secure computation using leaky correlations
play

Secure Computation using Leaky Correlations (Asymptotically Optimal - PowerPoint PPT Presentation

Jun 17, 2023 •192 likes •960 views

Secure Computation using Leaky Correlations (Asymptotically Optimal Constructions) Alexander R. Block 1 , Divya Gupta 2 , Hemanta K. Maji 1 , Hai H. Nguyen 1 1 Purdue University, {block9,hmaji,nguye245}@purdue.edu 2 Microsoft Research, Banaglore,

  1. Secure Computation using Leaky Correlations (Asymptotically Optimal Constructions) Alexander R. Block 1 , Divya Gupta 2 , Hemanta K. Maji 1 , Hai H. Nguyen 1 1 Purdue University, {block9,hmaji,nguye245}@purdue.edu 2 Microsoft Research, Banaglore, India, divya.gupta@microsoft.com 1 / 21

  2. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase 2 / 21

  3. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase Online m Bob Phase 1 m Alice 2 2 / 21

  4. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r B Phase Online m Bob Phase 1 m Alice 2 OT Example Parties can use ( r A , r B ) to generate multiple samples of Oblivious Transfer in an online protocol, which can then be used to securely compute any circuit. 2 / 21

  5. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase Online m Bob Phase 1 m Alice 2 Notes The preprocessing phase is independent of the functionality or the inputs fed to the functionality by the parties. Secret shares ( r A , r B ) are vulnerable to arbitrary leakage attacks . 2 / 21

  6. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r B r A Phase L Alice ( r B ) Online m Bob Phase 1 m Alice 2 Notes The preprocessing phase is independent of the functionality or the inputs fed to the functionality by the parties. Secret shares ( r A , r B ) are vulnerable to arbitrary leakage attacks . 2 / 21

  7. Correlated Private Randomness (Correlation) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r B Phase L Bob ( r A ) Online m Bob Phase 1 m Alice 2 Questions Given such leakage attacks, how can we securely use the initial preprocessing? 2 / 21

  8. Correlation Extractors (CorrExt) Introduced by Ishai, Kushilevitz, Ostrovsky, and Sahai at FOCS 2009 [IKOS09] to address leakage attacks Take leaky correlations as input and produce secure independent copies of oblivious transfer ( OT ) (or Randomized OT s) 3 / 21

  9. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r B Phase 4 / 21

  10. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits 4 / 21

  11. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits sender corruption Leakage t -bit t -bit or Phase leakage leakage receiver corruption 4 / 21

  12. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits sender corruption Leakage t -bit t -bit or Phase leakage leakage receiver corruption m Bob ε -Secure 1 Online Phase m Alice 2 4 / 21

  13. ( n, m, t, ε ) -Correlation Extractor for ( R A , R B ) ( r A , r B ) ∼ ( R A , R B ) Preprocessing r A r A r B r B Phase n -bits sender corruption Leakage t -bit t -bit or Phase leakage leakage receiver corruption m Bob ε -Secure 1 Online Phase m Alice 2 Fresh ROT · · · · · · · · · ROT 1 ROT 2 ROT m Output Phase 4 / 21

  14. Correlation Extractors (CorrExt): which ( R A , R B ) ? Random Oblivious Transfer ( ROT ): m ( i ) 0 , m ( i ) $ 1 , c ( i ) ← { 0 , 1 } ROT n/ 2 ( m ( i ) 0 , m ( i ) ( c ( i ) , m ( i ) 1 ) ∈ { 0 , 1 } n c ( i ) ) ∈ { 0 , 1 } n 5 / 21

  15. Correlation Extractors (CorrExt): which ( R A , R B ) ? Random Oblivious Transfer ( ROT ): m ( i ) 0 , m ( i ) $ 1 , c ( i ) ← { 0 , 1 } ROT n/ 2 ( m ( i ) 0 , m ( i ) ( c ( i ) , m ( i ) 1 ) ∈ { 0 , 1 } n c ( i ) ) ∈ { 0 , 1 } n � � Random Oblivious Linear-function Evaluation ( ROLE F ): $ a ( i ) , b ( i ) , x ( i ) ← F � n/ 2 � ROLE F ( a ( i ) , b ( i ) ) ∈ F n ( x ( i ) , z ( i ) ) ∈ F n z ( i ) := a ( i ) x ( i ) + b ( i ) 5 / 21

  16. Correlation Extractors (CorrExt): which ( R A , R B ) ? Random Oblivious Transfer ( ROT ): m ( i ) 0 , m ( i ) $ 1 , c ( i ) ← { 0 , 1 } ROT n/ 2 ( m ( i ) 0 , m ( i ) ( c ( i ) , m ( i ) 1 ) ∈ { 0 , 1 } n c ( i ) ) ∈ { 0 , 1 } n � � Random Oblivious Linear-function Evaluation ( ROLE F ): $ a ( i ) , b ( i ) , x ( i ) ← F � n/ 2 � ROLE F ( a ( i ) , b ( i ) ) ∈ F n ( x ( i ) , z ( i ) ) ∈ F n z ( i ) := a ( i ) x ( i ) + b ( i ) � � Note ROT ≡ ROLE GF [2] since m c = ( m 1 − m 0 ) c + m 0 . 5 / 21

