two client and multi client functional encryption for set
play

Two-Client and Multi-client Functional Encryption for Set - PowerPoint PPT Presentation

Apr 08, 2023 •384 likes •707 views

Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de Kamp David Stritzl Willem Jonker Andreas Peter ACISP 2019 Functional Encryption for Set Operations n evaluate i = 1 S i S 1 S 2 S n

  1. Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de Kamp David Stritzl Willem Jonker Andreas Peter ACISP 2019

  2. Functional Encryption for Set Operations � n evaluate i = 1 S i S 1 S 2 S n · · · Privacy-preserving information sharing Two-client and multi-client constructions for various set operations Evaluation using a proof-of-concept implementation 2

  3. Privacy-Preserving Information Sharing Private Set Intersection computing f ( S 1 , S 2 ) using MPC S 1 S 2 Computes a set operation using an interactive protocol A participant learns the evaluation result 3

  4. Privacy-Preserving Information Sharing Private Set Intersection computing f ( S 1 , S 2 ) using MPC S 1 S 2 Computes a set operation using an interactive protocol A participant learns the evaluation result 3

  5. Privacy-Preserving Information Sharing Functional Encryption for Set Operations Computes a set operation using a non-interactive scheme A third-party (the evaluator) learns the evaluation result Use cases include privacy-preserving profiling simple data mining one-way data sharing 3

  6. Multi-client Non-interactive Set Intersection Functionality f ( S 1 , S 2 , . . . , S n ) ( ID , S 1 ) ( ID , S 2 ) ( ID , S n ) · · · S 1 S 2 S n 1 2 n 4

  7. Multi-client Non-interactive Set Intersection Functionality FUNCTIONALITIES f � f ( S 1 , S 2 , . . . , S n ) intersection: i S i � � �� cardinality: i S i � � ? � � �� � threshold: i S i > t ⇒ i S i (also “with data transfer”) ( ID , S 1 ) ( ID , S 2 ) ( ID , S n ) · · · S 1 S 2 S n 1 2 n 4

  8. Multi-client Non-interactive Set Intersection Security Requirements f ( S 1 , S 2 , . . . , S n ) doesn’t learn the individual clients’ sets S 1 , . . . , S n ( ID , S 1 ) ( ID , S 2 ) ( ID , S n ) · · · S 1 S 2 S n 1 2 n 4

  9. Multi-client Non-interactive Set Intersection Security Requirements f ( S 1 , S 2 , . . . , S n ) cannot mix-and-match old and new inputs ( ID ′ , S 1 ) ( ID ′ , S n ) ( ID , S 2 ) · · · S 1 S 2 S n 1 2 n 4

  10. Multi-client Non-interactive Set Intersection Security Requirements f ( S 1 , S 2 , . . . , S n ) collusion between the evaluator and client(s) does not reveal other clients’ inputs ( ID , S 1 ) ( ID , S 2 ) ( ID , S n ) · · · S 1 S 2 S n 1 2 n 4

  11. Construction: Two-Client Set Intersection Cardinality 5

  12. Construction: Two-Client Set Intersection Cardinality | S 1 ∩ S 2 | = | ct 1 ∩ ct 2 | ct 1 ct 2 S 1 S 2 ct 1 = { ϕ msk ( ID , x j ) | x j ∈ S 1 } ct 2 = { ϕ msk ( ID , x j ) | x j ∈ S 2 } 5

  13. Construction: Two-Client Set Intersection � � ϕ − 1 S 1 ∩ S 2 = k ID , j ( c ) | c ∈ ct 1 ∩ ct 2 ct 1 ct 2 S 1 S 2 � � � � � � � � ct 1 = ϕ k ID , j ( x j ) | x j ∈ S 1 ct 2 = ϕ k ID , j ( x j ) | x j ∈ S 2 k ID , j = ϕ msk ( ID , x j ) 6

  14. Construction: Two-Client Set Intersection � � ϕ − 1 S 1 ∩ S 2 = k ID , j ( c ) | c ∈ ct 1 ∩ ct 2 k ID , j = k usk 1 ID , j · k usk 2 ID , j ct 1 ct 2 S 1 S 2 � � k usk 1 � � � k usk 2 � � � ct 1 = ID , j , ϕ k ID , j ( x j ) | x j ∈ S 1 ct 2 = ID , j , ϕ k ID , j ( x j ) | x j ∈ S 2 usk 1 + usk 2 = 1 k ID , j = ϕ msk ( ID , x j ) 6

