let s talk about multi party threshold schemes
play

Lets talk about multi-party threshold schemes Computer Security - PowerPoint PPT Presentation

Dec 30, 2023 •209 likes •738 views

Lets talk about multi-party threshold schemes Computer Security Division, N ational I nstitute of S tandards and T echnology (Gaithersburg, USA) Presentation* at MPTS 2020 NIST Workshop on M ulti- P arty T hreshold S chemes November 4, 2020,

  1. Let’s talk about multi-party threshold schemes Computer Security Division, N ational I nstitute of S tandards and T echnology (Gaithersburg, USA) Presentation* at MPTS 2020 NIST Workshop on M ulti- P arty T hreshold S chemes November 4, 2020, Virtual event *Lu´ ıs T. A. N. Brand˜ ao — At NIST as a Foreign Guest Researcher (Contractor, from Strativia). Opinions expressed in this presentation are from the speaker and are not to be construed as official views of NIST.

  2. Outline 1. Workshop logistics 2. The TC project at NIST 3. Collecting feedback 4. Concluding remarks 2/29

  3. Outline 1. Workshop logistics 2. The TC project at NIST 3. Collecting feedback 4. Concluding remarks 2/29

  4. In case of fire alarm: Please leave orderly into the exterior parking lot ... clker.com/clipart-alarm.html 3/29

  5. In case of fire alarm: Please leave orderly into the exterior parking lot ... clker.com/clipart-alarm.html Ups, wrong script, this is a virtual event! ... 3/29

  6. Tele-conference roles Workshop with free attendance, using “Webex events” Roles: Host (and co-hosts), panelists, attendees, presenter. thenounproject.com/term/ screen-teleconference/601579/ 4/29

  7. Tele-conference roles Workshop with free attendance, using “Webex events” Roles: Host (and co-hosts), panelists, attendees, presenter. thenounproject.com/term/ screen-teleconference/601579/ ◮ Hosts (one at a time): The TC team (reach out to Lu´ ıs, Michael, Apostol, Ren´ e or Dustin if having some difficulty during the workshop) ◮ Panelists: All speakers in the other 17 talks and 11 briefs. Can show video. ◮ Attendees : Cannot show video, but can send messages to panelists+hosts. ◮ Presenter (one at a time): Can show slides; role is assigned by the host. 4/29

  8. Tele-conference how to ◮ Please mute yourself ( ) while not presenting ◮ Two modes of sending text-messages: ◮ Chat : logistic notes or comments to be addressed by a host or panelist ◮ Q&A : questions/notes to be asked to the presenters (as time allows) ◮ Q&A: co-hosts will try to relay some “Q&A” questions to the presenter ◮ Audio-visuals in workshop website (after the event): Let’s talk about multi-party threshold schemes Computer Security Division, ◮ We’re trying to record the entire video to later publish it online N ational I nstitute of S tandards and T echnology (Gaithersburg, USA) Presentation* at MPTS 2020 NIST Workshop on M ulti- P arty T hreshold S chemes November 4, 2020, Virtual event *Lu´ ıs T. A. N. Brand˜ ao — At NIST as a Foreign Guest Researcher (Contractor, from Strativia). Opinions expressed in this presentation are from the speaker and are not to be construed as official views of NIST. ◮ Slides will also be available (when speakers provide them) 5/29

  9. Talks and briefs ◮ We assume presenters speak in personal capacity ... affiliations can be mentioned ◮ Timing: ◮ Each day: 6 talks, various briefs [, possible time for open comments] ◮ Each talk: uninterrupted ∼ 20 min; then ∼ 5 min Q&A. ◮ Each brief: uninterrupted ∼ 5 min. ◮ Some connectivity issues may occur ... we will be flexible 6/29

  10. Outline 1. Workshop logistics 2. The TC project at NIST 3. Collecting feedback 4. Concluding remarks 7/29

  11. Why going for a threshold approach? Crypto can be affected by vulnerabilities ◮ Attacks can exploit differences between ideal vs. real implementations ◮ Operators of cryptographic implementations can go rogue 8/29

