size hiding computation for multiple parties
play

Size-Hiding Computation for Multiple Parties Kazumasa Shinagawa 1,2 - PowerPoint PPT Presentation

Nov 23, 2023 β€’229 likes β€’523 views

Size-Hiding Computation for Multiple Parties Kazumasa Shinagawa 1,2 Koji Nuida 2,3 Takashi Nishide 1 Goichiro Hanaoka 2 Eiji Okamoto 1 1: University of Tsukuba, 2: AIST, 3: JST PRESTO 1 Secure Multiparty Computation l Each party "

  1. Size-Hiding Computation for Multiple Parties Kazumasa Shinagawa 1,2 Koji Nuida 2,3 Takashi Nishide 1 Goichiro Hanaoka 2 Eiji Okamoto 1 1: University of Tsukuba, 2: AIST, 3: JST PRESTO 1

  2. Secure Multiparty Computation l Each party 𝑄 " has some private input 𝑦 " l The parties wish to compute a function 𝑧 = 𝑔(𝑦 ( , β‹―, 𝑦 + ) without revealing the inputs l Consider the single output, semi-honest, π‘œ βˆ’ 1 corruption 𝑦 0 𝑦 ( 𝑦 4 𝑦 1 𝑦 2 𝑦 3 2

  3. Size-Hiding Computation l can hide some of input/output-sizes from some of parties l Each private size can be hidden from different set of parties l It is known that some of size-hiding is impossible in general l Which type of size-hiding is possible in general? This Talk complete characterization for the feasibility (assuming the existence of FHE) 3

  4. Set Intersection l Police has a list of terrorists π‘Œ l Company has a list of customers 𝑍 l Police wants to compute π‘Œ ∩ 𝑍 without revealing |π‘Œ| l NaΓ―ve approach: Padding l Padding is inefficient Compute π‘Œ ∩ 𝑍 π‘Œ 𝑍 4

  5. Millionaire Problem l Aliens: β€œWhich planet has the largest population?” l The population is related to the military power l The input-size is also related to the military power l Padding doesn’t work ∡ The largest population in the universe is too large 5

  6. NEW NEW NEW NEW NEW NEW NEW NEW Outline l Notations l Classification for two-party [LNO13] l Classification for multiparty u Almost all sizes cannot be hidden l Strong secure channel (SSC) model u It is implementable by steganography l Classification for multiparty in SSC model u Many sizes can be hidden in SSC model 6

  7. Notations : 𝑄 9 can know |𝑦 " | 𝑗 Β‘ Β‘π‘˜ : who must not know the output size ・ A size-hiding class Β‘1 Β‘2 ü 𝑄 0 must not know |𝑦 ( | ü 𝑄 1 must not know the output-size 3 Def. A class is feasible if general MPC is possible 7

  8. Two-party Cases [LNO13] Hiding two or more sizes is infeasible in two-party case Private Private |𝑦 0 |, |𝑧| 2 Β‘1 nothing Β‘1 Β‘2 𝑦 0 Β‘1 Β‘2 1 |𝑦 0 |, |𝑧| Β‘2 |𝑧| 2 Β‘1 Β‘1 |𝑦 ( , |𝑦 0 Β‘2 2 |𝑦 ( , |𝑦 0 , |𝑧| Β‘1 Feasible Infeasible 8

  9. NEW NEW NEW NEW NEW NEW NEW NEW Outline l Notations l Classification for two-party [LNO13] l Classification for multiparty u Almost all sizes cannot be hidden l Strong secure channel (SSC) model u It is implementable by steganography l Classification for multiparty in SSC model u Many sizes can be hidden in SSC model 9

  10. Multiparty Cases (Our Result) Our result in standard model Even in MPC, it is infeasible to hide two sizes l The infeasibility is proven by techniques of [LNO13] l The protocol for hiding |𝑦 ( | u The parties invoke KeyGen for threshold FHE u Each party 𝑄 " sends πΉπ‘œπ‘‘(𝑦 " ) to 𝑄 ( u 𝑄 ( computes [𝑧] and broadcast it u They invoke Decryption 10

