secure 2 party computation
play

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit - PowerPoint PPT Presentation

Aug 09, 2023 •296 likes •1.33k views

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

  1. Circuits and Functions e.g.: OR (single gate, 2 input bits, 1 bit output) e.g.: X > Y for two bit inputs X=x 1 x 0 , Y=y 1 y 0 : (x 1 AND (NOT y 1 )) OR (NOT(x 1 XOR y 1 ) AND (x 0 AND (NOT y 0 )) Can convert any (“efficient”) program into a (“small”) circuit Size of circuit: number of wires (as a function of number of input wires) 00 01 10 11 00 0 0 0 0 Can convert a truth-table into a circuit 01 1 0 0 0 10 1 1 0 0 Directly: circuit size exponential in input size 11 1 1 1 0 In general, finding a small/smallest circuit from truth-table is notoriously hard

  2. Circuits and Functions e.g.: OR (single gate, 2 input bits, 1 bit output) e.g.: X > Y for two bit inputs X=x 1 x 0 , Y=y 1 y 0 : (x 1 AND (NOT y 1 )) OR (NOT(x 1 XOR y 1 ) AND (x 0 AND (NOT y 0 )) Can convert any (“efficient”) program into a (“small”) circuit Size of circuit: number of wires (as a function of number of input wires) 00 01 10 11 00 0 0 0 0 Can convert a truth-table into a circuit 01 1 0 0 0 10 1 1 0 0 Directly: circuit size exponential in input size 11 1 1 1 0 In general, finding a small/smallest circuit from truth-table is notoriously hard Often problems already described as succinct programs/circuits

  3. 2-Party SFE using General Circuits

  4. 2-Party SFE using General Circuits “General”: evaluate any arbitrary circuit

  5. 2-Party SFE using General Circuits “General”: evaluate any arbitrary circuit One-sided output: both parties give inputs, one party gets outputs

  6. 2-Party SFE using General Circuits “General”: evaluate any arbitrary circuit One-sided output: both parties give inputs, one party gets outputs Either party maybe corrupted passively

  7. 2-Party SFE using General Circuits 0 1 “General”: evaluate any arbitrary circuit 0 0 1 1 1 1 One-sided output: both parties give inputs, one party gets outputs Either party maybe corrupted passively Consider evaluating OR (single gate circuit)

  8. 2-Party SFE using General Circuits 0 1 “General”: evaluate any arbitrary circuit 0 0 1 1 1 1 One-sided output: both parties give inputs, one party gets outputs Either party maybe corrupted passively Consider evaluating OR (single gate circuit) Alice holds x=a, Bob has y=b; Bob should get OR(x,y)

  9. 2-Party SFE using General Circuits 0 1 “General”: evaluate any arbitrary circuit 0 0 1 1 1 1 One-sided output: both parties give inputs, one party gets outputs Either party maybe corrupted passively Consider evaluating OR (single gate circuit) Alice holds x=a, Bob has y=b; Bob should get OR(x,y) Can use Oblivious Transfer

  10. 2-Party SFE using General Circuits 0 1 “General”: evaluate any arbitrary circuit 0 0 1 1 1 1 One-sided output: both parties give inputs, one party gets outputs Either party maybe corrupted passively Consider evaluating OR (single gate circuit) Alice holds x=a, Bob has y=b; Bob should get OR(x,y) Can use Oblivious Transfer Any ideas?

  11. A Physical Protocol 0 1 0 0 1 1 1 1

  12. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1

  13. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 11 1 00 0 10 1 01 1

  14. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 11 1 00 0 10 1 01 1 0 1 0 1

  15. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 11 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 00 0 10 1 01 1 0 1 0 1

  16. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 11 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 00 0 10 1 0 0 01 1 0 1 0 1

  17. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 11 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 1 1 00 0 10 1 0 0 1 0 01 1 0 1 0 1 0 1

  18. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 11 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 1 1 00 0 10 She un-labels the four boxes and sends them in 1 random order to Bob. Also sends the key K x=a 0 0 (labeled only as K x ). 1 0 01 1 0 1 0 1 0 1

  19. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 0 She un-labels the four boxes and sends them in 1 random order to Bob. Also sends the key K x=a (labeled only as K x ). 1 0 1 0 1

  20. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 0 She un-labels the four boxes and sends them in 1 random order to Bob. Also sends the key K x=a (labeled only as K x ). 1 0 1 0 1

  21. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 0 She un-labels the four boxes and sends them in 1 random order to Bob. Also sends the key K x=a (labeled only as K x ). 1 0 1 0 1

  22. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 0 She un-labels the four boxes and sends them in 1 random order to Bob. Also sends the key K x=a (labeled only as K x ). 1 So far Bob gets no information 0 1 0 1

