secure computation why how and when
play

Secure&Computation: Why,%How%and%When Mariana Raykova Yale - PowerPoint PPT Presentation

Jul 02, 2023 •124 likes •608 views

Secure&Computation: Why,%How%and%When Mariana Raykova Yale University 12/12/16 1 PMPML Predictive&Model Patient Blood+Count Heart Conditions Digestive+Track Medicine Effectiveness Arrhyt Inflamm Dyspha

  1. Secure&Computation: Why,%How%and%When Mariana Raykova Yale University 12/12/16 1 PMPML

  2. Predictive&Model Patient Blood+Count Heart Conditions Digestive+Track Medicine … Effectiveness Arrhyt Inflamm Dyspha … … … RBC WBC Murmur hmia ation gia A 3.9 10.0 0 0 0 1 1 B 5.0 4.5 1 0 1 2 1.5 C 2.5 11 0 1 1 0 2 D 4.3 5.3 2 1 0 1 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Given samples ( x 1 , y 1 ), ( x 2 , y 2 ), …, ( x n , y n ) • o x i �� d , y i �� Learn a function f such that f( x i ) = y i • 12/12/16 2 PMPML

  3. Linear&Regression Patient Blood+Count Heart Conditions Digestive+Track Medicine … Effectiveness Arrhyt Inflamm Dyspha … … … RBC WBC Murmur hmia ation gia A 3.9 10.0 0 0 0 1 1 B 5.0 4.5 1 0 1 2 1.5 C 2.5 11 0 1 1 0 2 D 4.3 5.3 2 1 0 1 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Given samples ( x 1 , y 1 ), ( x 2 , y 2 ), …, ( x n , y n ) • f is well approximated o x i �� d , y i �� by a linear map Learn a function f such that f( x i ) = y i • y i ≈ ! T x i 12/12/16 3 PMPML

  4. Distributed&Data Patient Blood+Count Heart Conditions Digestive+Track Medicine … Effectiveness Arrhyt Inflamm Dyspha … … … RBC WBC Murmur hmia ation gia A 3.9 10.0 0 0 0 1 1 B 5.0 4.5 1 0 1 2 1.5 C 2.5 11 0 1 1 0 2 D 4.3 5.3 2 1 0 1 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shared database - (x 1 , y 1 ), (x 2 , y 2 ), …, (x n , y n ) do not • belong to the same party 12/12/16 4 PMPML

  5. Horizontally&Partitioned& Database Patient Blood+Count Heart Conditions Digestive+Track Medicine … Effectiveness Arrhyt Inflamm Dyspha … … … RBC WBC Murmur hmia ation gia A 3.9 10.0 0 0 0 1 1 B 5.0 4.5 1 0 1 2 1.5 C 2.5 11 0 1 1 0 2 D 4.3 5.3 2 1 0 1 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Different rows belong to different parties • o E.g., each patient has their own information 12/12/16 5 PMPML

  6. Vertically&Partitioned& Database Patient Blood+Count Heart Conditions Digestive+Track Medicine … Effectiveness Arrhyt Inflamm Dyspha … … … RBC WBC Murmur hmia ation gia A 3.9 10.0 0 0 0 1 1 B 5.0 4.5 1 0 1 2 1.5 C 2.5 11 0 1 1 0 2 D 4.3 5.3 2 1 0 1 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Different columns belong to different parties • o E.g., different specialized hospitals have different parts of the information for all patients 12/12/16 6 PMPML

  7. Can&the&parties&holding&the&distributed&data&construct& the&predictive&model&on&the&whole&database& while+ protecting+the+privacy+of+their+inputs? Without+sending+their+own+ data+to+other+parties Without+revealing+more+about+ their+own+inputs+ 12/12/16 7 PMPML

  8. Secure&Computation Alice&and&Bob&want&to&compute&F(X,Y)& without+revealing+their+inputs X Y 12/12/16 8 PMPML

  9. Secure&Computation Secure&computation protocol Y X m 1 m 2 F(X,Y) F(X,Y) Security: the+parties+cannot+learn+ more+than+what+is+revealed+by+the+result 12/12/16 9 PMPML