  12. Why going for a threshold approach? Crypto can be affected by vulnerabilities ◮ Attacks can exploit differences between ideal vs. real implementations ◮ Operators of cryptographic implementations can go rogue How to address single-points of failure? *question-2.html *4296.html * = clker.com/clipart- 8/29

  13. Why going for a threshold approach? Crypto can be affected by vulnerabilities ◮ Attacks can exploit differences between ideal vs. real implementations ◮ Operators of cryptographic implementations can go rogue The threshold approach How to address At a high-level: single-points use redundancy & diversity of failure? to mitigate the compromise of up to a threshold number ( f -out-of- n ) of components *question-2.html *4296.html * = clker.com/clipart- The red dancing devil is from clker.com/clipart-13643.html 8/29

  14. A depiction of multi-party threshold decryption ◮ Setup: The decryption key is secret shared across 3 parties ◮ Goal: decrypt a ciphertext in a threshold manner ◮ Interaction: The parties may collaborate, but their key shares remain secret ◮ Result: The combined outputs derive the decrypted plaintext Adapted from the original (2020/July/7) from N. Hanacek/NIST. 9/29

  15. The Threshold Cryptography Project at NIST Scope: standardization of threshold schemes for cryptographic primitives https://csrc.nist.gov/Projects/Threshold-Cryptography/ 10/29

  16. The Threshold Cryptography Project at NIST Scope: standardization of threshold schemes for cryptographic primitives Steps: 1. March 2019 : NISTIR 8214: Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography 2. March 2019: NTCW 2019: NIST Threshold Cryptography Workshop 2019 3. July 2020: NISTIR 8214A: NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives 4. November 2020: MPTS 2020: NIST Workshop on Multi-Party Threshold Schemes https://csrc.nist.gov/Projects/Threshold-Cryptography/ 10/29

  17. NISTIR 8214A: A roadmap toward criteria NISTIR 8214A: NIST Roadmap Toward Criteria for NISTIR 8214A Threshold Schemes for Cryptographic Primitives NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives clker.com/clipart-15840.html Luís T. A. N. Brandão Michael Davidson Apostol Vassilev 1. Coordinates (domains, primitives, modes, features) This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8214A 2. Features (security, configurability, validation, modularity) 3. Phases (of the development process) 4. Collaboration (need feedback from stakeholders) 11/29

  18. NISTIR 8214A: A roadmap toward criteria NISTIR 8214A: NIST Roadmap Toward Criteria for NISTIR 8214A Threshold Schemes for Cryptographic Primitives NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives clker.com/clipart-15840.html Luís T. A. N. Brandão Michael Davidson Apostol Vassilev 1. Coordinates (domains, primitives, modes, features) This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8214A 2. Features (security, configurability, validation, modularity) 3. Phases (of the development process) 4. Collaboration (need feedback from stakeholders) ◮ “ Not every conceivable possibility is suitable for standardization ” ◮ “ Need to focus on where there is a high need and high potential for adoption ” ◮ Best practices ; minimum defaults ; interoperability ; innovation . 11/29

  19. Multi-Party track ◮ Separate components (parties), possibly dynamic membership; ◮ Arbitrary inter-communication environment; ◮ Active model: parties can be maliciously compromised. 12/29

  20. Multi-Party track ◮ Separate components (parties), possibly dynamic membership; ◮ Arbitrary inter-communication environment; ◮ Active model: parties can be maliciously compromised. Thresholdization complexity: ◮ Simpler: RSA signing/decryption, ECC key-gen, ECC-CDH primitive. * EdDSA signing ◮ More complex: RSA key-gen, ECDSA signing, AES enciphering. 12/29

  21. Multi-Party track ◮ Separate components (parties), possibly dynamic membership; ◮ Arbitrary inter-communication environment; ◮ Active model: parties can be maliciously compromised. Thresholdization complexity: ◮ Simpler: RSA signing/decryption, ECC key-gen, ECC-CDH primitive. * EdDSA signing ◮ More complex: RSA key-gen, ECDSA signing, AES enciphering. Modularity is an important consideration: ◮ secret-sharing, oblivious transfer, garbled circuits, consensus/broadcast ... 12/29