  23. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 0 She un-labels the four boxes and sends them in 1 random order to Bob. Also sends the key K x=a (labeled only as K x ). 1 So far Bob gets no information Bob “obliviously picks up” K y=b , and tries the two keys K x ,K y=b on the four boxes. For one box both 0 1 locks open and he gets the output. 0 1

  24. A Physical Protocol Alice prepares 4 boxes B xy corresponding to 4 0 1 possible input scenarios, and 4 padlocks/keys 0 0 1 1 1 1 K x=0 , K x=1 , K y=0 and K y=1 Inside B xy=ab she places the bit OR(a,b) and locks 1 it with two padlocks K x=a and K y=b (need to open both to open the box) 0 She un-labels the four boxes and sends them in 1 random order to Bob. Also sends the key K x=a (labeled only as K x ). 1 So far Bob gets no information Bob “obliviously picks up” K y=b , and tries the two keys K x ,K y=b on the four boxes. For one box both 0 1 locks open and he gets the output. F b 0 1

  25. A Physical Protocol 0 1 0 0 1 1 1 1 1 0 1 1 0 1 F b 0 1

  26. A Physical Protocol Secure? 0 1 0 0 1 1 1 1 1 0 1 1 0 1 F b 0 1

  27. A Physical Protocol Secure? 0 1 For curious Alice: only influence from Bob is when 0 0 1 1 1 1 he picks up his key K y=b 1 0 1 1 0 1 F b 0 1

  28. A Physical Protocol Secure? 0 1 For curious Alice: only influence from Bob is when 0 0 1 1 1 1 he picks up his key K y=b But this is done “obliviously”, and so she learns 1 nothing 0 1 1 0 1 F b 0 1

  29. A Physical Protocol Secure? 0 1 For curious Alice: only influence from Bob is when 0 0 1 1 1 1 he picks up his key K y=b But this is done “obliviously”, and so she learns 1 nothing For curious Bob: Everything is predictable (i.e., 0 simulatable), given the final outcome 1 1 0 1 F b 0 1

  30. A Physical Protocol Secure? 0 1 For curious Alice: only influence from Bob is when 0 0 1 1 1 1 he picks up his key K y=b But this is done “obliviously”, and so she learns 1 nothing For curious Bob: Everything is predictable (i.e., 0 simulatable), given the final outcome 1 What Bob sees: K y opens a lock in two boxes, K x opens a lock in two boxes; only one random 1 box fully opens. It has the outcome. 0 1 F b 0 1

  31. A Physical Protocol Secure? 0 1 For curious Alice: only influence from Bob is when 0 0 1 1 1 1 he picks up his key K y=b But this is done “obliviously”, and so she learns 1 nothing For curious Bob: Everything is predictable (i.e., 0 simulatable), given the final outcome 1 What Bob sees: K y opens a lock in two boxes, K x opens a lock in two boxes; only one random 1 box fully opens. It has the outcome. Note when y=1, cases x=0 and x=1 appear same 0 1 F b 0 1

  32. A Physical Protocol Secure? 0 1 For curious Alice: only influence from Bob is when 0 0 1 1 1 1 he picks up his key K y=b But this is done “obliviously”, and so she learns 1 nothing For curious Bob: Everything is predictable (i.e., 0 simulatable), given the final outcome 1 What Bob sees: K y opens a lock in two boxes, K x opens a lock in two boxes; only one random 1 box fully opens. It has the outcome. Note when y=1, cases x=0 and x=1 appear same Formally, easy to simulate (can stuff 0 1 unopenable boxes arbitrarily) F b 0 1

  33. Larger Circuits

  34. Larger Circuits

  35. Larger Circuits Idea: For each gate in the circuit Alice will prepare locked boxes, but will use it to keep keys for the next gate

  36. Larger Circuits Idea: For each gate in the circuit Alice will prepare locked boxes, but will use it to keep keys for the next gate

  37. Larger Circuits Idea: For each gate in the circuit Alice will prepare locked boxes, but will use it to keep keys for the next gate For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1

  38. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1

  39. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1

  40. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1 For each gate G with input wires (u,v) and output wire w, prepare 4 boxes B uv and place K w=G(a,b) inside box B uv=ab . Lock B uv=ab with keys K u=a and K v=b

  41. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1 For each gate G with input wires (u,v) and output wire w, prepare 4 boxes B uv and place K w=G(a,b) inside box B uv=ab . Lock B uv=ab with keys K u=a and K v=b Give to Bob: Boxes for each gate, one key for each of Alice’ s input wires

  42. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1 For each gate G with input wires (u,v) and output wire w, prepare 4 boxes B uv and place K w=G(a,b) inside box B uv=ab . Lock B uv=ab with keys K u=a and K v=b Give to Bob: Boxes for each gate, one key for each of Alice’ s input wires

