mpc complexity
play

MPC Complexity Manoj Prabhakaran :: IIT Bombay The World of - PowerPoint PPT Presentation

Dec 22, 2022 •370 likes •1.21k views

MPC Complexity Manoj Prabhakaran :: IIT Bombay The World of Functionalities The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed The World of Functionalities

  1. MPC Complexity Manoj Prabhakaran :: IIT Bombay

  2. The World of Functionalities

  3. The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed

  4. The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed Classical example: Communication Complexity [Yao]

  5. The World of Functionalities Distributed functions display interesting features the are not apparent when they are not distributed Classical example: Communication Complexity [Yao] MPC provides another lens to look at the complexity of functions

  6. Complexity w.r.t. MPC

  7. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure)

  8. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure) The Cryptographic Complexity question: Can F be reduced to G (for different reductions)?

  9. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure) The Cryptographic Complexity question: Can F be reduced to G (for different reductions)? G complete if everything reduces to G

  10. Complexity w.r.t. MPC We saw OT is complete for MPC Any other functionality can be reduced to OT Under all notions of reduction (passive-secure, or UC secure) The Cryptographic Complexity question: Can F be reduced to G (for different reductions)? G complete if everything reduces to G F trivial if F reduces to everything (in particular, to NULL)

  11. Quiz

  12. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC?

  13. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC? max(x,y)

  14. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC? max(x,y) [x < y]

  15. Quiz What’ s the complexity of the following 3 functions, w.r.t, IT passive secure MPC? max(x,y) [x < y] (max(x,y), [x < y] )

  16. Complexity w.r.t. MPC Several notions of reductions Passive, Active/Standalone or Active/UC Information-theoretic (IT) or PPT If PPT, also specify any computational assumptions used Will restrict to 2-party functionalities (mostly SFE) In particular, omitting honest majority security

  17. RECALL Is MPC Possible? Can we securely realize every functionality? No & Yes! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  18. RECALL Is MPC Possible? Can we securely realize every functionality? Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  19. RECALL Is MPC Possible? In fact interesting: What Can we securely realize every functionality? computational hardness assumption makes it switch from No to Yes ? Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  20. RECALL Is MPC Possible? Can we securely realize every functionality? Yes ⇔ sh-OT assumption Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally No Unbounded (IT) Yes No Computationally Yes Bounded (PPT) Yes Yes

  21. RECALL Is MPC Possible? Can we securely realize every functionality? Yes ⇔ sh-OT assumption Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Standalone Passive Computationally Trivial ones are 
 No really trivial 
 Unbounded (IT) (called Splittable) Yes No Computationally Yes Bounded (PPT) Yes Yes

  22. RECALL An example Protocol: Count down from 100 At each even round Alice announces whether her bid equals the current count; at each odd round Bob does the same Stop if a party says yes Dutch flower auction

  23. RECALL An example Protocol: Count down from 100 At each even round Alice announces whether her bid equals the current count; at each odd round Bob does the same Stop if a party says yes Dutch flower auction Perfect Standalone Security 
 But doesn’ t compose!

  24. Attack on 
 Dutch Flower Auction

  25. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions

  26. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other

  27. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other Easy in the protocol: run the two protocols lockstep. Wait till Bob says yes in one. Done if Bob says yes in the other simultaneously. Else Alice will say yes in the next round.

  28. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other Easy in the protocol: run the two protocols lockstep. Wait till Bob says yes in one. Done if Bob says yes in the other simultaneously. Else Alice will say yes in the next round. Why is this an attack?

  29. Attack on 
 Dutch Flower Auction Alice and Bob are taking part in two auctions Alice’ s goal: ensure that Bob wins at least one auction and the winning bids in the two auctions are within ±1 of each other Easy in the protocol: run the two protocols lockstep. Wait till Bob says yes in one. Done if Bob says yes in the other simultaneously. Else Alice will say yes in the next round. Why is this an attack? Impossible to ensure this in IDEAL!

  30. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL!

  31. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL! Alice could get a result in one session, before running the other. But what should she submit as her input in the first one?

  32. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL! Alice could get a result in one session, before running the other. But what should she submit as her input in the first one? If a high bid, in trouble if she wins now, but Bob has a very low bid in the other session (which he must win).

