on the structure of unconditional uc hybrid protocols
play

On the Structure of Unconditional UC Hybrid Protocols Mike Rosulek - PowerPoint PPT Presentation

Feb 01, 2023 •283 likes •1.07k views

On the Structure of Unconditional UC Hybrid Protocols Mike Rosulek (Oregon State University) and Morgan Shirley (University of Toronto) Problem Statement & Summary of Results Our Parameters f(x, y) y x 2-Party functions A B

  1. On the Structure of Unconditional UC Hybrid Protocols Mike Rosulek (Oregon State University) and Morgan Shirley (University of Toronto)

  2. Problem Statement & Summary of Results

  3. Our Parameters f(x, y) y x ● 2-Party functions A B ● Finite and fjxed truth tables y 0 1 2 ● Symmetric 0 2 1 0 ● UC Security 120 x 1 201 ● Security with abort 2 ● Information theoretic

  4. Our Parameters f(x, y) y x ● 2-Party functions A B ● Finite and fjxed truth tables ● Symmetric 0 2 1 ● UC Security 120 201 ● Security with abort ● Information theoretic

  5. 2-Party SFEs with Information- Theoretic UC Security Either:

  6. 2-Party SFEs with Information- Theoretic UC Security Either: Trivial! 0 1 0 001

  7. 2-Party SFEs with Information- Theoretic UC Security Either: Trivial! Impossible! 0 1 0 (literally everything interesting) 001

  8. 2-Party SFEs with Information- Theoretic UC Security Either: Trivial! Impossible! 0 1 0 (literally everything interesting) 001 We'd like to differentiate functionalities on the right side Canetti, Kushilevitz and Lindell EUROCRYPT 2003 Prabhakaran and Rosulek CRYPTO 2008

  9. Hybrid World

  10. Reductions ● A way to defjne complexity ● A function f reduces to a function g if there exists a g -hybrid protocol for f that has UC security f ⊑ g

  11. Goal: completely classify when f and g reduce to each other

  12. Completeness ● Complete g : every f reduces to g ● Kilian 1 shows a necessary and suffjcient condition for completeness 0 1 11 1. In 23 rd ACM STOC , 1991

  13. 2-Party SFEs with Information- Theoretic UC Security Trivial! Complete 0 1 0 0 1 001 11 Everything Reduces to reduces to everything

  14. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 0 1 0 0 1 001 11 Everything Reduces to reduces to everything

  15. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 0 1 0 0 1 0 0 1 001 001 11 110 Everything Reduces to reduces to everything

  16. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 0 1 0 0 1 0 0 1 001 001 11 110 Everything Reduces to reduces to everything Some reductions studied between decomposable functions (e.g. Maji, Prabhakaran, Rosulek TCC 2009)

  17. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 1 2 1 0 1 0 0 1 0 0 1 452 001 001 11 433 110 Everything Reduces to reduces to everything Some reductions studied between decomposable functions (e.g. Maji, Prabhakaran, Rosulek TCC 2009)

  18. 2-Party SFEs with Information- Theoretic UC Security Neither Trivial! Complete 1 2 1 0 1 0 0 1 0 0 1 452 001 001 11 433 110 Everything Reduces to reduces to everything ? Some reductions studied between decomposable functions (e.g. Maji, Prabhakaran, Rosulek TCC 2009)

  19. Main Theorem (almost) When f and g are incomplete , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  20. Main Theorem (almost) When f and g are incomplete , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑ * *With a few edge cases

  21. Edge case: Unilateral functions ● At least one row (or column) constant! ● One party might know 1 1 1 the output before the 233 protocol begins 233

  22. Main Theorem (almost) When f and g are incomplete , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  23. Main Theorem (almost) When f and g are incomplete and f is non- unilateral , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  24. Number of rounds required in a g -hybrid protocol for f ... 1 Number of protocol rounds necessary (for incomplete and non-unilateral f and g )

  25. Number of rounds required in a g -hybrid protocol for f ... ω(log κ) 1 Number of protocol rounds necessary (for incomplete and non-unilateral f and g )

  26. Main Theorem (almost) When f and g are incomplete and f is non- unilateral , if f ⊑ then: g – f g via a single-round deterministic protocol ⊑

