non interactive secure computation from one way functions
play

Non-Interactive Secure Computation from One-Way Functions - PowerPoint PPT Presentation

Apr 17, 2023 •231 likes •443 views

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek Jain (UCLA) (JHU) Rafail Ostrovsky Ivan Visconti (UCLA) (University of Salerno) Secure Two Party Computation Function f Input x Input y P 2 P 1

  1. Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek Jain (UCLA) (JHU) Rafail Ostrovsky Ivan Visconti (UCLA) (University of Salerno)

  2. Secure Two Party Computation Function f Input x Input y P 2 P 1 Goal: Both parties wish to run a protocol at the end of which they both learn the output of the function on their joint inputs.

  3. Secure Two Party Computation Function f Input x Input y P 2 P 1 Security: Informally, adversary should not learn anything about y other than f(x, y) !

  4. UC-Secure Computation [ Canetti 01 ] Function f Input x 1 Input x 2 P2 P1 Input w 2 Input z 2 Input y 1 Function g Function p Input w 4 Input y 3 Input z 3 P4 P3 Many sessions are executed in parallel

  5. UC-Secure Computation [ Canetti 01 ] Function f Input x 1 Input x 2 P2 P1 Input w 2 Input z 2 Input y 1 Function g Function p Input w 4 Input y 3 Input z 3 P4 P3 Informally, adversary should not learn anything other than function outputs!

  6. Continued.. • Numerous applications • Unfortunately, impossible to construct without a setup assumption!

  7. Setup Assumptions • Common Reference String [Canetti-Lindell- Ostrovsky-Sahai 02] Focus of this paper • Physical Assumptions – Hardware Tokens [Katz 07] – Physically Uncloneable Functions (PUFs)

  8. Hardware Tokens [Katz07] • A piece of hardware that can evaluate any function (embedded inside it) on input queries. Function f Input x Output f(x) • Physical manifestation of ideal obfuscation? • Difference: Need the hardware object in hand to be able to query and recover output.

  9. Types of Hardware Tokens Focus of this talk • Stateless: – Honest token does not have any memory across invocations. Challenge: Adversarial tokens can be stateful! • Stateful: – Token can maintain memory. – Harder to design such tokens. – Easier to design protocols using them.

  10. Motivating Scenario Reusable message Input: DNA matching Input: DNA Data x algorithm Encrypt (x) Encrypt f(x) Decrypt and learn f(x) = list of relatives Goal: Alice wants to publish an encryption of her private DNA data to an organization that can compute the set of relatives of a given DNA sample. Security requirement: Alice’s private data and company’s data should be hidden.

  11. Non-interactive secure computation (NISC) [IKOPS’11] Reusable message Formalizes the scenario in the previous slide. • for input x Input: x Input: y Encrypt (x) Encrypt f(x, y) Decrypt and learn f(x, y) Security requirement: as in standard two party computation

  12. Prior work • [IKOPS11] : NISC in OT Hybrid model. • [AMPR14,MR17] : NISC in CRS model from OT + one way functions. • [CJS14]: UC-secure NISC in Global Random Oracle model from OT + one way functions. • [BGISW17]: NISC in plain model from sub-exponentially secure OT + one way functions.

  13. Question • Can we achieve NISC from the minimal assumption of One-Way Functions? • Further, can we achieve UC security?

  14. Our Result • UC-secure non-interactive secure computation assuming one-way functions using a single stateless hardware token. • Optimal in terms of assumptions and number of tokens. • Achieves UC security unlike all prior work except CJS14.

  15. Our Results: Corollary • Two message UC-secure two party computation where both parties receive output, assuming one way functions using a single stateless hardware token.

  16. Techniques

  17. Token direction: Prior works Receiver: input x Sender: input y . . . In all prior works, token sent by the sender. Issues in our setting: 1. Need a fresh token for each new interaction with a fixed reusable receiver message. 2. All prior works require atleast two rounds of interaction after sender token.

  18. Solution: Token from Receiver Reusable Receiver: input x Sender: input y x message

  19. Main Challenge: Resetting Attacks 1. How to prevent sender from resetting the token and trying different inputs y? 2. Need the receiver to authenticate the sender’s input to the token before it processed by the token. 3. But that will take at least 2 rounds! Solution: 1. We allow the sender to reset the token! 2. However, token is carefully designed to perform only “encrypted” computation that is later decrypted by the receiver. 3. Hence, even on trying different inputs, sender doesn’t learn anything meaningful from the token.

