secure multi party computation
play

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute - PowerPoint PPT Presentation

Mar 26, 2024 •683 likes •1.28k views

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

  1. Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH – Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

  2. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Ingredients ◮ n parties ◮ n inputs (one per party) ◮ A function f ( x 1 , . . . , x n ) to compute Gunnar Kreitz Secure Multi-Party Computation

  3. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Goal (intuitive) ◮ Parties learn f ( x 1 , . . . , x n ) ◮ Noone learns anything more Gunnar Kreitz Secure Multi-Party Computation

  4. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Example time! Let’s pick a function Gunnar Kreitz Secure Multi-Party Computation

  5. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications The classic examples (Millionaire’s Problem) Gunnar Kreitz Secure Multi-Party Computation

  6. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications The classic examples (Mental Poker) Gunnar Kreitz Secure Multi-Party Computation

  7. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications The classic examples (Dining Cryptographers) Gunnar Kreitz Secure Multi-Party Computation

  8. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Example time! Σ x i Gunnar Kreitz Secure Multi-Party Computation

  9. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Private Summation (cont’d) ◮ The protocol does one round of input randomization ( blinding ) ◮ Then, any (non-private) summation protocol is run on the blinded inputs ◮ The blinding preserves the sum of the inputs ◮ Information-theoretically secure Photo by Mirko Tobias Schaefer http://www.flickr.com/photos/gastev/2960556197/ , CC BY 2.0 Gunnar Kreitz Secure Multi-Party Computation

  10. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  11. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 r 12 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  12. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 r 13 � 3 Gunnar Kreitz Secure Multi-Party Computation

  13. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 r 21 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  14. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 r 23 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  15. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 � x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 r 31 3 Gunnar Kreitz Secure Multi-Party Computation

  16. � Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Summation Protocol by Example 2 x ′ 1 = x 1 − r 12 − r 13 + r 21 + r 31 x ′ 2 = x 2 + r 12 − r 21 − r 23 + r 32 1 r 32 x ′ 3 = x 3 + r 13 + r 23 − r 31 − r 32 3 Gunnar Kreitz Secure Multi-Party Computation

  17. Background Secure Computation Problem Statement (sketch) Security Model Famous examples Generic Protocol Example protocol Applications Private Summation Protocol ◮ Each party P i with input x i proceeds as follows: 1. Send random r i , j to each neighbor P j 2. Wait for r j , i from each neighbor P j 3. Compute � � x ′ i = x i + r j , i − r i , j P j neighbor P j neighbor ◮ We could now publish x ′ i and still remain private! Gunnar Kreitz Secure Multi-Party Computation

  18. Background Secure Computation Security Model Generic Protocol Applications How to proceed? ◮ Do we develop protocols for each and every f ? ◮ (Are they all this simple?) ◮ How do we define security? Gunnar Kreitz Secure Multi-Party Computation

  19. Background Secure Computation Security Model Generic Protocol Applications Security definitions ◮ Noone should learn anything but result ◮ Noone should be able to affect computation in an untoward way Gunnar Kreitz Secure Multi-Party Computation

  20. Background Secure Computation Security Model Generic Protocol Applications A Trusted Third Party ◮ Is there someone we all trust? ◮ Can send measurements to the Trusted Third Party ◮ She performs computation and tells everyone result ◮ Given a Trusted Third Party, problem is easy Photo by Matt J. Rider http://www.flickr.com/photos/mjrindewitt/4759429254/ , CC BY NC SA 2.0 Gunnar Kreitz Secure Multi-Party Computation

  21. Background Secure Computation Security Model Generic Protocol Applications Sometimes There is no Trusted Third Party Photo by Tayrawr Fortune http://www.flickr.com/photos/missfortune/4088429354/ , CC BY NC ND 2.0 Gunnar Kreitz Secure Multi-Party Computation