  43. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1 For each gate G with input wires (u,v) and output wire w, prepare 4 boxes B uv and place K w=G(a,b) inside box B uv=ab . Lock B uv=ab with keys K u=a and K v=b Give to Bob: Boxes for each gate, one key for each of Alice’ s input wires Obliviously: one key for each of Bob’ s input wires

  44. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1 For each gate G with input wires (u,v) and output wire w, prepare 4 boxes B uv and place K w=G(a,b) inside box B uv=ab . Lock B uv=ab with keys K u=a and K v=b Give to Bob: Boxes for each gate, one key for each of Alice’ s input wires Obliviously: one key for each of Bob’ s input wires F b F b F b

  45. Larger Circuits Idea: For each gate in the circuit Alice will 0 1 prepare locked boxes, but will use it to keep keys for the next gate 0 1 0 1 For each wire w in the circuit (i.e., input wires, or output of a gate) pick 2 keys K w=0 and K w=1 For each gate G with input wires (u,v) and output wire w, prepare 4 boxes B uv and place K w=G(a,b) inside box B uv=ab . Lock B uv=ab with keys K u=a and K v=b Give to Bob: Boxes for each gate, one key for each of Alice’ s input wires Obliviously: one key for each of Bob’ s input wires F b F Boxes for output gates have values instead of keys b F b

  46. Larger Circuits 0 1 0 1 0 1 F b F b F b

  47. Larger Circuits Evaluation: Bob gets one key for each input wire of a 0 1 gate, opens one box for the gate, gets one key for the output wire, and proceeds 0 1 0 1 F b F b F b

  48. Larger Circuits Evaluation: Bob gets one key for each input wire of a 0 1 gate, opens one box for the gate, gets one key for the output wire, and proceeds 0 1 0 1 Gets output from a box in the output gate F b F b F b

  49. Larger Circuits Evaluation: Bob gets one key for each input wire of a 0 1 gate, opens one box for the gate, gets one key for the output wire, and proceeds 0 1 0 1 Gets output from a box in the output gate Security similar to before F b F b F b

  50. Larger Circuits Evaluation: Bob gets one key for each input wire of a 0 1 gate, opens one box for the gate, gets one key for the output wire, and proceeds 0 1 0 1 Gets output from a box in the output gate Security similar to before Curious Alice sees nothing (as Bob picks up keys obliviously) F b F b F b

  51. Larger Circuits Evaluation: Bob gets one key for each input wire of a 0 1 gate, opens one box for the gate, gets one key for the output wire, and proceeds 0 1 0 1 Gets output from a box in the output gate Security similar to before Curious Alice sees nothing (as Bob picks up keys obliviously) Everything is simulatable for curious Bob given final output: Bob could prepare boxes and keys (stuffing unopenable boxes arbitrarily); for an output gate, place the output bit in the box that opens F b F b F b

  52. Garbled Circuit

  53. Garbled Circuit That was too physical!

  54. Garbled Circuit That was too physical! Yao’ s Garbled circuit: boxes/keys replaced by IND-CPA secure SKE (i.e., using PRF , and independent randomness when key reused)

  55. Garbled Circuit That was too physical! Yao’ s Garbled circuit: boxes/keys replaced by IND-CPA secure SKE (i.e., using PRF , and independent randomness when key reused) Double lock: Enc Kx (Enc Ky (m))

  56. Garbled Circuit That was too physical! Yao’ s Garbled circuit: boxes/keys replaced by IND-CPA secure SKE (i.e., using PRF , and independent randomness when key reused) Double lock: Enc Kx (Enc Ky (m)) Need proof to ensure that this suffices for indistinguishability of simulation. (In fact, one-time-like security for Enc suffices)

  57. Garbled Circuit That was too physical! Yao’ s Garbled circuit: boxes/keys replaced by IND-CPA secure SKE (i.e., using PRF , and independent randomness when key reused) Double lock: Enc Kx (Enc Ky (m)) Need proof to ensure that this suffices for indistinguishability of simulation. (In fact, one-time-like security for Enc suffices) Oblivious Transfer: We already saw for one bit (using T-OWP); with passive adversaries, just repeat bit-OT several times to transfer longer keys

  58. Garbled Circuit That was too physical! Yao’ s Garbled circuit: boxes/keys replaced by IND-CPA secure SKE (i.e., using PRF , and independent randomness when key reused) Double lock: Enc Kx (Enc Ky (m)) Need proof to ensure that this suffices for indistinguishability of simulation. (In fact, one-time-like security for Enc suffices) Oblivious Transfer: We already saw for one bit (using T-OWP); with passive adversaries, just repeat bit-OT several times to transfer longer keys Can we really compose? Yes, for passive security.