  20. Other Challenges • Selective abort attacks. • Subliminal channel information through token. • Achieving straight line simulation to get UC security. • Please refer to the paper for more details! https://eprint.iacr.org/2018/1020

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU)

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU)

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU) Yuval Ishai (Technion) Daniel Kraschewski (TNG Technology Consulting) Tianren Liu (MIT UW) Rafail Ostrovsky (UCLA) Vinod Vaikuntanathan

1.31k views • 109 slides
New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation Abishek Kumarasubramanian Secure Computation [Yao,GMW] Security guarantee only Corrupted party learns no when protocol runs

369 views • 16 slides
Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party

Batched Non-interactive 2PC Payman Mohassel Mike Rosulek Visa Research OSU Secure Two-Party Computation 2 1 (, ) Secure Two-Party Computation 2 1 (, ) Non-Interactive Secure

2.32k views • 48 slides
Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

https://2.bp.blogspot.com/-Q_39kDXs93c/UOecpSOTX5I/AAAAAAAAA2k/WaIfMiKzQOw/s1600/eniac1+%281%29.jpg Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure computation Zero-knowledge proofs

465 views • 33 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

677 views • 47 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views • 24 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Rump Session 2016 Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin Kp Ko University Fair Secure Computation ALPTEKN KP Assistant Professor of Computer Science and Engineering

429 views • 27 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Combining X-ray and Neutron Scattering Manfred Roessle EMBL Hamburg Beijing 28 th April to 6 th

Combining X-ray and Neutron Scattering Manfred Roessle EMBL Hamburg Beijing 28 th April to 6 th

Combining X-ray and Neutron Scattering Manfred Roessle EMBL Hamburg Beijing 28 th April to 6 th May 2011 EMBO Global Exchange Lecture Birds view of the Grenoble ESRF and ILL research area. High flux reactor Institute Laue- Langevin ILL

444 views • 41 slides
EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha

EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha

EM 3 A Introduction System Model Security Analysis Performance Evaluation Conclusions and future work EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha November 18, 2011 Sanaa Taha EM 3 A :

361 views • 24 slides
SIM TEAM HANBOOK WWW.FERNO.COM.AU/FERNOSIM FERNO AUSTRALASIAN PARAMEDIC SIMULATION CHALLENGE

SIM TEAM HANBOOK WWW.FERNO.COM.AU/FERNOSIM FERNO AUSTRALASIAN PARAMEDIC SIMULATION CHALLENGE

SIM TEAM HANBOOK WWW.FERNO.COM.AU/FERNOSIM FERNO AUSTRALASIAN PARAMEDIC SIMULATION CHALLENGE SYDNEY, NSW Contents Introduction / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /

714 views • 15 slides
diskimage-builder: Building Linux Images for Cloud / Virtualization / Container Lets start

diskimage-builder: Building Linux Images for Cloud / Virtualization / Container Lets start

diskimage-builder: Building Linux Images for Cloud / Virtualization / Container Lets start with a little bit of history: Once upon a time... About the Author Andreas Florath andreas@florath.net Mathematician (RWTH Aachen) Currently

902 views • 27 slides
Principles and Applicaons of Modern Principles and Applicaons of Modern DNA Sequencing DNA

Principles and Applicaons of Modern Principles and Applicaons of Modern DNA Sequencing DNA

Principles and Applicaons of Modern Principles and Applicaons of Modern DNA Sequencing DNA Sequencing EEEB GU4055 EEEB GU4055 Session 11: Genome Assembly Session 11: Genome Assembly 1 Today's topics Today's topics 1. de Bruijn

342 views • 15 slides
Data Structures and Algorithms Course at D-MATH (CSE) of ETH Zurich Spring 2020 1. Introduction

Data Structures and Algorithms Course at D-MATH (CSE) of ETH Zurich Spring 2020 1. Introduction

Felix Friedrich Data Structures and Algorithms Course at D-MATH (CSE) of ETH Zurich Spring 2020 1. Introduction Overview, Algorithms and Data Structures, Correctness, First Example 1 Goals of the course Understand the design and analysis of

1.08k views • 60 slides
How ( not ) to protect genomic data privacy in a distributed network: using trail re - identi fi

How ( not ) to protect genomic data privacy in a distributed network: using trail re - identi fi

How ( not ) to protect genomic data privacy in a distributed network: using trail re - identi fi cation to evaluate and design anonymity protection systems Bradley Malin and Latanya Sweeney, Carnegie Mellon University Journal of Biomedical

381 views • 20 slides
CPSC 320: Intermediate Algorithm Design and Analysis July 28, 2014 1 Course Outline

CPSC 320: Intermediate Algorithm Design and Analysis July 28, 2014 1 Course Outline

CPSC 320: Intermediate Algorithm Design and Analysis July 28, 2014 1 Course Outline Introduction and basic concepts Asymptotic notation Greedy algorithms Graph theory Amortized analysis Recursion

536 views • 25 slides

More recommend