  27. Main Theorem When f and g are incomplete and f is non- unilateral , if f ⊑ via a (worst-case) log-round g protocol: – f g via a single-round deterministic protocol ⊑

  28. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  29. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g These edge cases are necessary

  30. Embedding

  31. What would a single-round reduction look like?

  32. What would a single-round reduction look like? A B g g g

  33. What would a single-round reduction look like? A B A B g or g A B g g

  34. What would a single-round reduction look like? A B A B g or g A B g g

  35. Embedding: Correctness ● Each party sends a g -input based on their f -input ● The g -output maps back to an f -output ● Intuitively: f appears as sub-matrix* in g g f 1 2 1 7 1 2 1 452 7 452 433 7 433 8889 *Perhaps with some rearrangement and relabelling

  36. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  37. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  38. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  39. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  40. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  41. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  42. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  43. Embedding: Security 13 1 5 3 g can't reveal too 14 146 much information 24 247 13 1 3 3 There are no 24 224 ambiguous g -inputs

  44. Embedding ● Defjnition basically follows this intuition – If there's an embedding, there's a single-round protocol – If there's a single-round protocol, there's an embedding

  45. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  46. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  47. Main Theorem When f and g are incomplete and f is non- unilateral , the following are equivalent: – f ⊑ via a (worst-case) log-round protocol g – f g via a single-round deterministic protocol ⊑ – f embeds in g

  48. Collapse a protocol to a single round

  49. Frontiers g g g g g g g g g g

  50. Frontiers Property: Alice's simulator has extracted ✗ ✗ ✔ g g ✗ ✔ ✔ ✔ g g g ✔ ✔ ✔ ✔ ✔ ✔ ✗ ✗ g g g g g

  51. Frontiers Property: Alice's simulator has extracted ✗ ✗ ✔ g g ✗ ✔ ✔ ✔ g g g ✔ ✔ ✔ ✔ ✔ ✔ ✗ ✗ g g g g g

  52. Our Frontiers ● F A-ext – Alice's simulator has extracted ● F A-out – Alice thinks the output is fjxed (regardless of Bob's input) ● Similar frontiers defjned for Bob – F B-ext – F B-out

  53. Idea: Give me any secure, correct protocol for ⊑ f g. I can say something about the frontiers.

  54. Frontiers F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  55. Frontiers F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  56. Frontiers BAD! F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  57. Frontiers F A-ext F B-ext F B-out g g F A-out g g g g g g g g

  58. Frontiers F A-ext BAD! F B-ext F B-out g g F A-out g g g g g g g g

  59. Frontiers F A-ext BAD! F B-ext F B-out g g F A-out g g g g g g g g This is where we need f to be non-unilateral

  60. Cycle of Inequalities ● F A-ext not before F B-out ● F A-out not before F A-ext ● F B-ext not before F A-out ● F B-out not before F B-ext ● So they all happen at the same time! ● Must happen due to a call to g

  61. Instantaneous Property g g g g g g g g g g

  62. Instantaneous Property Before: no information shared g g g g g g g g g g Error (small) After: output of f is known

  63. Instantaneous Property Before: no information shared g g g g Error (small)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP University VP University WHEN DO YOU USE HYBRI D CONSTRUCTI ON? Hybrid Construction is an economical alternative to conventional steel structures

431 views • 15 slides
Hybrid Checking with Data Structure Invariants Moss Prescott University of Colorado, Boulder

Hybrid Checking with Data Structure Invariants Moss Prescott University of Colorado, Boulder

Hybrid Checking with Data Structure Invariants Moss Prescott University of Colorado, Boulder CSCI 5535, Spring 2009 Invariant Checks An easy way for developers to specify/verify a data structure and its implementation One common

185 views • 16 slides
READING THE NEWS THROUGH ITS STRUCTURE: NEW HYBRID CONNECTIVITY BASED APPROACHES Programa de

READING THE NEWS THROUGH ITS STRUCTURE: NEW HYBRID CONNECTIVITY BASED APPROACHES Programa de

READING THE NEWS THROUGH ITS STRUCTURE: NEW HYBRID CONNECTIVITY BASED APPROACHES Programa de Doutoramento em Cincias da Complexidade Doctoral Programme in Complexity Sciences Orientador / Advisor: Professor Jorge Manuel Anacleto Lou

739 views • 40 slides
High-dimensional consistency in score-based and hybrid structure learning Marloes Maathuis joint

High-dimensional consistency in score-based and hybrid structure learning Marloes Maathuis joint

High-dimensional consistency in score-based and hybrid structure learning Marloes Maathuis joint work with Preetam Nandy and Alain Hauser Structure learning We consider random variables ( X 1 , . . . , X p ) with distribution F 0 , where F 0

1.28k views • 82 slides
Unconditional Flocking of the Delayed Cucker-Smale Model Jianhong Wu Collaborator: Yicheng Liu,

Unconditional Flocking of the Delayed Cucker-Smale Model Jianhong Wu Collaborator: Yicheng Liu,

Unconditional Flocking of the Delayed Cucker-Smale Model Jianhong Wu Collaborator: Yicheng Liu, National University of Defense Technology April 6, 2013 Outline The Cucker-Smale Model Flocking solutions and unconditional flocking

289 views • 15 slides
Corporate Presentation Voluntary Unconditional General Offer for Neptune Orient Lines Limited

Corporate Presentation Voluntary Unconditional General Offer for Neptune Orient Lines Limited

Group Corporate Presentation Voluntary Unconditional General Offer for Neptune Orient Lines Limited Financial department 10 June 2016 19/03/2014 Overview of the Offer Voluntary Unconditional General Offer by CMA CGM S.A. (CMA CGM or the

369 views • 15 slides
Comparison of different solution strategies for structure deformation using hybrid OpenMP-MPI

Comparison of different solution strategies for structure deformation using hybrid OpenMP-MPI

Comparison of different solution strategies for structure deformation using hybrid OpenMP-MPI methods Miguel Vargas, Salvador Botello 1/29 Description of the problem Description of the problem This is a high performance/large scale

661 views • 29 slides
Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport network Example client/server systems and link their application-level protocols: physical Application-Layer Protocols:

432 views • 10 slides
Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport Example client/server systems and network their application-level protocols: link physical Application-Layer Protocols

281 views • 13 slides
Well-being and Income Poverty Impacts of an unconditional cash transfer program using a

Well-being and Income Poverty Impacts of an unconditional cash transfer program using a

Well-being and Income Poverty Impacts of an unconditional cash transfer program using a subjective approach Kelly Kilburn, Sudhanshu Handa, Gustavo Angeles kkilburn@unc.edu UN WIDER Development Conference: Human Capital and Growth June 6,

433 views • 26 slides
Hybrid Controller Chip (HCC) Size: 4700um x 2860um; I/O pads: 83 Dual pad-ring

Hybrid Controller Chip (HCC) Size: 4700um x 2860um; I/O pads: 83 Dual pad-ring

Hybrid Controller Chip (HCC) Size: 4700um x 2860um; I/O pads: 83 Dual pad-ring structure to fit onto Hybrid IBM Standard Cells: ~20,000 + 727 Decoupling caps (200pF) Nets: 22,942 Macros: Voltage Regulator

313 views • 6 slides
Hybrid NLP Hybrid NLP O UTLINE O UTLINE Problems of Deep and Shallow Processing

Hybrid NLP Hybrid NLP O UTLINE O UTLINE Problems of Deep and Shallow Processing

Hybrid NLP Hybrid NLP O UTLINE O UTLINE Problems of Deep and Shallow Processing Hybrid Architectures An Advanced Platform for Hybrid NLP: Deep Thought Applications for Hybrid Processing Conclusion and Outlook LTII

635 views • 25 slides
Clive Bennett How we got here our structure 1 st firms Hybrid 90% selected option join

Clive Bennett How we got here our structure 1 st firms Hybrid 90% selected option join

Clive Bennett How we got here our structure 1 st firms Hybrid 90% selected option join for agreed network review Building the new brand On-site Debate on the QA systems Review systems review network implemented designed begins

650 views • 47 slides
Last time specific protocols: Application architectures HTTP client-server P2P

Last time specific protocols: Application architectures HTTP client-server P2P

Last time specific protocols: Application architectures HTTP client-server P2P SMTP, POP, IMAP hybrid DNS Application service P2P requirements: reliability, bandwidth, delay Internet transport

566 views • 24 slides
UCP, Draw Procedures and More Drafting Commercial vs. Standby, Conditional vs. Unconditional,

UCP, Draw Procedures and More Drafting Commercial vs. Standby, Conditional vs. Unconditional,

Presenting a live 90-minute webinar with interactive Q&A Letters of Credit: ISP98 Forms, UCC Article 5, UCP, Draw Procedures and More Drafting Commercial vs. Standby, Conditional vs. Unconditional, Limited Term vs. "Evergreen,"

647 views • 54 slides
Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI model. 1 Layered Protocols (2) 2-2 A typical message as it appears on the network. Data Link Layer 2-3 Discussion between a receiver and a

577 views • 23 slides
r sts ss r

r sts ss r

Computer Science Laboratory, SRI International r sts ss r trt r sts r

682 views • 19 slides
HYBRIDCAST ; ADVANCED HYBRID BROADCAST AND BROADBAND SYSTEM NHK H. Fujisawa, K. Matsumura, M.

HYBRIDCAST ; ADVANCED HYBRID BROADCAST AND BROADBAND SYSTEM NHK H. Fujisawa, K. Matsumura, M.

HYBRIDCAST ; ADVANCED HYBRID BROADCAST AND BROADBAND SYSTEM NHK H. Fujisawa, K. Matsumura, M. Takechi View points of Broadcaster for Hybrid services Broadcasters have intention to deploy attractive hybrid services through both broadcast

75 views • 5 slides
Dos and Donts of a Hybrid Environment MySQL and MongoDB Introduction Im Rick Vasquez a

Dos and Donts of a Hybrid Environment MySQL and MongoDB Introduction Im Rick Vasquez a

Dos and Donts of a Hybrid Environment MySQL and MongoDB Introduction Im Rick Vasquez a TAM at Percona. I have all three types of customers: MongoDB only 1. MySQL only 2. MongoDB and MySQL hybrid 3. The Dos of a Hybrid

562 views • 14 slides
Kingsguard: Write-Rationing Garbage Collection for Hybrid Memories Shoaib Akram (Ghent) ,

Kingsguard: Write-Rationing Garbage Collection for Hybrid Memories Shoaib Akram (Ghent) ,

Kingsguard: Write-Rationing Garbage Collection for Hybrid Memories Shoaib Akram (Ghent) , Jennifer B. Sartor (Ghent), Kathryn S. Mckinley (Google), and Lieven Eeckhout (Ghent) Shoaib.Akram@UGent.be DRAM is facing challenges Scalability

554 views • 29 slides
Providing Hybrid Block Storage for Virtual Machines using Object-based Storage Sixiang Ma*,

Providing Hybrid Block Storage for Virtual Machines using Object-based Storage Sixiang Ma*,

Providing Hybrid Block Storage for Virtual Machines using Object-based Storage Sixiang Ma*, Haopeng Chen*, Heng Lu*, Bin Wei , Pujiang He *Shanghai Jiao Tong University Email: { masixiang, chen-hp, lu007heng } @sjtu.edu.cn Intel

637 views • 21 slides
Results from the Pierre Auger Observatory Paolo Privitera Department of Astronomy &

Results from the Pierre Auger Observatory Paolo Privitera Department of Astronomy &

Results from the Pierre Auger Observatory Paolo Privitera Department of Astronomy & Astrophysics The Enrico Fermi Institute The Kavli Institute for Cosmological Physics for the Pierre Auger Collaboration The UHECR 3-piece puzzle 1) The

449 views • 40 slides
Part 14: Content-Based Filtering and Hybrid Systems Francesco Ricci Content p Typologies of

Part 14: Content-Based Filtering and Hybrid Systems Francesco Ricci Content p Typologies of

Part 14: Content-Based Filtering and Hybrid Systems Francesco Ricci Content p Typologies of recommender systems p Content-based recommenders p Naive Bayes classifiers and content-based filtering p Content representation (bag of

914 views • 60 slides
Verification of hybrid dynamical systems Jri Vain Tallinn Technical University/Institute of

Verification of hybrid dynamical systems Jri Vain Tallinn Technical University/Institute of

Arvutiteaduse teooriapev Veebruar 2003 Verification of hybrid dynamical systems Jri Vain Tallinn Technical University/Institute of Cybernetics vain@ioc.ee Outline What are Hybrid Systems? Hybrid automata Verification of hybrid

479 views • 30 slides

More recommend