  15. Construction: Two-Client Set Intersection � � ϕ − 1 S 1 ∩ S 2 = k ID , j ( c ) | c ∈ ct 1 ∩ ct 2 k ID , j = k usk 1 ID , j · k usk 2 ID , j ct 1 ct 2 Doesn’t have to be x j ∈ S 1 ; can be any associated data S 1 S 2 � � k usk 1 � � � k usk 2 � � � ct 1 = ID , j , ϕ k ID , j ( x j ) | x j ∈ S 1 ct 2 = ID , j , ϕ k ID , j ( x j ) | x j ∈ S 2 usk 1 + usk 2 = 1 k ID , j = ϕ msk ( ID , x j ) 6

  16. Intuition: Two-Client Threshold Set Intersection � � ϕ − 1 S 1 ∩ S 2 = k ID , j ( c ) | c ∈ ct 1 ∩ ct 2 k ID , j = k usk 1 ID , j · k usk 2 ID , j ct 1 ct 2 We also encrypt this value and require at least t secret shares for decryption S 1 S 2 � � k usk 1 � � � k usk 2 � � � ct 1 = ID , j , ϕ k ID , j ( x j ) | x j ∈ S 1 ct 2 = ID , j , ϕ k ID , j ( x j ) | x j ∈ S 2 usk 1 + usk 2 = 1 k ID , j = ϕ msk ( ID , x j ) 7

  17. Efficiency of the 2C-FE Constructions 10 0 CA 10 − 1 Mean evaluation time (seconds) 10 − 2 10 − 3 10 − 4 10 − 5 10 − 6 10 1 10 2 10 3 10 4 10 5 Size of each client’s set 8

  18. Efficiency of the 2C-FE Constructions 10 0 CA SI 10 − 1 Mean evaluation time (seconds) 10 − 2 10 − 3 10 − 4 10 − 5 10 − 6 10 1 10 2 10 3 10 4 10 5 Size of each client’s set 8

  19. Efficiency of the 2C-FE Constructions 10 0 CA SI 10 − 1 Th-CA Mean evaluation time (seconds) Th-SI 10 − 2 10 − 3 10 − 4 10 − 5 10 − 6 10 1 10 2 10 3 10 4 10 5 Size of each client’s set 8

  20. Construction: Multi-client Set Intersection Cardinality � n i = 1 H ( ID , x j ) usk i ? count = 1 ct 1 ct n ct 2 · · · S 1 S 2 S n H ( ID , x j ) usk i | x j ∈ S i � � ct i = � n i = 1 usk i = 0 9

  21. Efficiency of the MC-FE Construction Theoretical Polynomial in the number of set elements per client: �� � i | S i | O Practice CA n = 5 Mean evaluation time (seconds) CA n = 3 400 200 0 0 100 200 Size of each client’s set 10

  22. Improved Set Intersection Cardinality Scheme Intuition � 1 Compute the set intersection i S i “in the encrypted domain”; 2 For some client i ′ , determine how many set elements e j ∈ S i ′ are in the encrypted set intersection, i.e., � �� � n � � � e j | e j ∈ S i , e j ∈ S i ′ � . � � � � i = 1 � 11

  23. Improved Set Intersection Cardinality Scheme Intuition � 1 Compute the set intersection i S i “in the encrypted domain”; 2 For some client i ′ , determine how many set elements e j ∈ S i ′ are in the encrypted set intersection, i.e., � �� � n � � � e j | e j ∈ S i , e j ∈ S i ′ � . � � � � i = 1 � “Tools” Bloom filters → to represent sets in a single data structure Homomorphic encryption → to compute in the encrypted domain Functional encryption → to determine whether an element is in a set 11

  24. Preliminaries: Bloom filters Set Intersection bs [ 1 ] bs [ 2 ] bs [ 3 ] bs [ 4 ] bs [ 5 ] bs [ 6 ] bs [ 7 ] bs [ 8 ] bs [ 9 ] S 1 0 1 0 1 1 1 0 0 0 ∩ ∧ S 2 0 0 0 1 0 1 0 0 1 = S 1 ∩ S 2 0 0 0 1 0 1 0 0 0 12

  25. Construction (simplified) Set Intersection using Secret Sharing bs [ 1 ] bs [ 2 ] bs [ 3 ] bs [ 4 ] bs [ 5 ] bs [ 6 ] bs [ 7 ] bs [ 8 ] bs [ 9 ] Enc( S 1 ) r 1 , 1 s 1 , 2 r 1 , 3 s 1 , 4 s 1 , 5 s 1 , 6 r 1 , 7 r 1 , 8 r 1 , 9 + r 2 , 1 r 2 , 2 r 2 , 3 s 2 , 4 r 2 , 5 s 2 , 6 r 2 , 7 r 2 , 8 s 2 , 9 Enc( S 2 ) = Enc( S 1 ∩ S 2 ) ˜ ˜ ˜ ˜ ˜ ˜ ˜ r 1 r 2 r 3 1 r 5 1 r 7 r 8 r 9 13

