ) is a tuple 1 Add( key , v ): adds v to the tuple associated with key 2 Get( key ): returns the tuple associated with key A special case of Structured Encryption [Chase-Kamara] A generalization of ORAM: ◮ ORAM is a MM with all tuples of length 1; Giuseppe Persiano (UNISA) June 2019 11 / 27

  21. How expensive are EMM? Giuseppe Persiano (UNISA) June 2019 12 / 27

  22. How expensive are EMM? It depends on the leakage function Giuseppe Persiano (UNISA) June 2019 12 / 27

  23. How expensive are EMM? It depends on the leakage function If no security is sought: � log log n � O log log log n [Beame and Fich ’99] Giuseppe Persiano (UNISA) June 2019 12 / 27

  24. How expensive are EMM? It depends on the leakage function If no security is sought: � log log n � O log log log n [Beame and Fich ’99] If only number of operations is leaked O (log n ) Use ORAM [Folklore] Giuseppe Persiano (UNISA) June 2019 12 / 27

  25. How expensive are EMM? It depends on the leakage function If no security is sought: � log log n � O log log log n [Beame and Fich ’99] If only number of operations is leaked O (log n ) Use ORAM [Folklore] What if we only want to hide the response of the operations? Giuseppe Persiano (UNISA) June 2019 12 / 27

  26. How expensive are EMM? It depends on the leakage function If no security is sought: � log log n � O log log log n [Beame and Fich ’99] If only number of operations is leaked O (log n ) Use ORAM [Folklore] What if we only want to hide the response of the operations? What is the cost of the Response-Hiding EMM? Giuseppe Persiano (UNISA) June 2019 12 / 27

  27. Response-Hiding Leakage Function – I Definition (Leakage function L G for O = ( op 1 , . . . , op l )) L G ( O i ) is defined as follows: 1 if op i = Get( key i ) then L G ( O i ) = � MM O i − 1 , key i �� � � �� Get , key i , � Get ; the key queried and the size of the response are leaked 2 if op i = Add( key i , v i ) then L G ( O i ) = Add , aep i � � the add pattern is leaked the type of operation is also leaked add equality pattern aep i := (aep i 1 , . . . , aep i i − 1 ) and aep i j is defined as follows, for j = 1 , . . . , i − 1  ⊥ , if op j is a Get operation;   aep i j = 0 , if op j is an Add operation and key j � = key i ;  1 , if op j is an Add operation and key j = key i ;  Giuseppe Persiano (UNISA) June 2019 13 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model

Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model

Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model Sarvar Patel*, Giuseppe Persiano** and Kevin Yeo* *Google **University of Salerno Key k i was queried. Privacy-Preserving Storage Protocols Key k i

1.11k views • 81 slides
Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable Codes Dana Dachman-Soled University of Maryland Joint work with: Mukul Kulkarni and Aria Shahverdi, University of Maryland Talk is also based on

572 views • 35 slides
Model Checking Lower Bounds for Simple Graphs Michael Lampis KTH Royal Institute of Technology

Model Checking Lower Bounds for Simple Graphs Michael Lampis KTH Royal Institute of Technology

Model Checking Lower Bounds for Simple Graphs Michael Lampis KTH Royal Institute of Technology July 8th, 2013 Algorithmic Meta-Theorems Positive results Negative results Problem X is tractable. Problem X is hard. Model Checking Lower

912 views • 62 slides
Linear-in- lower bounds in the LOCAL model Mika Gs, University of Toronto Juho Hirvonen ,

Linear-in- lower bounds in the LOCAL model Mika Gs, University of Toronto Juho Hirvonen ,

Linear-in- lower bounds in the LOCAL model Mika Gs, University of Toronto Juho Hirvonen , Aalto University & HIIT Jukka Suomela, Aalto Univesity & HIIT PODC 16.7.2014 This work The first linear-in- lower bound for a

590 views • 47 slides
Lower bounds for the Stock Price density in a Local-Stochastic Volatility Model V. Bally and S.

Lower bounds for the Stock Price density in a Local-Stochastic Volatility Model V. Bally and S.

