secure multi party computation
play

Secure Multi-Party Computation Lecture 15 Must We Trust ? - PowerPoint PPT Presentation

Jan 21, 2024 •290 likes •1.44k views

Secure Multi-Party Computation Lecture 15 Must We Trust ? Must We Trust ? Can we have an auction without an auctioneer?! Must We Trust ? Can we have an auction without an auctioneer?! Must We Trust ? Can we

  1. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment)

  2. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment) Also called “Honest-But-Curious” adversary

  3. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment) Also called “Honest-But-Curious” adversary Will require that simulator also corrupts passively

  4. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment) Also called “Honest-But-Curious” adversary Will require that simulator also corrupts passively Simplifies several cases

  5. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment) Also called “Honest-But-Curious” adversary Will require that simulator also corrupts passively Simplifies several cases e.g. coin-tossing [why?], commitment [coming up]

  6. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment) Also called “Honest-But-Curious” adversary Will require that simulator also corrupts passively Simplifies several cases e.g. coin-tossing [why?], commitment [coming up] Oddly, sometimes security against a passive adversary is more demanding than against an active adversary

  7. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment) Also called “Honest-But-Curious” adversary Will require that simulator also corrupts passively Simplifies several cases e.g. coin-tossing [why?], commitment [coming up] Oddly, sometimes security against a passive adversary is more demanding than against an active adversary Active adversary: too pessimistic about what guarantee is available even in the IDEAL world

  8. Passive Adversary Gets only read access to the internal state of the corrupted players (and can use that information in talking to environment) Also called “Honest-But-Curious” adversary Will require that simulator also corrupts passively Simplifies several cases e.g. coin-tossing [why?], commitment [coming up] Oddly, sometimes security against a passive adversary is more demanding than against an active adversary Active adversary: too pessimistic about what guarantee is available even in the IDEAL world e.g. 2-party SFE for OR, with output going to only one party (trivial against active adversary; impossible without computational assumptions against passive adversary)

  9. More Example Functionalities

  10. More Example Functionalities Can consider “arbitrary” functionalities

  11. More Example Functionalities Can consider “arbitrary” functionalities i.e., arbitrary (PPT) program of the trusted party to be emulated

  12. More Example Functionalities Can consider “arbitrary” functionalities i.e., arbitrary (PPT) program of the trusted party to be emulated Some simple (but important) examples:

  13. More Example Functionalities Can consider “arbitrary” functionalities i.e., arbitrary (PPT) program of the trusted party to be emulated Some simple (but important) examples: Secure Function Evaluation

  14. More Example Functionalities Can consider “arbitrary” functionalities i.e., arbitrary (PPT) program of the trusted party to be emulated Some simple (but important) examples: Secure Function Evaluation e.g. Finding max, Oblivious Transfer (coming up)

  15. More Example Functionalities Can consider “arbitrary” functionalities i.e., arbitrary (PPT) program of the trusted party to be emulated Some simple (but important) examples: Secure Function Evaluation e.g. Finding max, Oblivious Transfer (coming up) Can be randomized: e.g. Coin-tossing

  16. More Example Functionalities Can consider “arbitrary” functionalities i.e., arbitrary (PPT) program of the trusted party to be emulated Some simple (but important) examples: Secure Function Evaluation e.g. Finding max, Oblivious Transfer (coming up) Can be randomized: e.g. Coin-tossing “Reactive” functionalities (maintains state over multiple rounds)

  17. More Example Functionalities Can consider “arbitrary” functionalities i.e., arbitrary (PPT) program of the trusted party to be emulated Some simple (but important) examples: Secure Function Evaluation e.g. Finding max, Oblivious Transfer (coming up) Can be randomized: e.g. Coin-tossing “Reactive” functionalities (maintains state over multiple rounds) e.g. Commitment (coming up)

  18. Commitment

  19. Commitment Commit now, reveal later

  20. Commitment Commit now, reveal later Intuitive properties: hiding and binding

  21. Commitment IDEAL World Commit now, reveal later Intuitive properties: hiding and binding

  22. Commitment IDEAL World Commit now, reveal later Intuitive properties: hiding and binding t c i d e r P e W ! ! S K C O T S

