nigel paul smart computing on encrypted data
play

Nigel Paul Smart Computing on Encrypted Data How to do the - PowerPoint PPT Presentation

Aug 27, 2023 •399 likes •876 views

Nigel Paul Smart Computing on Encrypted Data How to do the impossible KU Leuven Dining Bankers (a.k.a. Millionaires Problem) A set of bankers go to lunch. They are celebrating their bonuses just being paid. Each has been given a bonus of x

  1. Nigel Paul Smart Computing on Encrypted Data How to do the impossible KU Leuven

  2. Dining Bankers (a.k.a. Millionaire’s Problem) A set of bankers go to lunch. They are celebrating their bonuses just being paid. Each has been given a bonus of x i dollars. The one with the biggest bonus should pay. But they do not want to reveal their bonus values.

  3. Dining Bankers (a.k.a. Millionaire’s Problem) What they want to compute is the function F(x 1 ,…,x n ) = { i : x i ≥ x j for all j } without revealing the x i values. This problem (Millionaires Problem) introduced by Andrew Yao in early 1980s. Andrew won the Turing Award for this and other work.

  4. Dining Bankers (a.k.a. Millionaire’s Problem) If the bankers had a person they trusted they could get this person to compute the answer to their problem for them. They give the trusted person their bonus values and the trusted person computes who should pay for lunch.

  5. Dining Bankers (a.k.a. Millionaire’s Problem) In real life such trusted people do not exist, or are hard to come by. So we want a protocol to compute the function securely. This is what MPC does. It emulates a trusted party, enabling mutually distrusting parties to compute an arbitrary function on their inputs. All that is revealed is what can be computed from the final output.

  6. Securing Data Hard disk encryption TLS/SSL Database encryption IPSec HSM key storage Data During Computation ???????????????????????????????????

  7. Securing Data Hard disk encryption TLS/SSL Database encryption IPSec HSM key storage Data During Computation ??????????????????????????????????? Public Citizen Voting Policy Privacy GDPR Genomics

  8. Two Technologies: MPC and FHE  In MPC all parties engage in a protocol to compute the function securely  Relatively fast in computation  Expensive in communication  Enables a number of applications (see later)  FHE the parties encrypt their data, a server computes the function in the encrypted domain, a designated party gets the output  Very very slow in computation  Relatively cheap in communication  Only possible (currently) for simple functions.

  9. Basic Set Up  We assume some data is being processed. Think of genomic data, but it could be anything   There are three basic groups of actors  Input Parties  Processing Parties  Output Parties  In a traditional application there is one of each, and they are all the same person.  We could however have very different scenarios...

  10. Scenarios  Traditional  Many Different Input Parties  Input Parties=Output Parties Think of this as the usual paradigm for Cloud Computing 

  11. Scenarios  Many computing parties  And all other combinations of the above

  12. Fully Homomorphic Encryption  One computing party  One or many input parties  One output party (could be more)

  13. Fully Homomorphic Encryption  Input parties encrypt their data  Computing party evaluates the function on the encrypted data (without seeing the data)  Output party performs the decryption  First scheme 2008  In theory can compute any function, with only a small overhead in cost  In practice much more difficult  Today this is practical for functions of low multiplicative depth  Think basic statistics, machine learning algorithms

  14. Multi-Party Computation

  15. FHE vs Multi-Party Computation  The problem with FHE (i.e. the thing which made it hard to produce) was that we had only one computing party  With MPC we can have many input, computing and output parties, and indeed they could all be subsets of each other (or even exactly the same parties)  Key point is that we have n ≥ 2 computing parties  In MPC we use a lot of communication though

  16. FHE Example: Privacy in the Smart-Grid Energy consumption Power step changes due to individual appliance events

  17. Privacy-friendly energy forecasting Encrypted Input values are encrypted using homomorphic encryption input Encrypted forecast Neuron Enc(x) Polynomial Enc( f ( x,y ) ) f Enc(y)

  18. Encrypted forecast FHE Data flow Apartment block External untrusted company 47 previous consumptions … + Encrypted consumption Temperature Month Day ∑ + New Encrypted aggregated consumption consumption Prediction error for 10 houses: 23%

