two round secure multiparty computation minimizing public
play

Two-Round Secure Multiparty Computation Minimizing Public Key - PowerPoint PPT Presentation

Jun 30, 2023 •201 likes •628 views

Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg Peihan Miao Akshayaram Srinivasan What did we achieve? Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg

  1. Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg Peihan Miao Akshayaram Srinivasan

  2. What did we achieve?

  3. Two-Round Secure Multiparty Computation Minimizing Public Key Operations Sanjam Garg Peihan Miao Akshayaram Srinivasan

  4. Secure Multiparty Computation (MPC)

  5. What does Two-Round mean? The MPC protocol has two rounds.

  6. Two-Round MPC

  7. Two-Round MPC

  8. Why is round complexity important?

  9. Why is round complexity important? ~200ms my mom me

  10. Why not one round? Because it’s impossible! [HLP’11]

  11. Two-Round MPC?

  12. Can we implement it? Yes, but it’s too slow… Why? Too many public key operations… Why is it bad? Because public key operation is VERY slow! • Symmetric key operations (AES) ~100M/sec • Public (asymmetric) key operations ~10K/sec

  13. Our Main Result

  14. How did we achieve it?

  15. Combine? How to reduce OTs (public key operations) ? 2-round OT extension? Yes! [Beaver’96]

  16. Combine? How to reduce OTs (public key operations) ? No! Why? 2-round OT extension? Yes! [Beaver’96]

  17. Combine? No! Why? 2-round OT extension?

  18. Combine? No! Why? How to solve it? 2-round OT extension?

  19. Combine? No! Why? How to solve it? 2-round OT extension?

  20. Combine? No! Why? How to solve it? 2-round OT extension?

  21. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  22. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  23. Yao’s garbled circuit [Yao’86] Garble 0 1 0 0 1 Garble

  24. Oblivious Transfer (OT) [Rab’81, EGL’85, BCR’86, Kil’88] Oblivious Transfer

  25. Two-Round OT [AIR’01, NP’01, HK’12]

  26. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  27. Two-Round MPC [BL’18, GS’18] Oblivious Transfer Oblivious Transfer … Oblivious Transfer

  28. Two-Round MPC [BL’18, GS’18] … • Decryption secrets are known by Receiver before Round-2 • Decryption secrets are independent Why?

  29. Two-Round MPC [BL’18, GS’18] Round-1 Round-2 … … … … … • Decryption secrets are known by Receiver before Round-2 • Decryption secrets are independent

  30. Technical Overview (semi-honest) • Building blocks • Yao’s garbled circuit (symmetric key) • two-round OT (public key) • Two-Round MPC [BL’18, GS’18] • What are the special properties needed from OT? • Why are they needed? • Two-Round OT Extension [Beaver’96] • Why not satisfying the special properties needed from OT? • How to solve the problems?

  31. OT Extension [Beaver’96] Oblivious Transfer Oblivious Transfer … Oblivious Transfer

  32. Two-Round OT Extension [Beaver’96]  Decryption secrets are known by Receiver before Round-2  Decryption secrets are independent Why?

  33. Two-Round OT Extension [Beaver’96] … … …  Decryption secrets are independent

  34. Combine? No! Why? How to solve it? 2-round OT extension?

  35. Two-Round OT Extension [Beaver’96]  Decryption secrets are known by Receiver before Round-2  Decryption secrets are independent

  36. First Attempt: Modify Two-Round OT Extension  Decryption secrets are known by Receiver before Round-2  Decryption secrets are independent

  37. Two-Round MPC [BL’18, GS’18] Round-1 Round-2 … … … … … Decryption secrets are hard-coded in the garbled circuits; So they should be known before Round-2!

  38. Second Attempt: Weaken Special Properties … Decryption secrets are hard-coded in the garbled circuits; Weakened property: Decryption secrets can be computed So they should be known before Round-2! and fed into the garbled circuits after Round-2.

  39. Summary

  40. Future Work • How to make it more practical? • Making black-box use of crypto operations? • Impossible for 2 rounds! [GMMM’18] talk tomorrow morning :) • Black-box but 3 rounds? • Combining with black-box OT extension [IKNP’03] • Concrete optimization for implementation

  41. Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele

Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele

Round Optimal Secure Multiparty Computation from Minimal Assumptions Arka Rai Choudhuri Michele Ciampi Vipul Goyal Johns Hopkins University The University of Edinburgh Carnegie Mellon University and NTT Research Abhishek Jain Rafail

1.42k views • 119 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides
Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa Pankova Roman Jagomgis Peeter Laud 1 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty

641 views • 38 slides
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

773 views • 39 slides
k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,

1.03k views • 85 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

846 views • 55 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

492 views • 48 slides
SMCL A Domain-Specific Programming Language for Secure Multiparty Computation Janus Dam Nielsen

SMCL A Domain-Specific Programming Language for Secure Multiparty Computation Janus Dam Nielsen

SMCL A Domain-Specific Programming Language for Secure Multiparty Computation Janus Dam Nielsen and Michael I. Schwartzbach June 14, 2007 Janus Dam Nielsen - PLAS 2007 1/27 Overview Secure Multiparty Computation SMCL Concepts An

284 views • 27 slides
Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012

Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012

Introduction Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012 Ron Steinfeld Secure Multiparty Computation from Graph Colouring July 2012 1/34 Introduction Acknowledgements Based on joint work

1k views • 62 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University)

The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background: Secure Multi-Party Computation x 1 f(x 1 ,

750 views • 54 slides
MULTIPARTY COMPUTATION WITH REPUTATION SYSTEMS Gilad Asharov Yehuda Lindell Hila Hila Za Zaro

MULTIPARTY COMPUTATION WITH REPUTATION SYSTEMS Gilad Asharov Yehuda Lindell Hila Hila Za Zaro

FAIR AND EFFICIENT SECURE MULTIPARTY COMPUTATION WITH REPUTATION SYSTEMS Gilad Asharov Yehuda Lindell Hila Hila Za Zaro rosim Asiacry acrypt pt 2013 2013 Secure Multi-Party Computation A set of parties who dont trust each other

794 views • 36 slides
Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish

Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish

Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish Dept. of Computer Science, Courant Institute, NYU This is joint work with: Riad S. Wahby (Stanford), