new impossibility results for concurrent composition
play

New Impossibility Results for Concurrent Composition and a - PowerPoint PPT Presentation

Apr 05, 2024 •205 likes •369 views

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation Abishek Kumarasubramanian Secure Computation [Yao,GMW] Security guarantee only Corrupted party learns no when protocol runs

  1. New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation Abishek Kumarasubramanian

  2. Secure Computation [Yao,GMW] Security guarantee only Corrupted party learns no when protocol runs in more than protocol output isolation x y Π f(x,y)

  3. Today’s World is Concurrent

  4. Overall Question Can we design protocols that remain secure even when executed concurrently? Stand-alone security does not imply security under concurrent composition [DDN92,DNS98]

  5. Positive Results • If we are willing to make global trust assumptions, then general positive results known [CF01,CLOS…] • Alternatively, can relax the security definition to obtain positive results [Pass03,PS04,BS05,MPR06] No general positive result in the plain model

  6. Negative Result? • Broad impossibility results known in the plain model [CF01, CKL03, Lin03, Lin04, BPS06] There are still important gaps in our understanding

  7. Paper 1 - [Agrawal-Goyal-Jain-Prabhakaran-Sahai] Motivation – Fixed Roles Client 1 Client 2 Client 3 • Positive results for concurrent zero-knowledge [RK99,KP01,PRS02] • Impossibility for some functionalities [Lin04] Is concurrently secure Oblivious Transfer possible? [Lin08]

  8. Paper 2 - [Garg-K-Ostrovsky-Visconti] Motivation – Fixed Input Y1 Client 1 X1 Y2 Client 2 X2 Client 3 X3 Y3 Impossibility results for two very specific (somewhat contrived) functionalities [BPS06,Goy12]

  9. Core Result [Agrawal-Goyal-Jain-Prabhakaran-Sahai] [Garg-K-Ostrovsky-Visconti] • Concurrent self composition impossible for Oblivious Transfer • in both fixed input, fixed role settings

  10. Extensions • [Garg-K-Ostrovsky-Visconti] • Concurrent composition impossible for all non trivial asymmetric and symmetric functionalities • General stateless secure computation [GS09,GM11] is impossible • [Agrawal-Goyal-Jain-Prabhakaran-Sahai] • Non-interactive completeness theorem for non trivial asymmetric functionalities • subsumes result of [Kil00] • corollary: concurrent composition impossibility for non trivial asymmetric functionalities

  11. Oblivious Transfer Ideal World Real world b s 0 ,s 1 Π OT

  12. Chosen Protocol Attack b, s 0 , s 1 s 0 , s 1 Π OT Π OT if output = s b send s 1-b Bob Dave Alice Bob merely forwards messages; successfully learns s 1-b always

  13. Chosen Protocol Attack… b, s 0 , s 1 s 0 , s 1 Π OT if output = s b send s 1-b Bob Dave Alice Bob fails Dave’s test with prob. 1/2 ; so learns s 1-b with prob. 1/2

  14. From Chosen Protocol Attack to Impossibility of Concurrent OT Dave garbled circuits with replace computing his next msg function Keys for garbled Obtained by more OT concurrent executions circuits . . . . . Alice Bob

  15. Complete Proof 2 Full versions! 1 0 Full version

  16. Thank you! And Questions! Many thanks to Abhishek Jain and Shweta Agrawal for the slides Only 1/3 of the blame goes to me!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an

Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an

Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an important building block for fault-tolerant computing Universal: any deterministic fault-tolerant service can be implemented on top of it

349 views • 12 slides
Point-Set Topology for Impossibility Results in Distributed Computing Thomas Nowak Overview

Point-Set Topology for Impossibility Results in Distributed Computing Thomas Nowak Overview

Point-Set Topology for Impossibility Results in Distributed Computing Thomas Nowak Overview Introduction Safety vs. Liveness First Example: Wait-Free Shared Memory Message Omission Model Execution Trees Three Classical

845 views • 40 slides
Concurrent Composition of I/O Redundancy Be- haviors in Go Klaus Birkelund Jensen and Brian Vinter

Concurrent Composition of I/O Redundancy Be- haviors in Go Klaus Birkelund Jensen and Brian Vinter

n i e l s b o h r i n s t i t u t e university of copenhagen Concurrent Composition of I/O Redundancy Be- haviors in Go Klaus Birkelund Jensen and Brian Vinter {birkelund,vinter}@nbi.ku.dk eScience , X-Ray and Neutron Scattering Niels Bohr

483 views • 36 slides
Control of Networks Algorithms, Fundamental Limitations, Impossibility Results Alex Olshevsky

Control of Networks Algorithms, Fundamental Limitations, Impossibility Results Alex Olshevsky

Control of Networks Algorithms, Fundamental Limitations, Impossibility Results Alex Olshevsky Department of Electrical and Computer Engineering Boston University Linear control theory The study of the linear differential equation x ( t )

881 views • 87 slides
Impossibility Results for Distributed Transactional Memory Paper Reading Group Costas Bunsch

Impossibility Results for Distributed Transactional Memory Paper Reading Group Costas Bunsch

Impossibility Results for Distributed Transactional Memory Paper Reading Group Costas Bunsch Maurice Herlihy Miroslav Popovic Gokarna Sharma Presents: Maksym Planeta 12.11.2015 Table of Contents Introduction Table of Contents

640 views • 22 slides
Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel

Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel

Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel Jost Ueli Maurer ETH Zurich Crypto 2020, August 17-21, 2020 Motivation: how to best define security? Aug 17, 2020 2 Daniel Jost Defining Security

1.25k views • 46 slides
CONCURRENT COLLECTIONS 2 5/24/11 Concurrent Collec9ons

CONCURRENT COLLECTIONS 2 5/24/11 Concurrent Collec9ons

1 5/24/11 Concurrent Collec9ons CONCURRENT COLLECTIONS 2 5/24/11 Concurrent Collec9ons Acknowledgements Slides and material from Kathleen Knobe (Intel)

865 views • 20 slides
The Impossibility of a Paretian Liberal Christian Geist Project: Modern Classics in Social Choice

The Impossibility of a Paretian Liberal Christian Geist Project: Modern Classics in Social Choice

The Author Setting, Definitions and Conditions Sen s Impossibility Theorem and Proof Critique and Ways Out Conclusion The Impossibility of a Paretian Liberal Christian Geist Project: Modern Classics in Social Choice Theory Institute

1.98k views • 15 slides
An Impossibility Theorem Seminar Algorithms Kevin Chang Eindhoven University of Technology June

An Impossibility Theorem Seminar Algorithms Kevin Chang Eindhoven University of Technology June

An Impossibility Theorem Seminar Algorithms Kevin Chang Eindhoven University of Technology June 19, 2018 Contents Motivation Definitions The Impossibility Theorem Centroid-Based Clustering and Consistency Relaxing the Properties Table of

1.08k views • 96 slides
Concurrent Enrollment A Guide for Parents and Students What is Concurrent Enrollment? Concurrent

Concurrent Enrollment A Guide for Parents and Students What is Concurrent Enrollment? Concurrent

Concurrent Enrollment A Guide for Parents and Students What is Concurrent Enrollment? Concurrent enrollment allows high school students to enroll in college courses and receive college credit. The College and Career Access Pathways (CCAP) program

555 views • 21 slides
The Hidden Matching-Structure of the Composition of Strips: a Polyhedral Perspective Yuri Faenza 1

The Hidden Matching-Structure of the Composition of Strips: a Polyhedral Perspective Yuri Faenza 1

Definitions and known results Testing membership for SSP of composition of strips Extended formulation, projection and separation Consequences for claw-free graphs The Hidden Matching-Structure of the Composition of Strips: a Polyhedral

226 views • 21 slides
Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed

Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed

Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7 VTSA, MPI-Saarbr ucken, September 2012 A. Bouajjani (LIAFA, UP7) Lecture 1: Concurrent

651 views • 61 slides
Automated Web Service Composition in Practice: from Composition Requirements Specification to

Automated Web Service Composition in Practice: from Composition Requirements Specification to

Outline Automated Web Service Composition The Amazon-MPS Case study Conclusions and Future Works Automated Web Service Composition in Practice: from Composition Requirements Specification to Process Run. Annapaola Marconi , Marco Pistore and

730 views • 59 slides
Disjoint-Access Parallelism: Impossibility, Possibility, and Cost of

Disjoint-Access Parallelism: Impossibility, Possibility, and Cost of

Disjoint-Access Parallelism: Impossibility, Possibility, and Cost of Transactional Memory Implementations Sebastiano Peluso 1 , Roberto Palmieri 1 , Paolo Romano 2 , Binoy Ravindran 1 and Francesco Quaglia 3 3 1 2

412 views • 26 slides
Concurrent Programming in Scala 1 / 7 Concurrent Programming 1 Concurrent programming:

Concurrent Programming in Scala 1 / 7 Concurrent Programming 1 Concurrent programming:

