Synchronous Constructive Cry ryptography Chen-Da Ueli Liu-Zhang Maurer ETH Zurich ETH Zurich TCC 2020
π
π R rounds
π π π π π R rounds π
NaΓ―ve randomness generation π 1 π π 2 π 6 π π π π π 3 R rounds π π 5 π 4
NaΓ―ve randomness generation π 1 π π 2 π 6 π π π ΰ» π π π π 3 π R rounds π π 5 π 4
Composable Security Modularization Clean guarantees Composition Many existing composable frameworks [PW94,C01,N03,MR11,KT13,β¦]
Generality vs Simplicity
Generality vs Simplicity Can we design a simple framework for a meaningful restricted setting?
Generality vs Simplicity Can we design a simple framework for a meaningful restricted setting? Precision Teaching Formal Verification
Our Focus Asynchronous Computational Adaptive Permissionless Synchronous Inf. Theoretic Static Permissioned
Future Extension Asynchronous Computational Adaptive Permissionless Synchronous Inf. Theoretic Static Permissioned
Composable Synchronous Models Current models* are built on top of asynchronous model 1. Extra functionalities 2. Activation token 3. Message scheduling Our goal: minimal framework 1. Intuitive descriptions 2. Simple proofs *[Can01,Nie03,HofMul04,KMTZ13]
Specifications Ξ¦
Specifications Ξ¦ π―
Specifications Ξ¦ π―
Constructions π― β 1 β 2 Recipe π + π π―, or equivalently, π(β) β π― β Υ
Constructive Cryptography Ξ¦ resources 2 π 1 3 4 *[Mau11,MR11,MR16]
Constructive Cryptography Ξ¦ resources Ξ£ converters 2 π π 1 3 4 *[Mau11,MR11,MR16]
Multi-Party Constructive Cryptography π¬ = {1, β¦ , π} Protocol π = (π 1 , β¦ , π π ) 2 π 1 3 4
Multi-Party Constructive Cryptography π¬ = {1, β¦ , π} Protocol π = (π 1 , β¦ , π π ) π 2 2 π 1 π π 3 1 3 4 π 4
Multi-Party Constructive Cryptography π¬ = {1, β¦ , π} Protocol π = (π 1 , β¦ , π π ) π 2 2 π 1 π π 3 1 3 4 π 4 {Ο π | πβπΌ} π― πΌ βπΌ β π β πΌ
Multi-Party Constructive Cryptography π¬ = {1, β¦ , π} Protocol π = (π 1 , β¦ , π π ) 2 2 π― {1,3,4} β 1,3,4 π 1 π 3 β 1 3 1 3 4 4 π 4 {Ο π | πβπΌ} π― πΌ βπΌ β π β πΌ
Multi-Party Constructive Cryptography π¬ = {1, β¦ , π} Protocol π = (π 1 , β¦ , π π ) 2 Ξ¦ β 1,3,4 π 1 π 3 β 1 3 4 π 4 {Ο π | πβπΌ} π― πΌ βπΌ β π β πΌ
Multi-Party Constructive Cryptography Traditional simulation-based notion π 2 2 π β 1,3,4 π 1 π 3 β 1 3 1 3 4 4 π 4
Multi-Party Constructive Cryptography Traditional simulation-based notion π 2 2 π β 1,3,4 π 1 π 3 β 1 3 1 3 4 4 π― {1,3,4} π 4
Multi-Party Constructive Cryptography Traditional simulation-based notion β 2 2 π β 1,3,4 π 1 π 3 β 1 3 1 3 4 4 π― {1,3,4} = {π 2 π | π β Ξ£} π 4
Synchronous Systems π Resource
Synchronous Systems π Resource
Synchronous Systems π Resource
Synchronous Systems π π Resource Converter
Synchronous Systems π π Resource Converter
Synchronous Systems π π Resource Converter
Synchronous Systems π π Resource Converter
Synchronous Systems π π
Synchronous Systems π π
Round Structure Round π Send Receive
Round Structure Round π Send π . π Leakage Send π . π Receive Receive Honest Dishonest
Authenticated Channel with Upper Bound Ξ β’ Honest parties are guaranteed to get π AUTH π after Ξ rounds Round π + Ξ Round π Round π
Authenticated Channel with Upper Bound Ξ β’ Honest parties are guaranteed to get π AUTH π after Ξ rounds Round π + Ξ Round π β’ Dishonest parties are guaranteed to get π in the same round Round π
Authenticated Channel with Upper Bound Ξ β’ Honest parties are guaranteed to get π AUTH π after Ξ rounds π Round π + Ξ Round π β β’ Dishonest parties do not have any guarantee ππ±π°β Ξ,π = π π AUTH Ξ | π β Ξ£
Broadcast Validity: If sender is honest, all honest receivers output π π Consistency: All honest receivers output Round π the same πβ Round π
Broadcast Validity: If sender is honest, all honest receivers output π (at round π ) π Consistency: All honest receivers output Round π the same πβ (at round π ) Round π π = π€ β§ π π β¬π π,π,πΌ = π | βπ€ βπ π β πΌ π§ π π‘ β πΌ Υ π€ = π¦ π‘ Consistency Validity
Broadcast π = π€ β§ π π β¬π π,π,πΌ = π | βπ€ βπ π β πΌ π§ π π‘ β πΌ Υ π€ = π¦ π‘ Let π = (π 1 , β¦ , π π ) be a (standard) broadcast protocol that takes Ξ rounds π πΌ πͺβ°π° β β¬π π,π+Ξ,πΌ Standard proof β’ Validity: If π π‘ β πΌ , all honest parties obtain π at round π + Ξ β’ Consistency: All honest parties obtain the same value at round π + Ξ
Computer Resource Instructions Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦ *see also arithmetic black-box [DN03]
Computer Resource Instructions π½ 1 Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instructions π½ 1 Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦ π½ 1 π½ 1 π½ 1 π½ 1 π½ 1
Computer Resource Instructions π½ 1 π½ 2 Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instructions π½ 2 π½ 1 Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦ π½ 2 π½ 2 π½ 2 π½ 2 π½ 2
Computer Resource Instructions π½ 4 π½ 3 π½ 2 π½ 1 β¦ Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instructions π½ 4 π½ 3 π½ 2 β¦ π½ 1 Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instructions π½ 4 π½ 3 π½ 2 β¦ π½ 1 Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 π½ 1 β¦ 3. (add,p 1 ,p 2 ,p 3 ) 4. (mult,p 1 ,p 2 ,p 3 ) Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins 1 2 3 4 5 β¦ 1 2 4 n 3 β¦ v
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins v 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins v 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins v 1 2 3 4 5 β¦ 1 2 4 n 3 β¦ v
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins w v 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins w v v+w 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
Computer Resource Instruction I: 1. (input, i, p) Instructions 2. (output,i,p) π½ 4 π½ 3 π½ 2 β¦ 3. (add,p 1 ,p 2 ,p 3 ) π½ 1 4. (mult,p 1 ,p 2 ,p 3 ) Values ins w v v β w v+w 1 2 3 4 5 β¦ 1 2 4 n 3 β¦
MPC as Computer Instructions [BGW88] [Mau06] β¬π, πͺβ°π° Values ins 1 2 3 4 5 β¦ 1 2 3 4 n β¦
Conclusions β’ Simple model for synchronous protocols β’ Parties are honest/dishonest β’ Information-theoretic statements β’ Flexible to capture property-based formalizations
Full version: https://eprint.iacr.org/2020/1226 Credits: Icons: https://www.flaticon.com/
Recommend
More recommend