  11. Limitation of standard channel 3 Infeasible Infeasible 2 2 1 1 (with additional party) 𝑄 ( cannot send πΉπ‘œπ‘‘(𝑦 ( ) 𝑄 1 can know 𝑦 ( and 𝑦 0 but 𝑄 0 cannot send πΉπ‘œπ‘‘(𝑦 0 ) ∡ channel may leak the number of communication bits 11

  12. Strong Secure Channel (SSC) Secure channel model 𝑛 |𝑛| Adv ? SSC model 𝑛′ l It is implementable by steganography 12

  13. NEW NEW NEW NEW NEW NEW NEW NEW Outline l Notations l Classification for two-party [LNO13] l Classification for multiparty u Almost all sizes cannot be hidden l Strong secure channel (SSC) model u It is implementable by steganography l Classification for multiparty in SSC model u Many sizes can be hidden in SSC model 13

  14. Our Result in SSC model l Complete classification in SSC model l Maximum number of private sizes is π‘œ # of private sizes 1 2 3 4 … ❌ ❌ ❌ Secure channel … βœ” βœ” / ❌ βœ” / ❌ βœ” / ❌ SSC model … βœ” 14

  15. Case 1 When the output-size is public 15

  16. Case 1 (public output-size) l Suppose the output-size is public l Size-hiding computation is feasible in SSC model ⇔ for every and Β‘ ‘𝑗 Β‘ Β‘π‘˜ βˆƒ or : Β‘ ‘𝑗 Β‘ Β‘π‘˜ Β‘ ‘𝑗 Β‘ Β‘π‘˜ or Β‘ ‘𝑙 Β‘ ‘𝑗 Β‘ ‘𝑙 Β‘ Β‘π‘˜ Infeasible Feasible! 16

  17. Main Idea for Construction l Invoke Sharing Protocols for 𝑄 ( , 𝑄 0 , 𝑄 1 [𝑦] : FHE ciphertext Sharing Protocol for 𝑄 ( : Β‘2 Β‘3 𝑄 1 sends to 𝑄 ( : [1 ‘𝑦 1 ] 𝑄 0 sends to 𝑄 ( : Β‘1 [1 Β‘0 J K L J M ‘𝑦 0 ] If 𝑦 ( β‰₯ 𝑦 0 Otherwise [0 Β‘0 J K ] Longest input One of them can obtain all flagged ciphertexts! β†’ [𝑔(𝑦 ( , 𝑦 0 , 𝑦 1 )] can be computed 17

  18. Infeasibility (Reduced to [LNO13]) Β‘3 Β‘2 Β‘3 Β‘2 P B P A Β‘1 Β‘4 Β‘1 Β‘4 𝐺 𝑦 ( ,𝑦 0 ,𝑦 1 ,𝑦 2 l Suppose the class is feasible l Let 𝐺 𝑦 ( , 𝑦 0 , 𝑦 1 ,𝑦 2 = 𝑔 𝑦 ( , 𝑦 0 l Two private sizes (in two-party) is feasible l It contradicts [LNO13] 18

  19. Case 2 When the output-size is private 19

  20. Case 2 (private output-size) l Suppose the output-size is private l Size-hiding computation is feasible in SSC model ⇔ for every ü The party can know all input-sizes; and ü βˆƒ : Feasible! Infeasible 20

  21. Main Idea for Construction (1) 3 4 + Β‘1 Β‘2 FHE MPC l 𝑄 1 , 𝑄 2 are not involved in KeyGen ∡ 𝑄 1 , 𝑄 2 must not join threshold Decryption of 𝒛 l 𝑄 1 , 𝑄 2 do Evaluation , and obtain 𝑧 with zero paddings Thanks to the padding, they can do this without knowing |𝑧| 21