  26. Construction (simplified) Set Intersection using Secret Sharing bs [ 1 ] bs [ 2 ] bs [ 3 ] bs [ 4 ] bs [ 5 ] bs [ 6 ] bs [ 7 ] bs [ 8 ] bs [ 9 ] Enc( S 1 ) r 1 , 1 s 1 , 2 r 1 , 3 s 1 , 4 s 1 , 5 s 1 , 6 r 1 , 7 r 1 , 8 r 1 , 9 + r 2 , 1 r 2 , 2 r 2 , 3 s 2 , 4 r 2 , 5 s 2 , 6 r 2 , 7 r 2 , 8 s 2 , 9 Enc( S 2 ) = Enc( S 1 ∩ S 2 ) ˜ ˜ ˜ ˜ ˜ ˜ ˜ r 1 r 2 r 3 1 r 5 1 r 7 r 8 r 9 Encrypt( usk i , ID , S i ) H ( ID , ℓ ) r i ,ℓ if bs [ ℓ ] = 0 ; H ( ID , ℓ ) s i ,ℓ if bs [ ℓ ] = 1 13

  27. Construction (simplified) Set Intersection using Secret Sharing bs [ 1 ] bs [ 2 ] bs [ 3 ] bs [ 4 ] bs [ 5 ] bs [ 6 ] bs [ 7 ] bs [ 8 ] bs [ 9 ] Enc( S 1 ) r 1 , 1 s 1 , 2 r 1 , 3 s 1 , 4 s 1 , 5 s 1 , 6 r 1 , 7 r 1 , 8 r 1 , 9 + r 2 , 1 r 2 , 2 r 2 , 3 s 2 , 4 r 2 , 5 s 2 , 6 r 2 , 7 r 2 , 8 s 2 , 9 Enc( S 2 ) = Enc( S 1 ∩ S 2 ) ˜ ˜ ˜ ˜ ˜ ˜ ˜ r 1 r 2 r 3 1 r 5 1 r 7 r 8 r 9 Encrypt( usk i , ID , S i ) Evaluate( ct 1 , . . . , ct n ) H ( ID , ℓ ) r i ,ℓ if bs [ ℓ ] = 0 ; �� n � H ( ID , ℓ ) s 0 ,ℓ · i = 1 H ( ID , ℓ ) s i ,ℓ H ( ID , ℓ ) s i ,ℓ if bs [ ℓ ] = 1 13

  28. Construction (simplified) Set Intersection using Secret Sharing bs [ 1 ] bs [ 2 ] bs [ 3 ] bs [ 4 ] bs [ 5 ] bs [ 6 ] bs [ 7 ] bs [ 8 ] bs [ 9 ] Enc( S 1 ) r 1 , 1 s 1 , 2 r 1 , 3 s 1 , 4 s 1 , 5 s 1 , 6 r 1 , 7 r 1 , 8 r 1 , 9 Actual construction is more involved: + element testing uses � n = ( g r ) t ′ � H ( ID , ℓ ) s 0 ,ℓ g t · r � i = 1 H ( ID , ℓ ) s i ,ℓ ? · r 2 , 1 r 2 , 2 r 2 , 3 s 2 , 4 r 2 , 5 s 2 , 6 r 2 , 7 r 2 , 8 s 2 , 9 Enc( S 2 ) using Shamir secret sharing instead of additive secret sharing = Enc( S 1 ∩ S 2 ) ˜ ˜ ˜ ˜ ˜ ˜ ˜ r 1 r 2 r 3 1 r 5 1 r 7 r 8 r 9 Encrypt( usk i , ID , S i ) Evaluate( ct 1 , . . . , ct n ) H ( ID , ℓ ) r i ,ℓ if bs [ ℓ ] = 0 ; �� n � H ( ID , ℓ ) s 0 ,ℓ · i = 1 H ( ID , ℓ ) s i ,ℓ H ( ID , ℓ ) s i ,ℓ if bs [ ℓ ] = 1 13

  29. Efficiency of the MC-FE Construction Theoretical Polynomial in the number of set elements per client: x 2 � � O Practice CA n = 5 Mean evaluation time (seconds) CA n = 3 400 200 0 0 100 200 Size of each client’s set 14