  22. Threshold interface modes (client’s perspective) Input/Output interface: client communication with the module / threshold entity? 13/29

  23. Threshold interface modes (client’s perspective) Input/Output interface: client communication with the module / threshold entity? request (Conventional) Cryptographic Client reply Module Conventional (non-threshold) request Component C 1 Inter-node network Component C 2 Client . . . reply Component C n Threshold Not-shared-IO 13/29

  24. Threshold interface modes (client’s perspective) Input/Output interface: client communication with the module / threshold entity? request to C 1 request (Conventional) Component C 1 Cryptographic Client reply from C 1 Inter-node network reply Module request to C 2 Component C 1 Client Conventional (non-threshold) reply from C 2 . . . . . . request Component C 1 Inter-node network request to C n Component C 2 Client . . Component C n . reply Component C n reply from C n Threshold Not-shared-IO Threshold Shared-IO 13/29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives Lus T. A. N. Brando* Cryptographic Technology Group National Institute of Standards and Technology (Gaithersburg, USA) Presentation on August

828 views • 63 slides
Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany November 6, 2020 NIST Workshop on Multi-Party Threshold Schemes 2020 Based on work published at ESORICS20 with Anders Dalskov, Marcel Keller,

775 views • 63 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
Towards Standardization of Threshold Schemes for Cryptographic Primitives at NIST Lu s

Towards Standardization of Threshold Schemes for Cryptographic Primitives at NIST Lu s

Towards Standardization of Threshold Schemes for Cryptographic Primitives at NIST Lu s Brand ao Joint work with: Apostol Vassilev, Nicky Mouha, Michael Davidson The red dancing devil is from clker.com/clipart-13643.html National

2.04k views • 175 slides
MP-SPDZ: A Versatile Framework for Multi-Party Computation Marcel Keller CSIROs Data61 13 May

MP-SPDZ: A Versatile Framework for Multi-Party Computation Marcel Keller CSIROs Data61 13 May

MP-SPDZ: A Versatile Framework for Multi-Party Computation Marcel Keller CSIROs Data61 13 May 2020 MP-SPDZ 20+ MPC protocols in several computation domains and security models (malicious/semi-honest, any threshold corruption) Secret

53 views • 4 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

German Research Center for Artificial Intelligence GmbH Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party www.amiproject.org Conversations Conversations Feast, 30th September 2009 , 30th September

322 views • 28 slides
Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi Universit` a di Genova and INFN Genova, Italy Plan of the talk: 1. When is threshold resummation relevant? 2. Ambiguities in resummed results

939 views • 69 slides
Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of

Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of

Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of Theoretical Computer Science ETH Zrich on joint work with R. Knzler, J. Mller-Quade, C. Lucas, U. Maurer, M. Fitzi Metaguse, 2009/10/04 Multi-Party

1.04k views • 83 slides
Recent Schemes for X X Increasing the Quantum Z Z Fault-tolerance U L Threshold Ben

Recent Schemes for X X Increasing the Quantum Z Z Fault-tolerance U L Threshold Ben

Recent Schemes for X X Increasing the Quantum Z Z Fault-tolerance U L Threshold Ben Reichardt Berkeley Z Z X X X X Z Z Z X X X X Z X X Z Z Z Z Z X X X X Z X X Z Z Z X X Z Z Z X X X Z Z Z Z

333 views • 31 slides
On optimal threshold defender structures of resharing-based oblivious shuffle protocols for

On optimal threshold defender structures of resharing-based oblivious shuffle protocols for

On optimal threshold defender structures of resharing-based oblivious shuffle protocols for secret-shared secure multi-party computations Jan Willemson Cybernetica Trve Theory Days October 7th-9th, 2011 Secret Shared Databases If we

710 views • 16 slides
( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very

( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very

( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very sensitive to exposure or loss exposure makes the whole system untrustable loss makes system inaccessible " extra copies increases

329 views • 4 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed Multi-Party Learning Distributions Data Providers 1 1 Model Multi-Party Learning (Round j) Distributions

540 views • 20 slides
On Global Types and Multi-Party Sessions Giuseppe Castagna CNRS Universit e Paris Diderot