  19. Genome Wide Association Study via FHE and MPC

  20. Homomorphic Encryption Variant (sk,pk) Two servers : One compute (right), one decryptor (left) Step 1: Decryptor generates FHE keys and sends public keys to the hospitals

  21. Homomorphic Encryption Variant Step 2: The hospitals encrypt their contingency tables to the compute server

  22. Homomorphic Encryption Variant Encrypted significance computation Step 3: The compute server (partially) performs the chi-squared computation

  23. Homomorphic Encryption Variant Intermediate result Step 4: Intermediate results are passed back to the the decryption server in a blinded form So upon decryption only the result is obtained

  24. Homomorphic Encryption Variant PUBLIC Disease 1 Disease 2 Disease … Disease 11.000 Step 5: Decryption results in the DNA position 1 Significant … … … answer to the query DNA position 2 … Non- … … significant DNA position … … … … … DNA position … … … … 3.000.000.000

  25. MPC Variant Step 1: The hospitals secret share their contingency tables to the MPC engine

  26. MPC Variant Privacy-preserving significance computation Step 2: The MPC engine performs on the computation on the secret shared data

  27. MPC Variant PUBLIC Disease 1 Disease 2 Disease … Disease 11.000 Step 3: Answers are DNA position 1 Significant … … … reconstructed and the DNA position 2 … Non- … … relevant secret shares significant are opened. DNA position … … … … … DNA position … … … … 3.000.000.000

  28. EPIC MPC Based Image Recognition Basic problem is how can one keep the image private AND the model being applied to the image An image clearly has privacy issues. But so does a model, as it could contain sensitive commercial imformation.

  29. EPIC: Efficient Private Image Classification

  30. Efficiency compared to state-of-the-art Previous state of the art was a system called Gazelle (USENIX 2018)  EPIC vs. Gazelle on CIFAR-10:  34 times faster runtime;  50 times improvement of communication cost;  7% higher classification accuracy.  EPIC vs. Gazelle with the same accuracy:  700 times faster runtime;  500 times improvement of communication cost.  To appear CT-RSA 2019

  31. Auction Example 4,5 Similar example occurs in a sealed bid auction 4  Buyers/sellers want to determine 3,5 clearing price 3 Sellers  Single one off auction (not continuous 2,5 Quantity as in stock markets) 2 Buyers 1,5 Quantity Partisia (a Danish company) pioneered work in 1 this area 0,5  First MPC auction done in mid 2000’s for 0 Danish Sugar Beet 1 2 3 4

  32. Dark Market Example Consider a “Dark” stock market  Buyers/sellers bids kept in dark to avoid major swings in price  Common for large trades to be done in this way  The dark market operator acts as a god figure  But they can cheat (actually happened in 2017)  Can replace the dark operator by an MPC protocol  Currently we are looking into the most efficient way of doing this  Questions related to exactly how to deal with the real time nature of such markets  Examining different mechanisms used in real Dark markets to see which can be transferred to the MPC arena.

  33. Dark Market Experiments Using our SCALE-MAMBA system....  Continuous Double Auction Method  Two Party Online Throughput : 60-250 orders per second  Three Party Online Throughput : 30-140 orders per second  Volume Matching Auction Method  Two Party Online Throughput : 2000 orders per second  Three Party Online Throughput : 1000 orders per second  Two Party here means using the SPDZ protocol  Uses a combination of SHE and MPC  Three Party here means using Shamir 1-out-of-3 sharing  Optimized for online efficiency  Both actively secure MPC protocols

  34. Statistics Suppose you want to analyse two databases  E.g. Combine customer data from different banks to produce a better credit scoring model  Privacy concerns mean you cannot share the data  But using MPC you could be able to produce a combined credit score  Similar situation occurs in other databases  City of Boston gender equality survey  Estonian Tax+Education analysis  US Gov move for more student outcomes data for colleges “Know before you go”  Evidence based policy making initiative of Senator Wyden and others

  35. Statistics + Differential Privacy Question is whether a query reveals information  Allowing salary average data output can reveal an individuals salary  Theory of differential privacy: Add noise to remove this link KU Leuven working in DARPA program Brandeis to produce the Jana database which works on encrypted data, and adds differential privacy based noise. Looking at applications in US Census and potential UN applications

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Modes of operations for computing on encrypted data Dragos Rotaru, N.P. Smart, and Martijn Stam

Modes of operations for computing on encrypted data Dragos Rotaru, N.P. Smart, and Martijn Stam

FSE 2018 Modes of operations for computing on encrypted data Dragos Rotaru, N.P. Smart, and Martijn Stam KU Leuven, University of Bristol 1 Dragos Rotaru , N.P. Smart, M. Stam imec-Cosic, Dept. Electrical Engineering Multiparty computation

471 views • 44 slides
Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

CS573 Data Privacy and Security Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted data Homomorphic encryption What is Cloud Computing ? Cloud computing Type of computing that relies on sharing

1.29k views • 62 slides
Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson CASYS team seminar, Grenoble, December 2018 Outsourcing Data with Search Capabilities Data

534 views • 38 slides
Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov Outsourced Applications Today Server data data Encrypt the data! Encrypt the Data App functionality no App functionality no longer works :( longer

1.42k views • 58 slides
Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson eprint 2019/011 and IEEE S&P 2019. C2 seminar, Rennes, 2019 Outsourcing Data Data upload

646 views • 39 slides
Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB. January 8, 2013 Nigel P . Smart Multi Party

604 views • 28 slides
To look but not to see In this talk I will relate recent successes in compilation for

To look but not to see In this talk I will relate recent successes in compilation for

To look but not to see In this talk I will relate recent successes in compilation for Encrypted Computing to code obfuscation Of importance in Encrypted Computing is a proof ... Adversary has no method to decipher run-time data code

319 views • 21 slides
AnalysingAccess Pattern and Volume Leakage from Range Queries on Encrypted Data Kenny Paterson

AnalysingAccess Pattern and Volume Leakage from Range Queries on Encrypted Data Kenny Paterson

AnalysingAccess Pattern and Volume Leakage from Range Queries on Encrypted Data Kenny Paterson @kennyog based on joint work with Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud Information Security Group SuRI EPFL June 18, 2018

859 views • 49 slides
Homomorphic Evaluation of the AES Circuit Craig Gentry, Shai Halevi, Nigel P . Smart IBM

Homomorphic Evaluation of the AES Circuit Craig Gentry, Shai Halevi, Nigel P . Smart IBM

Homomorphic Evaluation of the AES Circuit Craig Gentry, Shai Halevi, Nigel P . Smart IBM Research and University Of Bristol. August 22, 2012 Craig Gentry, Shai Halevi, Nigel P . Smart Homomorphic Evaluation of the AES Circuit Slide 1

592 views • 30 slides
Why Encrypt Data? We have already discussed authentication and access control as means to

Why Encrypt Data? We have already discussed authentication and access control as means to

Security in Outsourced Databases II Outsourced Databases II (Query Processing on Encrypted Data) Disks replaced Data worthless if encrypted Customer Credit for maintenance Card Number Laptops stolen Backups lost p 1 Why Encrypt Data?

759 views • 19 slides
smart data mobility smart data mobility smart data mobility grass coal oil data data

smart data mobility smart data mobility smart data mobility grass coal oil data data

smart data mobility smart data mobility smart data mobility grass coal oil data data + Cell tower triangulation MAC address (WiFi) GPS (GNSS) Automatic image recognition (video) Mobile telecom Facial recognition/tracking cell

828 views • 59 slides
A Smart Computing Framework Centered on User and Societal Empowerment to Achieve the Sustainable

A Smart Computing Framework Centered on User and Societal Empowerment to Achieve the Sustainable

A Smart Computing Framework Centered on User and Societal Empowerment to Achieve the Sustainable Development Goals A/Prof. Bahman Javadi April 2019 Smart Computing Smart Computing is an effective method to integrate computer hardware,

272 views • 14 slides
Better Living through Deep Learning and Edge Computing Peggy James Smart cities and big data