Concurrent Programming in Scala 1 / 7 Concurrent Programming 1 Concurrent programming: separate overlapping threads of execution, not necessarily run on separate processors/cores Parallel programming: separate threads of execution running

257 views • 7 slides
Coinduction in concurrent timed systems Jan Komenda Institute of Mathematics, Czech Academy of

Coinduction in concurrent timed systems Jan Komenda Institute of Mathematics, Czech Academy of

Mealy and weighted automata as coalgebras Functional stream calculus (max,+)-automata and timed automata Synchronous composition Produc Coinduction in concurrent timed systems Jan Komenda Institute of Mathematics, Czech Academy of Sciences,

573 views • 43 slides
Minimizing Clos Networks Alexander Martin and Peter Lietz Darmstadt University of Technology

Minimizing Clos Networks Alexander Martin and Peter Lietz Darmstadt University of Technology

M OTIVATION S WITCHING N ETWORKS L ITERATURE M ATHEMATICAL M ODEL S OLUTION A PPROACH R ESULTS Minimizing Clos Networks Alexander Martin and Peter Lietz Darmstadt University of Technology Workshop on Combinatorial Optimization Aussois

807 views • 33 slides
CompSci 514: Computer Networks Lecture 15 Practical Datacenter Networks Xiaowei Yang Overview

CompSci 514: Computer Networks Lecture 15 Practical Datacenter Networks Xiaowei Yang Overview

CompSci 514: Computer Networks Lecture 15 Practical Datacenter Networks Xiaowei Yang Overview Wrap up DCTCP analysis Today Googles datacenter networks Topology, routing, and management Inside Facebooks datacenter

525 views • 37 slides
COMPGA11: Research in Information Security Steven Murdoch University College London based

COMPGA11: Research in Information Security Steven Murdoch University College London based

COMPGA11: Research in Information Security Steven Murdoch University College London based on a course by Tony Morton Term 2 2015/16 Course summary To develop an understanding of what research in information security is about,

707 views • 27 slides
2007 Day In The Life Mistakes We Dont Want To Repeat Duane Wessels The Measurement

2007 Day In The Life Mistakes We Dont Want To Repeat Duane Wessels The Measurement

2007 Day In The Life Mistakes We Dont Want To Repeat Duane Wessels The Measurement Factory/CAIDA WIDE+CAIDA Workshop #9 January 20, 2008 WIDE+CAIDA #9 0 The Measurement Factory OARC Disk Space Problem: The OARC server did not have

127 views • 12 slides
A model for the extended predicative Mahlo Universe Anton Setzer (joint work with Reinhard Kahle,

A model for the extended predicative Mahlo Universe Anton Setzer (joint work with Reinhard Kahle,

A model for the extended predicative Mahlo Universe Anton Setzer (joint work with Reinhard Kahle, Lisbon) Proof Society Workshop Ghent 6 September 2018 Anton Setzer The extended predicative Mahlo Universe 1/ 31 Explicit Mathematics Extended

510 views • 34 slides
CEKgo extensions M ::= . . . | go M | here M F ::= ( W ) | ( M E ) |

CEKgo extensions M ::= . . . | go M | here M F ::= ( W ) | ( M E ) |

CEKgo extensions M ::= . . . | go M | here M F ::= ( W ) | ( M E ) | ::= F K 1 / 23 CEKgo machine transition steps x | E | K lookup x in E ) | E | K 2 / 23 CEKgo machine transition steps

488 views • 23 slides
Data Centers & Co-designed Distributed Systems A Data Center Inside a Data Center Data

Data Centers & Co-designed Distributed Systems A Data Center Inside a Data Center Data

Data Centers & Co-designed Distributed Systems A Data Center Inside a Data Center Data center 10k - 100k servers: 250k 10M cores 1-100PB of DRAM 100PB - 10EB storage 1- 10 Pbps bandwidth (>> Internet) 10-100MW power - 1-2% of

911 views • 54 slides
Formal verification of a compiler front-end for mini-ML Zaynah Dargaye, Xavier Leroy, Andrew

Formal verification of a compiler front-end for mini-ML Zaynah Dargaye, Xavier Leroy, Andrew

Formal verification of a compiler front-end for mini-ML Zaynah Dargaye, Xavier Leroy, Andrew Tolmach INRIA Paris-Rocquencourt WG 2.8, july 2007 Dargaye, Leroy, Tolmach (INRIA) Verification of a mini-ML compiler WG 2.8, july 2007 1 / 34

704 views • 33 slides

More recommend