  10. Secure&Multiparty& Computation&(MPC) f (& .& , .& , .& , .& , . ) C B A f (A,+B,+C,+D,+E) D E Security: the+parties+cannot+learn+ more+than+what+is+revealed+by+the+result 12/12/16 10 PMPML

  11. Applications • Auctions: inputs: bids; output: winner, price to pay o o Sugar beet auction in Denmark, 2008 o Energy trade auctions 12/12/16 11 PMPML

  12. What&Does&and&Does&Not& MPC&Guarantee? Guarantee:+The+computation+does+not+ reveal+more+than+what+the+output+reveals. No+Guarantee: How+much+does+the+output+reveal. Differential+ Privacy 12/12/16 12 PMPML

  13. Security Real World Ideal World F(X 1 ,& … ,&X 5 ) F(X 1 ,& … ,&X 5 ) ≈ Simulator 12/12/16 13 PMPML

  14. Adversarial&Models Adversary&behavior: SemiMhonest – corrupt&parties& • follow&the&MPC&protocol Malicious – corrupt&parties& • deviate&arbitrarily&from&the& MPC&protocol Party&corruption: Static – corrupted&parties&are& • chosen&before&the&start&of&the& MPC&protocol&execution Adaptive – parties&can&be& • corrupted&during&the&execution 12/12/16 14 PMPML

  15. What&Can&We&Compute& Securely? • We can compute securely any function! [ Yao82, GMW87, CDv88, BG89, BG90, Cha90, Bea92,CvT95, CFGN96, Gol97, HM97, CDM97, FHM98, o BW98,KOR98, GRR98, FvHM99, CDD+99, HMP00, CDM00, SR00,CDD00, HM00, Kil00, FGMO01, HM01, CDN01, Lin01,FGMv02, Mau02, GIKR02, PSR02, NNP03, FHHW03, KOS03,CFIK03, Lin03c, DN03, MOR03, CKL03, Pin03, PR03, NMQO+03,Lin03b, Lin03a, Lin03d, FWW04, FHW04, Pas04, IK04,HT04, ST04, KO04, MP04, ZLX05, CDG+05, HNP05, FGMO05, GL05, HN05, DI05, JL05, Kol05, WW05, vAHL05, LT06,CC06, DFK+06, BTH06, HN06, IKLP06, DI06, FFP+06,ADGH06, Dam06, MF06, CKL06, DPSW07, Kat07b, CGOS07,HIK07, DN07, Pen07, NO07, Kat07a, IKOS07, BMQU07,HK07, LP07, Woo07, BDNP08, QT08, PR08, HNP08, GK08,GMS08, SYT08, DIK+08, PCR08, KS08, Lin08, LPS08,GHKL08, CEMY09, GP09, GK09, MPR09, ZHM09, AKL+09,Tof09, BCD+09, DGKN09, DNW09, Lin09b, PSSW09, Lin09a,CLS09, LP09, Unr10, DO10, IKP10, DIK10,GK10,…….. ] 12/12/16 15 PMPML

  16. Computation&Over&Circuits Boolean Circuits Arithmetic Circuits • Yao Gabled Circuits • BGW Construction o Ben-Or, Goldwasser, Widgerson + × × + + 12/12/16 16 PMPML

  17. Yao&Garbled&Circuits Two Party Computation 12/12/16 17 PMPML

  18. Circuit&Evaluation AND AND OR OR F OR AND AND 12/12/16 18 PMPML

  19. Circuit&Evaluation 1 0 0 0 0 1 1 1 AND AND OR OR 1 0 0 1 F OR AND 1 0 AND 0 12/12/16 19 PMPML

  20. Evaluation 0 1 AND In1 In2 Out 0 0 0 0 1 0 1 0 0 1 1 1 0 12/12/16 20 PMPML

  21. Yao&Garbled&Evaluation k11 k00 k01 k10 0/1 0/1 AND ENC k00 ENC k10 (k20) In1 In2 Out ENC k00 ENC k11 (k20) 0 0 0 0 1 0 1 0 0 ENC k01 ENC k10 (k20) 1 1 1 ENC k01 ENC k11 (k21) 0/1 ENC k (m)&=&m& ⨁ k k21 k20 12/12/16 21 PMPML

  22. Garbled&Evaluation 0 1 K00 K11 AND DEC k00 DEC k10 (k20) �� ct 1 In1 In2 Out K20 ← DEC k00 DEC k11 (k20) K2 0 0 0 ct 2 0 1 0 1 0 0 �� DEC k01 DEC k10 (k20) 1 1 1 ct 3 ENC k01 ENC k11 (k21) �� ct 4 0 K2 K20 12/12/16 22 PMPML

  23. Secure&Computation F+ (X alice ,Y bob ) Evaluator Garbler 0 1 12/12/16 23 PMPML

  24. Oblivious&Transfer&(OT) Receiver Sender Inputs:&b Inputs:&m 0 ,&m 1 Output:& � Output:&m b For&each&inputs&wire&corresponding&to& evaluator’s&input&execute&OT b m 0 m 1 Output:&m b 12/12/16 24 PMPML

  25. The&Evolution&Of&Garbled& Circuits Size+(x+sec.param) Garble+cost Eval cost Assumption AND+++++++++++++XOR AND+++++++++++++XOR AND+++++++++++++XOR Classical&[Yao86] large 8 5 PKE P&P&[BMR90] 4&&&&&&&&&&&&&&&4 4/8&&&&&&&&&&&&4/8 1/2&&&&&&&&&&&&1/2 hash/PRF GRR3&[NPS99] 3&&&&&&&&&&&&&&&3 4/8&&&&&&&&&&&&4/8 1/2&&&&&&&&&&&&1/2 PRF/hash Free&XOR&[KS08] 3&&&&&&&&&&&&&&&0 4&&&&&&&&&&&&&&&0 1&&&&&&&&&&&&&&&0 circ.&hash GRR2&[PSSW09] 2&&&&&&&&&&&&&&&2 4/8&&&&&&&&&&&&4/8 1/2&&&&&&&&&&&&1/2 PRF/hash FlexOR [KMR14] 2& {0,1,2} 4& {0,1,2} 1& {0,1,2} circ.&symm HalfGates [ZRE15] 2&&&&&&&&&&&&&&&0 4&&&&&&&&&&&&&&&0 2&&&&&&&&&&&&&&&0 circ.&hash Threshold&gates,&garbling&arithmetic&operations&[BMR16] Asymptotic&and&concrete&improvements • 12/12/16 25 PMPML *&Comparison&table,&thanks&Mike&Rosulek

  26. BGW&Protocol Multi Party Computation for Arithmetic Circuits 12/12/16 26 PMPML

  27. Shamir’s&Secret&Sharing tMoutMofMn sharing: secret:&f(0)& random&degree&t& polynomial share:&f(5)& t shares+reveal+ nothing+about+the+ secret share:&f(10)& t+1+shares+ interpolate+the+ secret share:&f(10)& 12/12/16 27 PMPML

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

https://2.bp.blogspot.com/-Q_39kDXs93c/UOecpSOTX5I/AAAAAAAAA2k/WaIfMiKzQOw/s1600/eniac1+%281%29.jpg Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure computation Zero-knowledge proofs

465 views • 33 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views • 24 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek

Non-Interactive Secure Computation from One-Way Functions Saikrishna Badrinarayanan Abhishek Jain (UCLA) (JHU) Rafail Ostrovsky Ivan Visconti (UCLA) (University of Salerno) Secure Two Party Computation Function f Input x Input y P 2 P 1

443 views • 21 slides
Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin

Rump Session 2016 Fair Secure Computation (or how can I gain strategic advantage by breaking fairness) Alptekin Kp Ko University Fair Secure Computation ALPTEKN KP Assistant Professor of Computer Science and Engineering