  33. Attack on 
 Dutch Flower Auction Alice’ s goal: ensure that the outcome in the two auctions are within ±1 of each other, and Bob wins at least one auction Impossible to ensure this in IDEAL! Alice could get a result in one session, before running the other. But what should she submit as her input in the first one? If a high bid, in trouble if she wins now, but Bob has a very low bid in the other session (which he must win). If a low bid (so Bob may win with a low bid), in trouble if Bob has a high bid in the other session.

  34. 
 
 
 
 
 
 UC Triviality: Splittability • UC-trivial: “Splittable” [CKL’03,PR’08] • Literally trivial ones! 
 F F F T • Extends to reactive, randomized functionalities, both PPT and IT

  35. 
 
 RECALL Is MPC Possible? Can we securely realize every functionality? Yes ⇔ sh-OT assumption Yes means all are trivial. 
 No & Yes! No is more interesting! Univ. Composable All subsets Honest 
 Angel-UC corruptible Majority Trivial ones are 
 Standalone Passive really trivial 
 (called Splittable) Computationally No Under sh-OT, 
 Unbounded (IT) everything else Yes complete! 
 No Computationally Yes (Zero-One-Law) Bounded (PPT) Yes Yes

  36. IT Setting: Trivial Functionality Information-Theoretic Passive security Deterministic SFE: Trivial ⇔ Decomposable

  37. Decomposable Function Decomposable 1 3 0 1 0 0 1 3 0 1 1 1 2 1 1 2 2 2 2 3 1 1 0 3 4 4 3 4 4 3 Undecomposable 0 1 1 1 2 1 1 4 2 0 4 5 2 0 0 4 3 3 2 4 3 3 1 0 1 4 2 1 1

  38. Decomposable Function Decomposable 1 3 0 1 0 0 1 3 0 1 1 1 2 1 1 2 2 2 2 3 1 1 0 3 4 4 3 4 4 3 Undecomposable 0 1 1 1 2 1 1 4 2 0 4 5 2 0 0 4 3 3 2 4 3 3 1 0 1 4 2 1 1

  39. Decomposable Function Decomposable 1 3 0 1 0 0 1 3 0 1 1 1 2 1 1 2 2 2 2 3 1 1 0 3 4 4 3 4 4 3 Undecomposable 0 1 1 1 2 1 1 4 2 0 4 5 2 0 0 4 3 3 2 4 3 3 1 0 1 4 2 1 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of Concept Consistency P (co-)NP PSpace ExpTime NExpTime ALC reg ALUN (NP) ALCN add regular roles without , (wrt acyc. TBoxes) ALC u only A ALN

745 views • 16 slides
IN 5210 Complexity Theory Complexity Complexity: Socio-technical (Internet, globalization)

IN 5210 Complexity Theory Complexity Complexity: Socio-technical (Internet, globalization)

IN 5210 Complexity Theory Complexity Complexity: Socio-technical (Internet, globalization) Complexity (-ies) = Number of types of components*number of types of links*speed of change Key issues: emergence, side-effects (=history),

816 views • 32 slides
Basics of Complexity Complexity = resources time space ink gates energy

Basics of Complexity Complexity = resources time space ink gates energy

Basics of Complexity Complexity = resources time space ink gates energy Complexity is a function Complexity = f (input size) Value depends on: problem encoding adj. list vs. adj matrix model of

326 views • 17 slides
Algorithmic Complexity Algorithmic Complexity &quot;Algorithmic Complexity&quot;, also called

Algorithmic Complexity Algorithmic Complexity &quot;Algorithmic Complexity&quot;, also called

Algorithmic Complexity Algorithmic Complexity &quot;Algorithmic Complexity&quot;, also called &quot;Running Time&quot; or &quot;Order of Growth&quot;, refers to the number of steps a program takes as a function of the size of its inputs. In

519 views • 28 slides
Development By The Numbers We Are Going To Measure Complexity Why Should We Care About

Development By The Numbers We Are Going To Measure Complexity Why Should We Care About

Development By The Numbers We Are Going To Measure Complexity Why Should We Care About Complexity? &quot;The Central Enemy Of Reliability is Complexity&quot; - Geer et al. Complexity And Quality Are Strongly Related Basic Metrics

1.33k views • 132 slides
Complexity Classes CSC 540 Christopher Siu 1 / 15 P Defjnition A complexity class is a set of

Complexity Classes CSC 540 Christopher Siu 1 / 15 P Defjnition A complexity class is a set of

Complexity Classes CSC 540 Christopher Siu 1 / 15 P Defjnition A complexity class is a set of languages decidable by a Turing machine within similar resource bounds. Practically, a complexity class is a set of problems of similar

414 views • 15 slides
Texts Complexity Theory The main text for the course is: Computational Complexity . Christos H.