  59. Today

  60. Today 2-Party SFE secure against passive adversaries

  61. Today 2-Party SFE secure against passive adversaries Yao’ s Garbled Circuit

  62. Today 2-Party SFE secure against passive adversaries Yao’ s Garbled Circuit Using OT and IND-CPA encryption

  63. Today 2-Party SFE secure against passive adversaries Yao’ s Garbled Circuit Using OT and IND-CPA encryption OT using TOWP

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

1 International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020 Mon Z a: fast maliciously-secure 2-party computation on the ring 2 k Dario Catalano 1 , Mario Di Raimondo 1 , Dario Fiore 2 and Irene Giacomelli 3 1

504 views • 25 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School

Practical Secure Two-Party Computation and Applications Thomas Schneider Estonian Winter School in Computer Science 2016 Overview Lecture 1: Introduction to Secure Two-Party Computation Lecture 2: Private Set Intersection Lecture 3: Tools

935 views • 67 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure Two-Party Computation Jesper Buus Nielsen Peter Sebastian Nordholt Claudio Orlandi Sai

Secure Two-Party Computation Jesper Buus Nielsen Peter Sebastian Nordholt Claudio Orlandi Sai

A New Approach to Practical Secure Two-Party Computation Jesper Buus Nielsen Peter Sebastian Nordholt Claudio Orlandi Sai Sheshank Secure Two-Party Computation a {0,1} * Alice has an input b {0,1} * Bob has an input They

609 views • 47 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.36k views • 124 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
The effects of common communication patterns in large-scale networks with switch-based static

The effects of common communication patterns in large-scale networks with switch-based static

The effects of common communication patterns in large-scale networks with switch-based static routing Torsten Hoefler Indiana University talk at: Cisco Systems San Jose, CA Nerd Lunch 21 st August 2008 Some questions that will be answered

574 views • 41 slides
2012-07-10 CSE 332 Data Abstractions: B Trees and Hash Tables Make a Complete Breakfast The

2012-07-10 CSE 332 Data Abstractions: B Trees and Hash Tables Make a Complete Breakfast The

2012-07-10 CSE 332 Data Abstractions: B Trees and Hash Tables Make a Complete Breakfast The national data structure of the Netherlands HASH TABLES Kate Deibel Summer 2012 July 9, 2012 CSE 332 Data Abstractions, Summer 2012 1 July 9, 2012

436 views • 15 slides
Ch 11/12: Manipulate, Facet timing presentation topic choices due this Friday (Oct 27) at

Ch 11/12: Manipulate, Facet timing presentation topic choices due this Friday (Oct 27) at

Today Presentation topic choices Ch 11/12: Manipulate, Facet timing presentation topic choices due this Friday (Oct 27) at noon presentation topics post your choice to discussion thread on Canvas: 1 or 2 topic choices Paper:

274 views • 5 slides
The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel Merk University of Maastricht, Sept 14 Oct 12, 2017 Introduction Email: marcel.merk@nikhef.nl Website: www.nikhef.nl/~i93 CV: Current

683 views • 24 slides
Status of TPC Signal Simulation & Processing Jyoti Joshi Brookhaven National Laboratory

Status of TPC Signal Simulation & Processing Jyoti Joshi Brookhaven National Laboratory

Status of TPC Signal Simulation & Processing Jyoti Joshi Brookhaven National Laboratory LBL/Sim/Reco Meeting, 11/07/2016 Outline * Signal Processing Method * LArTPC Noise Experience * Signal Processing Challenges 2 Introduc>on:

496 views • 25 slides
Arithmetic circuits with locally low algebraic rank Mrinal Kumar Joint work with Shubhangi Saraf

Arithmetic circuits with locally low algebraic rank Mrinal Kumar Joint work with Shubhangi Saraf

Arithmetic circuits with locally low algebraic rank Mrinal Kumar Joint work with Shubhangi Saraf Plan for the talk Plan for the talk Depth four arithmetic circuits. Plan for the talk Depth four arithmetic circuits. The problem we

1.23k views • 106 slides
CSE 311 Foundations of Administrative Computing I Course web:

CSE 311 Foundations of Administrative Computing I Course web:

CSE 311 Foundations of Administrative Computing I Course web: http://www.cs.washington.edu/311 Spring 2013, Lecture 3 Homework, Lecture slides, Office Hours ... Propositional Logic, Boolean Logic/Boolean Algebra Homework:

417 views • 9 slides
iLab Basics Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Basics Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Basics Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 1 15ss 1 Outline Internet protocol architecture MAC addresses Internet protocol

241 views • 21 slides

More recommend