  30. Efficiency of the MC-FE Construction Theoretical Polynomial in the number of set elements per client: � x 2 � O Practice CA n = 5 Mean evaluation time (seconds) CA n = 3 400 CA-BF n = 5 CA-BF n = 3 200 0 0 100 200 Size of each client’s set 14

  31. Summary Non-interactive privacy-preserving information sharing Efficient two-client constructions for various set operations Theoretical constructions for various multi-client set operations 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client Client Client Client Client Client Client Google Client Client Client Client Client Client Many clients; 1 server Server starts and then

333 views • 6 slides
Multi-client Predicate-only Encryption for Conjunctive Equality Tests Tim van de Kamp Andreas

Multi-client Predicate-only Encryption for Conjunctive Equality Tests Tim van de Kamp Andreas

Multi-client Predicate-only Encryption for Conjunctive Equality Tests Tim van de Kamp Andreas Peter Maarten Everts Willem Jonker 16th International Conference on Cryptology And Network Security, 2017 Monitoring over Encrypted Data Tim van de

497 views • 21 slides
multi-platform, multi-os client/server Client/Server Communication Suppose we send data

multi-platform, multi-os client/server Client/Server Communication Suppose we send data

multi-platform, multi-os client/server Client/Server Communication Suppose we send data between clients and servers The Java stream hierarchy is a rich source of options Object streams, Data streams, Buffered Readers, Often

266 views • 3 slides
Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

E LIOM Tierless Web programming from the ground up Gabriel R ADANNE Jrme V OUILLON Vincent B ALAT Vasilis P APAVASILEIOU Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server DOM 2 2 / 22 1

778 views • 42 slides
SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in 32 bit and 64 bit Requires a dedicated test/build box Difficult Crypt::OpenPGP dependencies Poor error reporting Not thread

495 views • 5 slides
InfoAnywhere Client Profile Client Overview Client Name: TestPerson Palliative #2650 First

InfoAnywhere Client Profile Client Overview Client Name: TestPerson Palliative #2650 First

Please Note: This view was saved in October 2018. Elements of this page may have been updated, added or removed. If client data is on this screen, it is purely fictitious in nature and was taken from our test system. Please excuse the

308 views • 6 slides
Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Multi-input Inner-Product Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana Raykova, Yale University Hoeteck Wee, CNRS and ENS Functional Encryption [Boneh, Sahai, Waters 11] m Alice Functional

585 views • 40 slides
1 Picturing the client relation (See diagram tool of EiffelStudio.) SUPPLIER CLIENT I ntro. to

1 Picturing the client relation (See diagram tool of EiffelStudio.) SUPPLIER CLIENT I ntro. to

Chair of Softw are Engineering Einfhrung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer October 2006 February 2007 Lecture 4: The Interface of a Class 2 Client, supplier Definitions A client of a

704 views • 11 slides
iRUI - The Rich Client and i iRUI - The Rich Client and i Pluta Brothers Design, Inc. Joe Pluta

iRUI - The Rich Client and i iRUI - The Rich Client and i Pluta Brothers Design, Inc. Joe Pluta

iRUI - The Rich Client and i iRUI - The Rich Client and i Pluta Brothers Design, Inc. Joe Pluta Agenda Who is PBD? Multi-Tiered Application Design The Tiers of a Rich Client The Messages Creating a Business Logic Library Function Creating

779 views • 49 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
multi-platform, multi-os client/server Suppose we send data between clients and servers

multi-platform, multi-os client/server Suppose we send data between clients and servers

multi-platform, multi-os client/server Suppose we send data between clients and servers Architectural issues impact client/server code Little-endian/Big-endian issues 0xabcd is a 32-bit value, which is MSB? How is this stored?

342 views • 11 slides
Caches & Memcache Example Client N. America Client System Asia + Caches Client Africa

Caches & Memcache Example Client N. America Client System Asia + Caches Client Africa

Caches & Memcache Example Client N. America Client System Asia + Caches Client Africa Client Client Client while(get(done1) == false) while(get(done2) == false) put (k1, f(data)) ; ; put (done1, true) put (k2, g(get(k1));

839 views • 61 slides
Extravagance Where do we even start??? This client came to us as a referral from another client

Extravagance Where do we even start??? This client came to us as a referral from another client

Residential Bathroom $75,000 $100,000 Actual Project Cost: $90,000.00 English Tudor Rustic Extravagance Where do we even start??? This client came to us as a referral from another client for whom we had done a beautiful kitchen

284 views • 27 slides
PgBouncer and a Bit of Queueing Theory Peter Eisentraut peter.eisentraut@2ndquadrant.com