Texts Complexity Theory The main text for the course is: Computational Complexity . Christos H.

Complexity Theory 1 Complexity Theory 2 Texts Complexity Theory The main text for the course is: Computational Complexity . Christos H. Papadimitriou. Introduction to the Theory of Computation . Michael Sipser. Anuj Dawar Other useful

628 views • 30 slides
Overview CS20a: Complexity (Nov 19, 2002) Complexity definitions Space and time bounded

Overview CS20a: Complexity (Nov 19, 2002) Complexity definitions Space and time bounded

Overview CS20a: Complexity (Nov 19, 2002) Complexity definitions Space and time bounded TMs Asymptotic complexity Complexity classes S T T I U T E O F N T A I C E I H N N Computation, Computers, and Programs

603 views • 11 slides
Staging, Clustering, and Complexity Why add complexity? Improve the performance of your

Staging, Clustering, and Complexity Why add complexity? Improve the performance of your

Staging, Clustering, and Complexity Why add complexity? Improve the performance of your rocket Meet design specifications Fly to greater altitudes (or space) Prove your engineering capabilities It looks cool Impress that

213 views • 18 slides
Classes, Objects &amp; References The Challenges of Complexity Complexity of Agent-Based Model

Classes, Objects &amp; References The Challenges of Complexity Complexity of Agent-Based Model

Classes, Objects &amp; References The Challenges of Complexity Complexity of Agent-Based Model development is a major barrier to effective delivery of value Complexity leads to models that are late, over budget, and of substandard

918 views • 36 slides
CS 301 Lecture 23 Time complexity Stephen Checkoway April 23, 2018 1 / 33 Complexity

CS 301 Lecture 23 Time complexity Stephen Checkoway April 23, 2018 1 / 33 Complexity

CS 301 Lecture 23 Time complexity Stephen Checkoway April 23, 2018 1 / 33 Complexity Computability What languages are decidable? (Equivalently, what decision problems can we solve with a computer?) 2 / 33 Complexity Computability What

1.12k views • 62 slides
Kolmogorov complexity of 2D sequences Bruno Durand Laboratoire dInformatique Fondamentale de

Kolmogorov complexity of 2D sequences Bruno Durand Laboratoire dInformatique Fondamentale de

Kolmogorov complexity of 2D sequences Bruno Durand Laboratoire dInformatique Fondamentale de Marseille Kolmogorov complexity Goal: to measure the complexity of an individual object (Shannon) theory of information: measures the complexity

1.04k views • 41 slides
Data Streams &amp; Communication Complexity Lecture 3: Communication Complexity and Lower Bounds

Data Streams &amp; Communication Complexity Lecture 3: Communication Complexity and Lower Bounds

Data Streams &amp; Communication Complexity Lecture 3: Communication Complexity and Lower Bounds Andrew McGregor, UMass Amherst 1/23 Basic Communication Complexity Three friends Alice, Bob, and Charlie each have some information x , y , z

1.11k views • 98 slides
Abstract: Computational Complexity theory deals with the classification of problems into classes

Abstract: Computational Complexity theory deals with the classification of problems into classes

Hierarchies of complexity classes 1 Abstract: Computational Complexity theory deals with the classification of problems into classes of hardness called complexity classes. In Abstract Complexity (in contrast to Concrete Complexity) we define

247 views • 12 slides
The Complexity of Abduction for Separated Heap Abstractions Nikos Gorogiannis Max Kanovich

The Complexity of Abduction for Separated Heap Abstractions Nikos Gorogiannis Max Kanovich

Complexity of Abduction in SL The Complexity of Abduction for Separated Heap Abstractions Nikos Gorogiannis Max Kanovich Peter OHearn Queen Mary University of London July 13th, 2011 Complexity of Abduction in SL Motivation Complexity of