  17. Prior Work and Our Contribution Result Correlation # m t ε ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 n ROT n/ 2 2 − gn/m ( 1 / 4 − g ) n 2 poly log n [GIMS15] 6 / 21

  18. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 n ROT n/ 2 2 − gn/m ( 1 / 4 − g ) n 2 poly log n [GIMS15] 3 IP GF [2] n � 2 − gn � 1 ( 1 / 2 − g ) n 2 3 The inner-product correlation IP n / lg | K | � � K is a correlation in which each party n / lg | K | such that their vectors are orthogonal. gets a vector in K 6 / 21

  19. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 n ROT n/ 2 2 − gn/m ( 1 / 4 − g ) n 2 poly log n [GIMS15] GF [2] n � � 2 − gn IP 1 ( 1 / 2 − g ) n 2 n / lg | K | � n 1 − o (1) 2 − gn � [BMN17] IP K ( 1 / 2 − g ) n 2 6 / 21

  20. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � IP 1 ( 1 / 2 − g ) n 2 n / lg | K | � n 1 − o (1) 2 − gn [BMN17] � ( 1 / 2 − g ) n 2 IP K ROT n/ 2 Our Work � n / 2 lg | F | � ROLE F 7 / 21

  21. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � IP 1 ( 1 / 2 − g ) n 2 n / lg | K | � n 1 − o (1) 2 − gn [BMN17] � ( 1 / 2 − g ) n 2 IP K ROT n/ 2 2 − Θ( n ) Θ( n ) Θ( n ) 2 Our Work � n / 2 lg | F | � 2 − Θ( n ) Θ( n ) Θ( n ) 2 ROLE F 7 / 21

  22. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � 1 ( 1 / 2 − g ) n 2 IP � n / lg | K | � n 1 − o (1) 2 − gn [BMN17] ( 1 / 2 − g ) n 2 IP K ROT n/ 2 2 − Θ( n ) Θ( n ) Θ( n ) 2 Our Work � n / 2 lg | F | 2 − Θ( n ) � ROLE F Θ( n ) Θ( n ) 2 n / lg | K | � 2 − gn � [BMN18] IP K Θ( n ) ( 1 / 2 − g ) n 2 7 / 21

  23. Prior Work and Our Contribution Result Correlation m t ε # ROT n/ 2 2 − Θ( n ) [IKOS09] Θ( n ) Θ( n ) 4 ROT n/ 2 2 − gn/m n / poly log n ( 1 / 4 − g ) n 2 [GIMS15] GF [2] n � 2 − gn � 1 ( 1 / 2 − g ) n 2 IP � n / lg | K | � n 1 − o (1) 2 − gn [BMN17] ( 1 / 2 − g ) n 2 IP K ROT n/ 2 2 − Θ( n ) Θ( n ) Θ( n ) 2 Our Work � n / 2 lg | F | 2 − Θ( n ) � ROLE F Θ( n ) Θ( n ) 2 n / lg | K | � 2 − gn � [BMN18] IP K Θ( n ) ( 1 / 2 − g ) n 2 Notes In an ongoing work, we reduce the communication complexity of our extractors from Θ( n log n ) to Θ( n ) . 7 / 21

  24. Main Results Theorem (Asymptotically Optimal Correlation Extractor for ROT ) ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROT n/ 2 such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) 8 / 21

  25. Main Results Theorem (Asymptotically Optimal Correlation Extractor for ROT ) ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROT n/ 2 such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) The technical heart of this theorem is another correlation extractor for � � . ROLE F 8 / 21

  26. Main Results Theorem (Asymptotically Optimal Correlation Extractor for ROT ) ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROT n/ 2 such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) The technical heart of this theorem is another correlation extractor for � � . ROLE F Theorem (Asymptotically Optimal Correlation Extractor for � � ROLE F ) For all large enough constant sized fields F ( e.g., | F | = 64) � n/ 2 lg | F | � ∃ a 2-message ( n, m, t, ε ) -correlation extractor for ROLE F such that ε = 2 − Θ( n ) m = Θ( n ) t = Θ( n ) 8 / 21

  27. Comparison of Concrete Efficiency I � � We compare our CorrExt for ROLE F with the [BMN17] CorrExt for � n / lg | K | � . IP K 9 / 21

  28. Comparison of Concrete Efficiency I � � We compare our CorrExt for ROLE F with the [BMN17] CorrExt for � n / lg | K | � . IP K The [BMN17] CorrExt achieves highest production rate when 2 n/ 4 � 4 � � � using IP GF , and achieves leakage rate t/n = (1 / 4 − g ) . 2 16 � � � � We shall use ROLE for F = GF as a comparison. F 9 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

https://2.bp.blogspot.com/-Q_39kDXs93c/UOecpSOTX5I/AAAAAAAAA2k/WaIfMiKzQOw/s1600/eniac1+%281%29.jpg Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure computation Zero-knowledge proofs