  23. Commitment IDEAL World Commit now, reveal later Intuitive properties: hiding and binding t c i d e r P e W ! ! S K C O T S

  24. Commitment IDEAL World Commit now, reveal later Intuitive properties: hiding and binding Really? t c i d e r P e W ! ! S K C O T S

  25. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding Really? t c i d e r P e W ! ! S K C O T S

  26. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding Really? t c i d e r P e W ! ! S K C O T S

  27. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding F COM Really? t c i d e r P e W ! ! S K C O T S

  28. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding up F up Really? t c i d e r P e W ! ! S K C O T S

  29. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding up F “COMMIT” up Really? t c i d e r P e W ! ! S K C O T S

  30. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding up F “COMMIT” up Really? t c i m d commit e r P e W m ! COMMIT: ! S K F C O T S

  31. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding up F Really? t c i m d commit e r P e W m ! COMMIT: ! S K F C O T S Next Day

  32. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding up F up “REVEAL” Really? t c i m d commit e r P e W m ! COMMIT: ! S K F C O T S Next Day

  33. Commitment IDEAL World Commit now, 30 Day Free Trial reveal later Intuitive properties: hiding and binding up F up “REVEAL” Really? t c i m d commit e r P e W m ! COMMIT: ! S K F C O T S Next Day reveal m REVEAL: m F

  34. Oblivious Transfer IDEAL World t c i d e r P e W ! ! S K C O T S

  35. Oblivious Transfer IDEAL World Pick one out of two, without revealing which t c i d e r P e W ! ! S K C O T S

  36. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: transfer partial information t c i d e r P e W “obliviously” ! ! S K C O T S

  37. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: transfer partial information All 2 of t c i d e r P e W them! “obliviously” ! ! S K C O T S

  38. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: transfer partial I need just information All 2 of one t c i d e r P e W them! “obliviously” ! ! S K C O T S

  39. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: transfer partial I need just information All 2 of one t c i d e r P e W them! “obliviously” ! ! S K C O Sure T S

  40. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: transfer partial I need just information All 2 of one t c i d e r P e W them! But can’t “obliviously” ! ! S K C O Sure T tell you S which

  41. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: F OT transfer partial I need just information All 2 of one t c i d e r P e W them! But can’t “obliviously” ! ! S K C O Sure T tell you S which

  42. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: F OT transfer partial A:up, B:down I need just information All 2 of one t c i d e r P e W them! But can’t “obliviously” ! ! S K C O Sure T tell you S which

  43. Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: F OT transfer partial A:up, B:down A I need just information All 2 of one t c i d e r P e W them! But can’t “obliviously” ! ! S K C O Sure T tell you S which

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

SoK: General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 20 Secure Multi-party Computation (MPC) Compute an arbitrary function among

1.13k views • 36 slides
General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve

General Purpose Frameworks for Secure Multi-party Computation Marcella Brett Daniel Steve Hemenway Hastings Noble Zdancewic University of Pennsylvania 1 / 26 Secure multi-party computation (MPC) MPC allows a group of mutually

882 views • 51 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views • 35 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure

Asynchronous Multi-Party Computation Vassilis Zikas RPI MPC School IIT Mumbai Secure Multi-Party Computation (MPC) Security D 1 D 2 D 4 D 3 Secure Multi-Party Computation (MPC) Security D 1 D 2 1 2 4 3 D 4 D 3 Secure

1.36k views • 124 slides
Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

677 views • 47 slides
Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data without sharing?

446 views • 20 slides
Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without

Advanced Tools from Modern Cryptography Lecture 6 Secure Multi-Party Computation without Honest Majority: GMW Protocol MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure

465 views • 12 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive

Advanced Tools from Modern Cryptography Lecture 4 Secure Multi-Party Computation: Passive Corruption + Honest-Majority Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the

497 views • 20 slides
Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

660 views • 34 slides
Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao

Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao Wang Mariana Raykova Adri Gascn Jack Doerner Jonathan Katz David Evans oblivc.org/sqoram Secure multi-party computation applications Set

504 views • 25 slides
Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point numbers Dan Bogdanov Sharemind project lead dan@cyber.ee https://sharemind.cyber.ee/ sharemind a machine for fast privacy-preserving computations