1.14k views • 82 slides
Computability and Complexity Lecture 9 Big-O and small-o notation Time complexity class TIME( t (

Computability and Complexity Lecture 9 Big-O and small-o notation Time complexity class TIME( t (

Computability and Complexity Lecture 9 Big-O and small-o notation Time complexity class TIME( t ( n )) The class P and examples given by Jiri Srba Lecture 9 Computability and Complexity 1/15 Complexity Theory Question Assume that a problem

520 views • 15 slides
Increasing Customer Satisfaction Richard Kimber - Comotion OUTLINE FOR TODAY About us

Increasing Customer Satisfaction Richard Kimber - Comotion OUTLINE FOR TODAY About us

Increasing Customer Satisfaction Richard Kimber - Comotion OUTLINE FOR TODAY About us The landscape today Whos perspective? Simple = Easy Measure the things that matter ANGELS DEN ANGELS GATE Measurement

1.09k views • 15 slides
New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &amp;

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &amp;

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &amp; Amit Sahai Princeton University To appear in STOC04 Defining Security Central Problem in Cryptography Understanding what we want and what we

1.13k views • 34 slides
Angel, Devil, and King Martin Kutz Max-Planck Institut fr Informatik, Saarbrcken, Germany

Angel, Devil, and King Martin Kutz Max-Planck Institut fr Informatik, Saarbrcken, Germany

Angel, Devil, and King Martin Kutz Max-Planck Institut fr Informatik, Saarbrcken, Germany Attila Pr CASE Western Reserve University, Cleveland, USA Martin Kutz: Angel, Devil, and King p. 1 max planck institut informatik Martin Kutz:

1.01k views • 67 slides
Scaling limit of uniform spanning tree in three dimensions Daisuke Shiraishi, Kyoto University

Scaling limit of uniform spanning tree in three dimensions Daisuke Shiraishi, Kyoto University

Scaling limit of uniform spanning tree in three dimensions Daisuke Shiraishi, Kyoto University ongoing work with Omer Angel (UBC), David Croydon (Kyoto University) and Sarai Hernandez Torres (UBC) August 2019, Kyushu University 1 / 22 Uniform

1.07k views • 47 slides
Lessons Learned at Prashant Shah Managing Director www.tielaunchpad.com My Background

Lessons Learned at Prashant Shah Managing Director www.tielaunchpad.com My Background

Lessons Learned at Prashant Shah Managing Director www.tielaunchpad.com My Background Managing Director, TiE LaunchPad TiE Board Member TiE Angels, Co-chair Screening Committee with Salman Hummer Winblad Venture Partners

792 views • 30 slides
Case Study #3 Self-Driving Cars At a high level Is the research you are proposing possible?

Case Study #3 Self-Driving Cars At a high level Is the research you are proposing possible?

Case Study #3 Self-Driving Cars At a high level Is the research you are proposing possible? Is it practical? Does it answer the research question? Some part of it? Is your methodology sound? Is the work likely to be achievable in 5 years?

405 views • 8 slides
Maker-Breaker Games: Building a Big Chain in a Poset Daniel W. Cranston Virginia Commonwealth

Maker-Breaker Games: Building a Big Chain in a Poset Daniel W. Cranston Virginia Commonwealth

Maker-Breaker Games: Building a Big Chain in a Poset Daniel W. Cranston Virginia Commonwealth University dcranston@vcu.edu Joint with Bill Kinnersley, Kevin Milans, Greg Puleo, Douglas West VCU Discrete Math Seminar 05 March 2010

1.09k views • 75 slides
Midianit ianites es 7 Gideo deon 40 40 Abimilech 3 Tola &amp; Ja &amp; Jair 45 Jephth

Midianit ianites es 7 Gideo deon 40 40 Abimilech 3 Tola &amp; Ja &amp; Jair 45 Jephth

Years of Oppressor Judge Yrs of peace oppression Mesopotamians 8 Othniel hniel 40 Moabites 18 Eh Ehud ud 80 Philistines ? Shamg amgar ar ? ah De Debor borah Canaanites 20 40 &amp; Barak Midianit ianites es 7 Gideo

810 views • 11 slides

More recommend