On Global Types and Multi-Party Sessions Giuseppe Castagna CNRS Universit e Paris Diderot

On Global Types and Multi-Party Sessions Giuseppe Castagna CNRS Universit e Paris Diderot (joint work with Mariangiola Dezani and Luca Padovani) FMOODS & FORTE invited talk DisCoTec 2011 - Reykjav k logoP7 G. Castagna (CNRS) On

1.81k views • 147 slides
Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

677 views • 47 slides
If My people who are called by My name will humble themselves, and pray and seek My face, and

If My people who are called by My name will humble themselves, and pray and seek My face, and

If My people who are called by My name will humble themselves, and pray and seek My face, and turn from their wicked ways, then I will hear from heaven, and will forgive their sin and heal their land. 2 Chronicles 7:14 The Next Great

951 views • 61 slides
61A Lecture 13 Second withdrawal 50 Different of the same amount return value! >>>

61A Lecture 13 Second withdrawal 50 Different of the same amount return value! >>>

A Function with Behavior That Varies Over Time Let's model a bank account that has a balance of $100 Argument: Return value: >>> withdraw(25) amount to withdraw remaining balance 75 >>> withdraw(25) 61A Lecture 13 Second

215 views • 3 slides
Symmetries and Strings of Adjoint QCD2 Kantaro Ohmori (Simons Center for Geometry and Physics)

Symmetries and Strings of Adjoint QCD2 Kantaro Ohmori (Simons Center for Geometry and Physics)

Symmetries and Strings of Adjoint QCD2 Kantaro Ohmori (Simons Center for Geometry and Physics) based on arXiv:2008.07567 with Zohar Komargodski, Konstantinos Roumpedakis, Sahand Seifnashri @ Strings and Fields 2020 (Kyoto) 1 Introduction and

656 views • 12 slides
Mixed models in R using the lme4 package Part 8: Nonlinear mixed models Douglas Bates University

Mixed models in R using the lme4 package Part 8: Nonlinear mixed models Douglas Bates University

Mixed models in R using the lme4 package Part 8: Nonlinear mixed models Douglas Bates University of Wisconsin - Madison and R Development Core Team <Douglas.Bates@R-project.org> Merck, Sharp & Dohme; Rahway, NJ Sept 24, 2010

526 views • 27 slides
1. [Group] Slide01 2. background Psalm 32:11 - Be glad in the Lord, and rejoice, O

1. [Group] Slide01 2. background Psalm 32:11 - Be glad in the Lord, and rejoice, O

1. [Group] Slide01 2. background Psalm 32:11 - Be glad in the Lord, and rejoice, O Psalm 32:11 - Be glad in the Lord, and rejoice, O righteous, and shout for joy, all you upright in heart! righteous, and shout for joy, all you upright

242 views • 3 slides
Inser&ng Inten&onal Bugs for Model Checking Assurance

Inser&ng Inten&onal Bugs for Model Checking Assurance

Inser&ng Inten&onal Bugs for Model Checking Assurance Thomas L. Rodeheffer and Ramakrishna Kotla Microso? Research, Silicon Valley The Problem

163 views • 14 slides
Probabilistic Context-Free Grammars Informatics 2A: Lecture 18 Bonnie Webber and Frank Keller

Probabilistic Context-Free Grammars Informatics 2A: Lecture 18 Bonnie Webber and Frank Keller

Motivation Motivation Probabilistic Context-Free Grammars Probabilistic Context-Free Grammars Applications Applications Probabilistic Context-Free Grammars Informatics 2A: Lecture 18 Bonnie Webber and Frank Keller Reading: J&M 2 nd

943 views • 7 slides
Introduction to Computer Graphics Modeling (3) April 28, 2016 Kenshi Takayama Solid

Introduction to Computer Graphics Modeling (3) April 28, 2016 Kenshi Takayama Solid

Introduction to Computer Graphics Modeling (3) April 28, 2016 Kenshi Takayama Solid modeling 2 Thin shapes represented Unorientable Solid models by single polygons Clear definition of inside & outside at any 3D

840 views • 44 slides

More recommend