643 views • 42 slides
The American University at Cairo The Computer Science Department Csci485-Intelligent Agents

The American University at Cairo The Computer Science Department Csci485-Intelligent Agents

The American University at Cairo The Computer Science Department Csci485-Intelligent Agents Spring 2006 Dr Rafea JADE Tutorial 1. Introduction Intelligent Agents have been extensively used in different aspects of IT world. Intelligent agents

782 views • 36 slides
CS344M Autonomous Multiagent Systems Patrick MacAlpine Department of Computer Science The

CS344M Autonomous Multiagent Systems Patrick MacAlpine Department of Computer Science The

CS344M Autonomous Multiagent Systems Patrick MacAlpine Department of Computer Science The University of Texas at Austin Good Afternoon, Colleagues Are there any questions? Patrick MacAlpine Good Afternoon, Colleagues Are there any

1.39k views • 92 slides
CM30174 + CM50206 Introduction to Intelligent Agents Semester 1, 2010-11 Marina De Vos, Julian

CM30174 + CM50206 Introduction to Intelligent Agents Semester 1, 2010-11 Marina De Vos, Julian

Introduction Basic Constructs Specification Model Computational Tools CM30174 + CM50206 Introduction to Intelligent Agents Semester 1, 2010-11 Marina De Vos, Julian Padget Modelling Institutions / 20101102 / version 0.5 November 29, 2010

537 views • 14 slides
CM30174 + CM50206 Introduction to Intelligent Agents Semester 1, 2008-09 Marina De Vos, Julian

CM30174 + CM50206 Introduction to Intelligent Agents Semester 1, 2008-09 Marina De Vos, Julian

Introduction Basic Constructs Specification Model Computational Tools Dutch Auction CM30174 + CM50206 Introduction to Intelligent Agents Semester 1, 2008-09 Marina De Vos, Julian Padget Modelling Institutions / 20081205 / version 0.4

583 views • 17 slides
Brandts Fully Private Auction Protocol Revisited Jannik Dreier 1 , Jean-Guillaume Dumas 2 ,

Brandts Fully Private Auction Protocol Revisited Jannik Dreier 1 , Jean-Guillaume Dumas 2 ,

Brandts Fully Private Auction Protocol Revisited Jannik Dreier 1 , Jean-Guillaume Dumas 2 , Pascal Lafourcade 1 1 Verimag and 2 Laboratoire Jean Kuntzmann (LJK), Universit Grenoble 1, CNRS, FRANCE Africacrypt, Cairo, Egypt June 23, 2013

596 views • 37 slides
Local Floriculture Firms in Kenya Sameer A. Azizi, Dept. of Social Sciences and Business,

Local Floriculture Firms in Kenya Sameer A. Azizi, Dept. of Social Sciences and Business,

Mapping the Technological Capabilities of Local Floriculture Firms in Kenya Sameer A. Azizi, Dept. of Social Sciences and Business, Roskilde University Denmark & Francis Mulangu, Millennium Challenge Corporation, Washington D.C., USA

459 views • 13 slides
ENABLING MICROSERVICE ARCHITECTURES WITH SCALA Kevin Scaldeferri Gilt Groupe Sept 22, 2013 IN

ENABLING MICROSERVICE ARCHITECTURES WITH SCALA Kevin Scaldeferri Gilt Groupe Sept 22, 2013 IN

ENABLING MICROSERVICE ARCHITECTURES WITH SCALA Kevin Scaldeferri Gilt Groupe Sept 22, 2013 IN THE BEGINNING ONE (REALLY) BIG RAILS APP ~1000 models and controllers ~ 200k lines of Ruby ~ 50k lines of PostgreSQL stored procedures

664 views • 41 slides
MiFID II Academy Best execution Floortje Nagelkerke 28 October 2015 Introduction MiFID II:

MiFID II Academy Best execution Floortje Nagelkerke 28 October 2015 Introduction MiFID II:

MiFID II Academy Best execution Floortje Nagelkerke 28 October 2015 Introduction MiFID II: The big themes MiFID I was not serious enough Belief that the letter of MiFID I was not fully implemented in areas such as best execution and

728 views • 24 slides

More recommend