  22. Main Idea for Construction (2) 3 4 l 𝑄 ( , 𝑄 0 do KeyGen l 𝑄 1 , 𝑄 2 get encrypted input-shares l 𝑄 1 , 𝑄 2 do Evaluate using MPC Β‘1 Β‘2 l 𝑄 ( , 𝑄 0 do threshold Decryption If 𝑄 ( , 𝑄 1 or 𝑄 2 is honest 𝑄 0 are corrupted Security by MPC FHE does not work If 𝑄 1 , 𝑄 ( or 𝑄 0 is honest 2 are corrupted 𝑄 Security by FHE MPC does not work FHE or MPC guarantee the security! 22

  23. Infeasibility (Reduced to [LNO13]) P B 2 2 3 1 3 1 P A 𝐺 𝑦 ( ,𝑦 0 ,𝑦 1 l Suppose the class is feasible l Let 𝐺 𝑦 ( , 𝑦 0 , 𝑦 1 = 𝑔 𝑦 ( , 𝑦 0 l Two private sizes (in two-party) is feasible l It contradicts [LNO13] 23

  24. Conclusion l Hiding two is infeasible (standard model) l SSC model is rich for size-hiding l Some of them are still infeasible Thank you for your attention! 24

  25. Q&A l How to implement SSC by steganography? u A party can hide message of an arbitrary length Adv ? Q3&5?9A8K7#*AS4W356 25

  26. Q&A l How to implement SSC by steganography? u A party can hide message of an arbitrary length Adv ? Q3&5?9A8K7#*AS4W356 26

  27. Conclusion Background l [LNO13] constructed size-hiding protocol for two parties l They also proved the strong limitation This work l We introduce the strong secure channel (SSC) model l We construct size-hiding protocols in the SSC model l We also prove the (weaker) limitation for the SSC model Thank you for your attention! 27

  28. Set Intersection l Police has a list of terrorists π‘Œ l Company has a list of customers 𝑍 l Police wish to compute π‘Œ ∩ 𝑍 without revealing |π‘Œ| l NaΓ―ve approach, Padding, is inefficient ・ Millionaire Problem (Population version) l Aliens: β€œWhich planet has the largest population?” l The population is related to the military power l Its size is also related to the military power l Padding doesn’t work since the upper-bound is too large 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Topology-Hiding Computation for Large Diameter Graphs Adi Akavia Tal Moran The Academic College

Topology-Hiding Computation for Large Diameter Graphs Adi Akavia Tal Moran The Academic College

Topology-Hiding Computation for Large Diameter Graphs Adi Akavia Tal Moran The Academic College IDC Herzliya of Tel-Aviv Jaffa MPC [Yao 86 , GMW 87]: multiple parties can jointly compute a function of their private inputs, while

1.56k views β€’ 123 slides
Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio

Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio

Hiding the Input Size in Secure Two-Party Computation Yehuda Lindell , Kobbi Nissim, Claudio Orlandi (or a more privacy Privacy on sensitive social network) My friends should only see our common friends Secure Computation 8dx2rru3d0fW2TS y

520 views β€’ 36 slides
Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft Research) Ivan Visconti (University of Salerno) Size hiding protocols Traditional secure computation: All existing definitions and Parties

631 views β€’ 22 slides
Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville

Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville

Full statistical analyses with secure multi-party computation Dan Bogdanov, Liina Kamm, Ville Sokk dan@cyber.ee http://sharemind.cyber.ee/ The Sharemind model Input Computing Result parties parties parties x 11 CP 1 y 1 IP 1 ... RP 1 x

411 views β€’ 14 slides
Political Party System 1 Two parties equal size More like mass movements 800,000

Political Party System 1 Two parties equal size More like mass movements 800,000

Political Party System 1 Two parties equal size More like mass movements 800,000 members Two party system unusual multi-party the norm Makes national consensus difficult to achieve Government of National Unity almost

277 views β€’ 25 slides
Self-Stabilizing Master--Slave Token Circulation and Efficient Size-Computation in a