PgBouncer and a Bit of Queueing Theory Peter Eisentraut peter.eisentraut@2ndquadrant.com

PgBouncer and a Bit of Queueing Theory Peter Eisentraut peter.eisentraut@2ndquadrant.com @petereisentraut client client client client client client client client client client client DB max_connections = 10000 max_connections =

592 views • 27 slides
Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional Encryption f g h KeyGen PK SK SK f PK f(x) Dec SK g x g(x) Enc Dec Ciphertext SK h h(x) Dec Index-Payload Functions Message x=(

166 views • 13 slides
Primary/Backup CS 452 Single-node key/value store Client Put key1 value1 Client

Primary/Backup CS 452 Single-node key/value store Client Put key1 value1 Client

Primary/Backup CS 452 Single-node key/value store Client Put key1 value1 Client Redis Put key2 value2 Client Get key1 Single-node state machine Client Op1 args1 State machine Client Op2 args2 Client Op

788 views • 46 slides
BELL RINGER Domain: Operations and Algebraic Thinking Item: CR Candy wants to buy herself a new

BELL RINGER Domain: Operations and Algebraic Thinking Item: CR Candy wants to buy herself a new

BELL RINGER Domain: Operations and Algebraic Thinking Item: CR Candy wants to buy herself a new bicycle that costs $240. Candy has already saved $32, but she needs to make a plan so she can save the rest of the money she needs. She decides to

223 views • 10 slides
GTFS-realtime What is GTFS-realtime GTFS-realtime is an extension of the General Transit Feed

GTFS-realtime What is GTFS-realtime GTFS-realtime is an extension of the General Transit Feed

GTFS-realtime What is GTFS-realtime GTFS-realtime is an extension of the General Transit Feed Specification( GTFS ) that gives public transportation agencies the capability to provide realtime updates about their fleet. Feed Types There are

521 views • 35 slides
ESASky: A new window for Solar System Data Exploration Elena Racero, Fabrizio Giordano & Juan

ESASky: A new window for Solar System Data Exploration Elena Racero, Fabrizio Giordano & Juan

ESASky: A new window for Solar System Data Exploration Elena Racero, Fabrizio Giordano & Juan Gonzalez On behalf of ESAC Science Data Centre (ESDC), European Space Agency In Collaboration with Benoit Carry, Observatoire de la Cote d'Azur

395 views • 18 slides
Envisions Math Presented By: Jill Schwantes, Kim Labbree, and Jamie Tenerelli Topic 8: More

Envisions Math Presented By: Jill Schwantes, Kim Labbree, and Jamie Tenerelli Topic 8: More

Envisions Math Presented By: Jill Schwantes, Kim Labbree, and Jamie Tenerelli Topic 8: More Addition and Subtraction The Topics Topic 9: Count Numbers to 20 Topic 1: Numbers 0 to 5 Topic 10: Compose and Decompose Numbers 11 to 19 Topic 2:

350 views • 12 slides
Les donnes scien+fiques et les problma+ques par+culires lies leur qualit Laure

Les donnes scien+fiques et les problma+ques par+culires lies leur qualit Laure

Les donnes scien+fiques et les problma+ques par+culires lies leur qualit Laure Ber+-Equille IRD, UMR ESPACE DEV laure.ber+@ird.fr Classifica(on Donnes dobserva(on collectes un instant, ncessitant un apparat descrip+f

538 views • 17 slides
Report Cards Pr Presented sented to PT PTAs As at at Oa Oak k Ri Ridge ge, Fo Forest

Report Cards Pr Presented sented to PT PTAs As at at Oa Oak k Ri Ridge ge, Fo Forest

SANDWICH PUBLIC SCHOOLS Standards-Based Report Cards Pr Presented sented to PT PTAs As at at Oa Oak k Ri Ridge ge, Fo Forest stdale dale and nd HT HT Wi Wing ng March/A rch/Apri pril, , 20 2014 14 Our Discussion

247 views • 21 slides
Engagement Andy created a rectangular array showing how he would place 56 small tiles on the wall.

Engagement Andy created a rectangular array showing how he would place 56 small tiles on the wall.

Engagement Andy created a rectangular array showing how he would place 56 small tiles on the wall. He placed 7 tiles in each row. He wrote a multiplication equation using R to stand for the number of rows he used. Write an equation using R that

499 views • 23 slides
Presenta;on Targets v Common Core Background v Areas of

Presenta;on Targets v Common Core Background v Areas of

The Common Core State Standards A commitment to Student Success Presenta;on Targets v Common Core Background v Areas of Focus & Shi7s of Common Core Shi7s Mathema(cs

283 views • 14 slides

More recommend