Lower bounds for the Stock Price density in a Local-Stochastic Volatility Model V. Bally and S. De Marco Vlad Bally Universit de Marne-la-Valle and quipe Math October 2010 Local - Stochastic Volatility models We consider the model

523 views • 14 slides
Conspiracies between Learning Algorithms, Lower Bounds, and Pseudorandomness Igor Carboni

Conspiracies between Learning Algorithms, Lower Bounds, and Pseudorandomness Igor Carboni

Conspiracies between Learning Algorithms, Lower Bounds, and Pseudorandomness Igor Carboni Oliveira University of Oxford Joint work with Rahul Santhanam (Oxford) Context Minor algorithmic improvements imply lower bounds (Williams, 2010). NEXP

696 views • 30 slides
Lower bounds for parameterized problems Dniel Marx 1 1 Institute for Computer Science and

Lower bounds for parameterized problems Dniel Marx 1 1 Institute for Computer Science and

Lower bounds for parameterized problems Dniel Marx 1 1 Institute for Computer Science and Control, Hungarian Academy of Sciences (MTA SZTAKI) Budapest, Hungary ICERM Providence, RI April 26, 2014 1 Lower bounds So far we have seen positive

1.14k views • 94 slides
Monotone Circuit Depth Lower Bounds Prashant Vasudevan April 10, 2012 Prashant Vasudevan

Monotone Circuit Depth Lower Bounds Prashant Vasudevan April 10, 2012 Prashant Vasudevan

Introduction Reductions The Lower Bound Monotone Circuit Depth Lower Bounds Prashant Vasudevan April 10, 2012 Prashant Vasudevan Monotone Circuit Depth Lower Bounds Introduction Yaos Model Reductions KW Games The Lower Bound Table of

1.36k views • 61 slides
Lower Bounds on the Probability of a Finite Union of Events Jun Yang (joint work with Fady

Lower Bounds on the Probability of a Finite Union of Events Jun Yang (joint work with Fady

Lower Bounds on the Probability of a Finite Union of Events Jun Yang (joint work with Fady Alajaji and Glen Takahara) Department of Mathematics and Statistics, Queens University, Kingston, Canada ISIT 2014 Lower Bounds on P ( N Jun

228 views • 19 slides
Circuit Lower-bounds Lecture 24 Weak circuits are indeed weak 1 Circuit Lower-bounds 2

Circuit Lower-bounds Lecture 24 Weak circuits are indeed weak 1 Circuit Lower-bounds 2

Circuit Lower-bounds Lecture 24 Weak circuits are indeed weak 1 Circuit Lower-bounds 2 Circuit Lower-bounds Today: 2 Circuit Lower-bounds Today: PARITY AC 0 2 Circuit Lower-bounds Today: PARITY AC 0 Two different proofs! (Latter

1.59k views • 137 slides
Stronger Connections Between Circuit Analysis and Circuit Lower Bounds, via PCPs of Proximity

Stronger Connections Between Circuit Analysis and Circuit Lower Bounds, via PCPs of Proximity

Stronger Connections Between Circuit Analysis and Circuit Lower Bounds, via PCPs of Proximity Lijie Chen Ryan Williams Context: The Algorithmic Method for Proving Circuit Lower Bounds Proving limitations on non-uniform circuits is extremely

796 views • 31 slides
Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on extended formulation Kaibel, Razborovs Inform. SA Weltge symmetry arg. theory + Fourier COR/ yes yes yes ? TSP [KW13]

1.25k views • 108 slides
Exponential Lower Bounds for Polytopes in Combinatorial Optimization Ronald de Wolf Joint with

Exponential Lower Bounds for Polytopes in Combinatorial Optimization Ronald de Wolf Joint with

Exponential Lower Bounds for Polytopes in Combinatorial Optimization Ronald de Wolf Joint with Samuel Fiorini (ULB), Serge Massar (ULB), Sebastian Pokutta (Erlangen), Hans Raj Tiwary (ULB) Exponential Lower Bounds for Polytopes in

1.19k views • 94 slides
Lower Bounds for Geometric Diameter Problems Herv e Fournier University of Versailles

Lower Bounds for Geometric Diameter Problems Herv e Fournier University of Versailles

Lower Bounds for Geometric Diameter Problems Herv e Fournier University of Versailles St-Quentin en Yvelines Antoine Vigneron INRA Jouy-en-Josas Lower Bounds for Geometric Diameter Problems p.1/40 Outline Review of previous work on

563 views • 40 slides
Lecture 2. Upper and lower bounds for subgaussian matrices The -net method refined 1 Random

Lecture 2. Upper and lower bounds for subgaussian matrices The -net method refined 1 Random

Lecture 2. Upper and lower bounds for subgaussian matrices The -net method refined 1 Random processes. Multiscale -net method: Dudleys inequality 2 Upper and lower bounds Our goal: upper and lower bounds on random matrices. In Lecture