Self-Stabilizing Master--Slave Token Circulation and Efficient Size-Computation in a

Self-Stabilizing Master--Slave Token Circulation and Efficient Size-Computation in a Unidirectional Ring of Arbitrary Size Wayne Goddard & Pradip K. Srimani Clemson University, South Carolina {goddard,srimani}@cs.clemson.edu

318 views β€’ 12 slides
CSE 461: Multiple Access Homework: Chapter 2, problems 1, 8, 12, 18, 23, 24, 35, 43, 46, and 58

CSE 461: Multiple Access Homework: Chapter 2, problems 1, 8, 12, 18, 23, 24, 35, 43, 46, and 58

CSE 461: Multiple Access Homework: Chapter 2, problems 1, 8, 12, 18, 23, 24, 35, 43, 46, and 58 Next Topic Key Focus: How do multiple parties share a wire? Application This is the Medium Access Control Presentation (MAC) portion of

991 views β€’ 59 slides
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation between parties who do not

1.03k views β€’ 35 slides
Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an object, need only know the name of the messages that the object will accept. They need not have any idea how the actions performed in response to

474 views β€’ 34 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views β€’ 24 slides
2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

2-party secure computation Problem: Two parties, Alice and Bob, with private inputs, a and b ,

1 International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020 Mon Z a: fast maliciously-secure 2-party computation on the ring 2 k Dario Catalano 1 , Mario Di Raimondo 1 , Dario Fiore 2 and Irene Giacomelli 3 1

504 views β€’ 25 slides
Economics and Computation Lirong Xia 1 This Course Economics: decision making by multiple

Economics and Computation Lirong Xia 1 This Course Economics: decision making by multiple

Economics and Computation Lirong Xia 1 This Course Economics: decision making by multiple actors, each with individual preferences, capabilities, and information, and motivated to act in regard to these preferences. Computer science:

448 views β€’ 22 slides
High-Accurate Computation of One-Loop Integrals by Several Hundred Digits Multiple-Precision

High-Accurate Computation of One-Loop Integrals by Several Hundred Digits Multiple-Precision

High-Accurate Computation of One-Loop Integrals by Several Hundred Digits Multiple-Precision Arithmetic Hiroshi Fujiwara ( ) Graduate School of Informatics, Kyoto University CPP2010 Workshop KEK Japan, 24 September 2010 H.

622 views β€’ 45 slides
Structured matrix methods for the computation of multiple roots of univariate polynomials John D.

Structured matrix methods for the computation of multiple roots of univariate polynomials John D.

Structured matrix methods for the computation of multiple roots of univariate polynomials John D. Allan and Joab R. Winkler Department of Computer Science The University of Sheffield, United Kingdom Overview

537 views β€’ 27 slides
Data-driven Model Selection for Approximate Bayesian Computation via Multiple Logisitic

Data-driven Model Selection for Approximate Bayesian Computation via Multiple Logisitic

Data-driven Model Selection for Approximate Bayesian Computation via Multiple Logisitic Regression. Ben Rohrlach Prof. Nigel Bean, Dr Jonathan Tuke University of Adelaide November 6, 2014 Adam Rohrlach Table of Contents Introduction. 1

1.72k views β€’ 112 slides
Multiprocessor OS 2003 1 Multiple processor systems Why? Clock speed limit: 10GHz

Multiprocessor OS 2003 1 Multiple processor systems Why? Clock speed limit: 10GHz

Multiprocessor OS 2003 1 Multiple processor systems Why? Clock speed limit: 10GHz 2cm chip size 100GHz 2mm chip size 1THz <100 m chip size In practice, we could put many processors together OS 2003 2

253 views β€’ 9 slides
B ENEFITS OF R EGIONAL P OWER T RADE : A NALYSIS FOR C ENTRAL A SIA AND S OUTH A SIA Donghui Park

