Modes of operations for computing on encrypted data Dragos Rotaru, - - PowerPoint PPT Presentation

modes of operations for computing on encrypted data
SMART_READER_LITE
LIVE PREVIEW

Modes of operations for computing on encrypted data Dragos Rotaru, - - PowerPoint PPT Presentation

Jan 27, 2024 31 likes •473 views

FSE 2018 Modes of operations for computing on encrypted data Dragos Rotaru, N.P. Smart, and Martijn Stam KU Leuven, University of Bristol 1 Dragos Rotaru , N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering Multiparty computation

slide-1
SLIDE 1

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 1

FSE 2018

Modes of operations for computing

  • n encrypted data

Dragos Rotaru, N.P. Smart, and Martijn Stam

KU Leuven, University of Bristol

slide-2
SLIDE 2

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 2

Multiparty computation hijacks FSE’18

Dragos Rotaru 2

Goal: Compute F(a, b, c)

a c b

slide-3
SLIDE 3

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 3

What is the problem?

slide-4
SLIDE 4

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 4

What is the problem?

42 42 42 42

slide-5
SLIDE 5

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 5

What is the problem?

42 42 42 42

Enc Enc Enc

slide-6
SLIDE 6

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 6

What is the problem?

42 42 42

Enc(42)

slide-7
SLIDE 7

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 7

What is the problem?

42 42 42

Enc(42)

slide-8
SLIDE 8

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 8

What is the problem?

42 42 42

Enc(42) Tag(E(42))

slide-9
SLIDE 9

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 9

What is the problem?

Enc(42) Tag(E(42))

For free: detect malicious encryption keys.

slide-10
SLIDE 10

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 10

Prior work – PRFs in MPC (CCS’16) Enc(42) Tag(Enc(42))

  • MiMC
  • Legendre PRF
slide-11
SLIDE 11

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 11

Prior work – PRFs in MPC (CCS’16) Enc(42) Tag(Enc(42))

M[1] Enc

slide-12
SLIDE 12

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 12

Prior work – PRFs in MPC (CCS’16) Enc(42) Tag(Enc(42))

M[1] M[2] Enc

+

Enc

slide-13
SLIDE 13

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 13

Prior work – PRFs in MPC (CCS’16) Enc(42) Tag(Enc(42))

M[1] M[2] M[3] Enc

+ +

Enc Enc

slide-14
SLIDE 14

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 14

Prior work – PRFs in MPC (CCS’16) Enc(42) Tag(Enc(42))

M[1] M[2] M[3] M[4] Enc

+ + +

Enc Enc Enc Tag

slide-15
SLIDE 15

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 15

What we have done

  • Analyze AE in Multiparty Computation (MPC).
  • Useful MPC happens in Fp => Need AE and PRFs modp.
  • Look for parallel AE: CTR+PMAC, OTR.

[42] Enc(42) Tag(42)

slide-16
SLIDE 16

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 16

The story

This Photo by Unknown Author is licensed under CC BY-NC-ND

slide-17
SLIDE 17

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 17

The story

‘You take the blue pill—the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill—you stay in Wonderland, and I show you how deep the rabbit hole goes.’

slide-18
SLIDE 18

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 18

The story

‘You take the blue pill—the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill—you stay in Wonderland, and I show you how deep the rabbit hole goes.’

slide-19
SLIDE 19

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 19

Down the rabbit hole - MPC with Secret Sharing

𝑦 = 𝑦1 + ⋯ + 𝑦𝑜 Each 𝑄𝑗 has 𝑦 ← 𝑦𝑗

𝑦 ← 𝑦1 𝑦 ← 𝑦2 𝑦 ← 𝑦3

slide-20
SLIDE 20

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 20

MPC Preprocessing Phase

Generate triples [c] = [a][b]

slide-21
SLIDE 21

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 21

MPC Preprocessing Phase

Generate triples [c] = [a][b]

slide-22
SLIDE 22

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 22

MPC Preprocessing Phase

slide-23
SLIDE 23

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 23

MPC Preprocessing Phase

slide-24
SLIDE 24

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 24

MPC Online Phase

Use Triples.

slide-25
SLIDE 25

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 25

MPC Online Phase

Use Triples.

slide-26
SLIDE 26

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 26

MPC Circuit Evaluation

X Y Z X Y Z

slide-27
SLIDE 27

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 27

MPC Circuit Evaluation

X Y Z

slide-28
SLIDE 28

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 28

MPC Circuit Evaluation

X Y Z

slide-29
SLIDE 29

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 29

MPC Circuit Evaluation

X Y Z

slide-30
SLIDE 30

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 30

MPC Circuit Evaluation

3 triples. 2 comm. rounds

X Y Z

slide-31
SLIDE 31

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 31

Tweak your encryption to MPC

Reveal

slide-32
SLIDE 32

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 32

Tweak your encryption to MPC

slide-33
SLIDE 33

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 33

Tweak your encryption to MPC

slide-34
SLIDE 34

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 34

How-to compute PMAC

slide-35
SLIDE 35

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 35

Let’s do AE with CTR+pPMAC

slide-36
SLIDE 36

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 36

Let’s do AE with CTR+pPMAC

slide-37
SLIDE 37

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 37

When ideal meets real

slide-38
SLIDE 38

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 38

When ideal meets real – surprise!

slide-39
SLIDE 39

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 39

When ideal meets real – surprise!

Legendre MiMC

slide-40
SLIDE 40

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 40

Other competitive modes

slide-41
SLIDE 41

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 41

Other competitive modes

slide-42
SLIDE 42

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 42

  • Preprocessing scales linearly in terms of number of

message blocks - roughly n PRFs for n messages.

  • Number of rounds of a cipher vs. multiplicative depth in

MPC.

Some open problems

slide-43
SLIDE 43

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 43

Thank you!

slide-44
SLIDE 44

Dragos Rotaru, N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering 44

  • Questions?

Thank you!