429 views • 27 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

1 International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020 Mon Z a: fast maliciously-secure 2-party computation on the ring 2 k Dario Catalano 1 , Mario Di Raimondo 1 , Dario Fiore 2 and Irene Giacomelli 3 1

504 views • 25 slides
WORKING FAITH studies from the book of JAMES JoLynn Gower 493-6151

WORKING FAITH studies from the book of JAMES JoLynn Gower 493-6151

WORKING FAITH studies from the book of JAMES JoLynn Gower 493-6151 jgower@guardingthetruth.org WORD FOR THE JOURNEY v James 5:16 Therefore, confess your sins to one another, and pray for one another so that you may be

244 views • 12 slides
Timeseries kinds and applications MAC H IN E L E AR N IN G FOR TIME SE R IE S DATA IN P YTH

Timeseries kinds and applications MAC H IN E L E AR N IN G FOR TIME SE R IE S DATA IN P YTH

Timeseries kinds and applications MAC H IN E L E AR N IN G FOR TIME SE R IE S DATA IN P YTH ON Chris Holdgraf Fello w, Berkele y Instit u te for Data Science Time Series MACHINE LEARNING FOR TIME SERIES DATA IN PYTHON Time Series

802 views • 37 slides
Chronic Conditions The need for a comprehensive public health approach Olga McDaid PhD Scholar

Chronic Conditions The need for a comprehensive public health approach Olga McDaid PhD Scholar

Chronic Conditions The need for a comprehensive public health approach Olga McDaid PhD Scholar HRB PhD Programme for Health Services Research, Trinity College Dublin Supervisors Prof. Charles Normand, Dr.Alan Kelly, Dr.Susan Smith 1 Chronic

368 views • 23 slides
OBS Admin Brief for Students 16 th August 2019 Course Objectives Be able to deal with

OBS Admin Brief for Students 16 th August 2019 Course Objectives Be able to deal with

OBS Admin Brief for Students 16 th August 2019 Course Objectives Be able to deal with challenges / adversities positively through self-directed learning and making right choices to influence their circumstances Build friendships with

372 views • 22 slides
1 Intro to Clinical Practice 2 COLLABORATOR Key competencies Enabling competencies PHYSICIANS

1 Intro to Clinical Practice 2 COLLABORATOR Key competencies Enabling competencies PHYSICIANS

1 Intro to Clinical Practice 2 COLLABORATOR Key competencies Enabling competencies PHYSICIANS ARE ABLE TO: 1. Work effectively with physicians 1.1 Establish and maintain positive relationships with physicians and other and other colleagues

494 views • 23 slides
Ancient Epic: Homer and Vergil Vergil Ancient Epic: Homer and History and Literature Ancient

Ancient Epic: Homer and Vergil Vergil Ancient Epic: Homer and History and Literature Ancient

Ancient Epic: Homer and Vergil Vergil Ancient Epic: Homer and History and Literature Ancient Epic: Homer and Vergil Vergil Ancient Epic: Homer and History and Literature if histories like Herodotus encompass story along with

365 views • 23 slides
Secure Attachment Promotes Attachment, an enduring emotional bond to a specific a Positive

Secure Attachment Promotes Attachment, an enduring emotional bond to a specific a Positive

3/3/2016 What is Attachment? Secure Attachment Promotes Attachment, an enduring emotional bond to a specific a Positive Emotional Life for person , is especially activated when a child is under stress. The biological function of an

112 views • 10 slides
Management Follow us on twitter @spsp_mh #spspmh5 Agenda 11.15 - 11.20 Introduction

Management Follow us on twitter @spsp_mh #spspmh5 Agenda 11.15 - 11.20 Introduction

Safer Medicines Management Follow us on twitter @spsp_mh #spspmh5 Agenda 11.15 - 11.20 Introduction Andrew Walker 11.20 - 11.35 Physical health awareness in Mental Health Jacqui Scott 11.35 - 11.50 As required medication, monitoring

768 views • 39 slides

More recommend