  22. Background Secure Computation Security Model Generic Protocol Applications Secure? What do we mean by security? ◮ In an ideal world, we have a trusted third party ◮ We want our protocols to be as secure as the ideal world ◮ Cheating parties must not: ◮ learn more than they do in the ideal world ◮ be able to do more than they can in the ideal world Photo by Thomas Hawk http://www.flickr.com/photos/thomashawk/115213351/ , CC BY NC 2.0 Gunnar Kreitz Secure Multi-Party Computation

  23. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? ◮ Adversary learns x 10 ? ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

  24. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? No. ◮ Adversary learns x 10 ? ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

  25. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? No. ◮ Adversary learns x 10 ? ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

  26. Background Secure Computation Security Model Generic Protocol Applications What is an attack? Functionality: � i x i (mod p ). Adversary corrupts party 1. ◮ Adversary learns x 1 ? No. ◮ Adversary learns x 10 ? Yes. ◮ Adversary learns sum of all other parties’ input? ◮ Adversary learns � i < n / 2 x i ? ◮ Adversary learns sum, everyone else gets random value? No (pick random x 1 ). ◮ Adversary ensures result is c ? Gunnar Kreitz Secure Multi-Party Computation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.36k views • 124 slides
Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

677 views • 47 slides
Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data without sharing?

446 views • 20 slides
Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without Honest Majority: GMW Protocol MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure

465 views • 12 slides
Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive Corruption + Honest-Majority Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the

497 views • 20 slides
Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

660 views • 34 slides
Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao Wang Mariana Raykova Adri Gascn Jack Doerner Jonathan Katz David Evans oblivc.org/sqoram Secure multi-party computation applications Set

504 views • 25 slides
Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point numbers Dan Bogdanov Sharemind project lead dan@cyber.ee https://sharemind.cyber.ee/ sharemind a machine for fast privacy-preserving computations

643 views • 42 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell

From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell

From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell ACL2/Coq/Agda Latex Powerpoint Someone elses Powerpoint 2 Cryptographic techniques Already ubiquitous: e.g., SSL/TLS

1.04k views • 37 slides
Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin mz@innaxis.org Secure CO 2 allowance trading :: Introduction Secure CO 2 allowance trading :: Introduction Problem: Computing without trust

598 views • 25 slides
Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU)

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU)

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU) Yuval Ishai (Technion) Daniel Kraschewski (TNG Technology Consulting) Tianren Liu (MIT UW) Rafail Ostrovsky (UCLA) Vinod Vaikuntanathan

1.31k views • 109 slides
Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website: http://pages.cs.wisc.edu/ rist/cs838/ 1 / 55 Cryptography usage Did you use any cryptography today? 2 / 55 Cryptography usage Did you use any

851 views • 83 slides
Secure, Archival Storage With POTSHARDS Mark W. Storer Kevin M. Greenan Ethan L. Miller

Secure, Archival Storage With POTSHARDS Mark W. Storer Kevin M. Greenan Ethan L. Miller

Secure, Archival Storage With POTSHARDS Mark W. Storer Kevin M. Greenan Ethan L. Miller Kaladhar Voruganti FAST WIP Session February 14, 2007 Problem: Long-Term Encryption Keys may be lost Effectively short-term data deletion

311 views • 6 slides
Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair

Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performance of Secure Multiparty Computation Ludwig Dickmanns Thursday 11 th October, 2018 Chair of Network Architectures and Services

676 views • 20 slides
Security Notions 1

Security Notions 1

Security Notions 1 Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given

1.1k views • 37 slides
Recognizing Emotions in Text Saima Aman Master s Thesis Presentation Supervisor: Dr. S.

Recognizing Emotions in Text Saima Aman Master s Thesis Presentation Supervisor: Dr. S.

Recognizing Emotions in Text Saima Aman Master s Thesis Presentation Supervisor: Dr. S. Szpakowicz University of Ottawa 2007 Agenda Introduction Problem Definition Related Work Data Emotion Annotation Annotation

748 views • 18 slides

More recommend