Better Living through Deep Learning and Edge Computing Peggy James Smart cities and big data

Better Living through Deep Learning and Edge Computing Peggy James Smart cities and big data What is a smart city ? Connected Participatory Organic Networked Vertically and Connected Horizontally Multidirectional Democratic

561 views • 21 slides
Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security (600/650.624) Introduction Searching usually done over plaintext But what if we could search encrypted data? Bloom Filters Efficient

459 views • 30 slides
Approximate reconstruction of encrypted databases Paul Grubbs, Marie-Sarah Lacharit, Brice

Approximate reconstruction of encrypted databases Paul Grubbs, Marie-Sarah Lacharit, Brice

Approximate reconstruction of encrypted databases Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson Information Security Group ESSA2, Bertinoro, 9th July 2018 Situation overview General message from previous talk: Dont use

667 views • 27 slides
Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical Order-Revealing Encryption Nate Chenette ICERM conference on Encrypted Search June 12, 2019 Project Background Baffle Inc. https://baffle.io/

407 views • 23 slides
PPP ( ) :

PPP ( ) :

PPP ( ) : PPP in Transportation Infrastructure Projects in Israel: Review and Analysis Remy Cohen Bocconi University School of

358 views • 13 slides
CLIP : Cryptography Law, Information & Privacy An interdisciplinary panel Aggelos

CLIP : Cryptography Law, Information & Privacy An interdisciplinary panel Aggelos

CLIP : Cryptography Law, Information & Privacy An interdisciplinary panel Aggelos Kiayias (U. Athens) Ioannis Iglezakis (AUTH) Panayiotis Rizomiliotis (U. Aegean) Lilian Mitrou (U. Aegean) crypto.di.uoa.gr CLIP The objective:

167 views • 6 slides
Knowing without Seeing Informational Power, Cryptosystems and the Law @mikarv Centralised Data,

Knowing without Seeing Informational Power, Cryptosystems and the Law @mikarv Centralised Data,

Michael Veale University College London // the Alan Turing Institute Knowing without Seeing Informational Power, Cryptosystems and the Law @mikarv Centralised Data, Broadcast Data is a third way possible? @mikarv References: Secure

256 views • 23 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
FNV Campaign in WI background Obesity in Wisconsin Marketing impact $2 billion Less than

FNV Campaign in WI background Obesity in Wisconsin Marketing impact $2 billion Less than

Amber Canto, MPH, RDN Health and Well-Being Institute Director University of Wisconsin-Extension erin.aagesen@ces.uwex.edu Erin Aagesen, MS, MPH FNV Campaign Coordinator FoodWIse, a program of UW-Extension erin.aagesen@ces.uwex.edu FNV

359 views • 34 slides
Tees Valley Nature Partnership Steering Group 18 th December 2019 Middlesbrough Football Club

Tees Valley Nature Partnership Steering Group 18 th December 2019 Middlesbrough Football Club

Tees Valley Nature Partnership 2019 Tees Valley Nature Partnership Steering Group 18 th December 2019 Middlesbrough Football Club Tees Valley Nature Partnership 2019 Nature and economy working together Support policies & projects Embed a

342 views • 17 slides
A High-Level Overview of Cryptography Daniel Bosk School of Computer Science and Communication,

A High-Level Overview of Cryptography Daniel Bosk School of Computer Science and Communication,

Introduction Shared-key cryptography Public-key cryptography More counter-intuitive things References A High-Level Overview of Cryptography Daniel Bosk School of Computer Science and Communication, KTH Royal Institute of Technology,

1.58k views • 145 slides
CSCI 1951-G Optimization Methods in Finance Part 11: Stochastic Optimization April 13, 2018

CSCI 1951-G Optimization Methods in Finance Part 11: Stochastic Optimization April 13, 2018

CSCI 1951-G Optimization Methods in Finance Part 11: Stochastic Optimization April 13, 2018 1 / 53 Outline 1) Uncertainty in optimization 2) The troubles of an European farmer 3) Two-stage problems with recourse 4) Benders decomposition

763 views • 53 slides

More recommend