535 views • 17 slides
COMP 3170 - Analysis of Algorithms & Data Structures Shahin Kamali Lower Bounds CLRS 8.1

COMP 3170 - Analysis of Algorithms & Data Structures Shahin Kamali Lower Bounds CLRS 8.1

COMP 3170 - Analysis of Algorithms & Data Structures Shahin Kamali Lower Bounds CLRS 8.1 University of Manitoba Lower Bounds Introductions Assume you design an algorithm that solves a given problem P in ( n 2 ). Further exploration

1.58k views • 61 slides
Minnesota Pathways to Decarbonizing Transportation: Technical Stakeholder Meeting #2 May 16, 2019

Minnesota Pathways to Decarbonizing Transportation: Technical Stakeholder Meeting #2 May 16, 2019

Minnesota Pathways to Decarbonizing Transportation: Technical Stakeholder Meeting #2 May 16, 2019 mndot.gov Timeline This project has an accelerated timeline, and therefore is not meant to be the final word on transportation

583 views • 57 slides
Temporal Induction and SAT-Solving Niklas Srensson April 21, 2010 Niklas Srensson Temporal

Temporal Induction and SAT-Solving Niklas Srensson April 21, 2010 Niklas Srensson Temporal

Temporal Induction and SAT-Solving Niklas Srensson April 21, 2010 Niklas Srensson Temporal Induction and SAT-Solving April 21, 2010 1 / 21 Simple Induction i 0 s 0 (Base-case) F ok? i n + 1 i n s n (Step-case) F F ok! ok? Niklas

917 views • 79 slides
Colorado Electric Vehicle Plan 2020 Innovating Technologies for Electrified Transportation

Colorado Electric Vehicle Plan 2020 Innovating Technologies for Electrified Transportation

Colorado Electric Vehicle Plan 2020 Innovating Technologies for Electrified Transportation Webinar June 18, 2020 The 2018 EV Plan and Progress Colorados first electric vehicle (EV) plan which set forth goals, actions and strategies to

400 views • 22 slides
Title and Credit Slides Setting up your Images for viewing on a standard analog TV (720 x 480) in

Title and Credit Slides Setting up your Images for viewing on a standard analog TV (720 x 480) in

Title and Credit Slides Title and Credit Slides Setting up your Images for viewing on a standard analog TV (720 x 480) in this lesson. If you're working with HDV ( high-definition video ) then the resolution would be either HDV 720 (1280 x 720) or

167 views • 4 slides
XMP metadata for HDF5 Motivation Thumbnail Previews Sorting data fjles is much easier with

XMP metadata for HDF5 Motivation Thumbnail Previews Sorting data fjles is much easier with

WIR SCHAFFEN WISSEN HEUTE FR MORGEN Benjamin Watts :: PolLux Beamline Scientist :: Paul Scherrer Institut XMP metadata for HDF5 Motivation Thumbnail Previews Sorting data fjles is much easier with representative images

135 views • 12 slides
Environment System Requirements 1 This material is based upon work supported by the U.S.

Environment System Requirements 1 This material is based upon work supported by the U.S.

Connected Vehicle Environment System Requirements 1 This material is based upon work supported by the U.S. Department of Transportation under Agreement No. DTFH6116H00013. Any opinions, findings, and conclusions or recommendations expressed in

493 views • 37 slides
LOW-SCALE LEPTOGENESIS & HIDDEN-SECTOR BARYOGENESIS Brian Shuve Testing CPV for

LOW-SCALE LEPTOGENESIS & HIDDEN-SECTOR BARYOGENESIS Brian Shuve Testing CPV for

LOW-SCALE LEPTOGENESIS & HIDDEN-SECTOR BARYOGENESIS Brian Shuve Testing CPV for Baryogenesis ACFI, UMass Amherst OUTLINE Overview of low-scale leptogenesis (~GeV RHNs) CPV and phenomenology of low-scale leptogenesis

1.02k views • 45 slides
HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Chairpersons: Ti-Chaung Chiang, National

HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Chairpersons: Ti-Chaung Chiang, National

Medical WG Technology session APAN 32 nd meeting at New Delhi HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Chairpersons: Ti-Chaung Chiang, National Taiwan University Torata N and Cao Duc Minh, Kyushu University Hospital. 1 HD-SCR:

347 views • 10 slides

More recommend