B ENEFITS OF R EGIONAL P OWER T RADE : A NALYSIS FOR C ENTRAL A SIA AND S OUTH A SIA Donghui Park

B ENEFITS OF R EGIONAL P OWER T RADE : A NALYSIS FOR C ENTRAL A SIA AND S OUTH A SIA Donghui Park Debabrata Chattopadhyay Husam Mohamed Beides Koji Nishida October 2019 O BJECTIVE AND S COPE OF W ORK Review and assess country energy demand

277 views β€’ 13 slides
(Pros and Cons) Koji MURAI Shinjyu Global IP ASEAN Intellectual Property Association 2015

(Pros and Cons) Koji MURAI Shinjyu Global IP ASEAN Intellectual Property Association 2015

Madrid System in ASEAN Region (Pros and Cons) Koji MURAI Shinjyu Global IP ASEAN Intellectual Property Association 2015 Annual Conference March 27-29, 2015 Sofitel So Bangkok, Thailand 1 TOPICS 1. Overview of the Madrid System 2. Advantage

432 views β€’ 27 slides
opportunity with Vietnam Koji Tauchi Mitsubishi UFJ Research and Consulting Co., Ltd. Japans

opportunity with Vietnam Koji Tauchi Mitsubishi UFJ Research and Consulting Co., Ltd. Japans

VIETNAM ITO CONFERENCE 2019 Vietnam The Emerged Destination for Innovation http://vnito2019.vnito.org/ Panel Discussion: Japans digitalization and collaboration opportunity with Vietnam Koji Tauchi Mitsubishi UFJ Research and Consulting

537 views β€’ 15 slides
and here comes the TeleGroup conclusion! Dalibor Ratkovi, Director Security SBU TeleGroup

and here comes the TeleGroup conclusion! Dalibor Ratkovi, Director Security SBU TeleGroup

and here comes the TeleGroup conclusion! Dalibor Ratkovi, Director Security SBU TeleGroup 20.09.2018, The White Palace, Beograd Prva izjava predsednika Putina dan posle finala.. The day after the final game, Putin made an official

760 views β€’ 40 slides
Random first-order transition of a spin glass model in three dimensions Toward a mean-field

Random first-order transition of a spin glass model in three dimensions Toward a mean-field

Random first-order transition of a spin glass model in three dimensions Toward a mean-field theory for glass transitions Koji Hukushima University of Tokyo, Dep. of Basic Sciences 14 August 2015 In collaboration with Takashi Takahasi.

534 views β€’ 37 slides
Lumax Industries Limited Investor Presentation November 2017 Safe Harbor This presentation and

Lumax Industries Limited Investor Presentation November 2017 Safe Harbor This presentation and

Lumax Industries Limited Investor Presentation November 2017 Safe Harbor This presentation and the accompanying slides (the Presentation), which have been prepared by Lumax Industries Limited (the Company), have been prepared solely

570 views β€’ 55 slides
SEVENTH STS FORUM Kyoto 3-5 October 2010 David Bibby, Victoria University of Wellington, New

SEVENTH STS FORUM Kyoto 3-5 October 2010 David Bibby, Victoria University of Wellington, New

SEVENTH STS FORUM Kyoto 3-5 October 2010 David Bibby, Victoria University of Wellington, New Zealand 1 What is the STS Forum The Science, Technology and Society (STS) Forum, is held in Kyoto each year from the first Sunday in October, (3-5

572 views β€’ 18 slides
4th JCI & ACI Joint Seminar Sustainable and Resilient Concrete Structures -Codes and

4th JCI & ACI Joint Seminar Sustainable and Resilient Concrete Structures -Codes and

4th JCI & ACI Joint Seminar Sustainable and Resilient Concrete Structures -Codes and Practices- 2019/7/12 8:50 - 15:20 Small Hall, Sapporo Convention Center, Sapporo, Japan Abstracts and Speakers JCI presentation # 1 Title: Life-cycle

325 views β€’ 6 slides

More recommend