465 views • 33 slides
Generalized Leaky Integrate-and-Fire Model Building blocks of models for cortical computation

Generalized Leaky Integrate-and-Fire Model Building blocks of models for cortical computation

Generalized Leaky Integrate-and-Fire Model Building blocks of models for cortical computation Stefan Mihalas Assistant Investigator Affiliate Assistant Professor Lecture plan 1. Motivation: why we study mouse cortex 2. Single neuron

441 views • 32 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views • 24 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek Jain (UCLA) (JHU) Rafail Ostrovsky Ivan Visconti (UCLA) (University of Salerno) Secure Two Party Computation Function f Input x Input y P 2 P 1

443 views • 21 slides
Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck OWASP BeNeLux-Days, November 30, 2018 A primer on software security Secure program: convert all input

1.27k views • 77 slides
Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Rump Session 2016 Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin Kp Ko University Fair Secure Computation ALPTEKN KP Assistant Professor of Computer Science and Engineering

429 views • 27 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Political Market Failures and Corruption November 2008 () Political Market Failures and

Political Market Failures and Corruption November 2008 () Political Market Failures and

Political Market Failures and Corruption November 2008 () Political Market Failures and Corruption November 2008 1 / 9 When Does Political Competition Lead to Optimal Provision of Public Goods? Political economy models predict that policy in

103 views • 9 slides
The Bribery Act Adequate Procedures Susannah Cogman, Herbert Smith LLP February 2011 1 The

The Bribery Act Adequate Procedures Susannah Cogman, Herbert Smith LLP February 2011 1 The

The Bribery Act Adequate Procedures Susannah Cogman, Herbert Smith LLP February 2011 1 The Bribery Act - Background The Bribery Act 2010 The Bribery Act will repeal the common law offence of bribery, the 1889, 1906 and 1916 Acts

588 views • 33 slides
Learning from Corrupted Binary Labels via Class-Probability Estimation Aditya Krishna Menon

Learning from Corrupted Binary Labels via Class-Probability Estimation Aditya Krishna Menon

Learning from Corrupted Binary Labels via Class-Probability Estimation Aditya Krishna Menon Brendan van Rooyen Cheng Soon Ong Robert C. Williamson xxx National ICT Australia and The Australian National University 1 / 57 Learning from binary

699 views • 57 slides
The Distortionary Effects of Power Sharing on Political Corruption and Accountability: Evidence

The Distortionary Effects of Power Sharing on Political Corruption and Accountability: Evidence

The Distortionary Effects of Power Sharing on Political Corruption and Accountability: Evidence from Kenya Michael Mbate PhD Candidate - London School of Economics and Political Science June 12, 2018 1 / 23 Motivation Increase in power

245 views • 23 slides
Lobbying and Corruption Dr James Tremewan (james.tremewan@univie.ac.at) Gender and Corruption

Lobbying and Corruption Dr James Tremewan (james.tremewan@univie.ac.at) Gender and Corruption

Lobbying and Corruption Dr James Tremewan (james.tremewan@univie.ac.at) Gender and Corruption Introduction Gender and Corruption Women are often perceived as less susceptable to corruption than men. In Mexico City traffic officers all

768 views • 33 slides
Memory corruption public enemy number 1 Erik Poll Digital Security Radboud University Nijmegen

Memory corruption public enemy number 1 Erik Poll Digital Security Radboud University Nijmegen

Software Security Memory corruption public enemy number 1 Erik Poll Digital Security Radboud University Nijmegen 1 Security in the development lifecycle 2.1 week 3: exercise week4: group project Security in the development lifecycle

1.82k views • 146 slides
Reinforcement Learning with a Corrupted Reward Channel Tom Everitt, Victoria Krakovna, Laurent

Reinforcement Learning with a Corrupted Reward Channel Tom Everitt, Victoria Krakovna, Laurent

Reinforcement Learning with a Corrupted Reward Channel Tom Everitt, Victoria Krakovna, Laurent Orseau, Marcus Hutter, Shane Legg IJCAI 2017 and arXiv (slides adapted from Tom's IJCAI talk) Motivation Want to give RL agents good incentives

390 views • 20 slides
3.26pt Randomized Projections for Corrupted Linear Systems Jamie Haddock 1 , Deanna Needell 2 1

3.26pt Randomized Projections for Corrupted Linear Systems Jamie Haddock 1 , Deanna Needell 2 1

3.26pt Randomized Projections for Corrupted Linear Systems Jamie Haddock 1 , Deanna Needell 2 1 Graduate Group in Applied Mathematics, University of California, Davis 2 Department of Mathematics, University of California, Los Angeles

608 views • 43 slides

More recommend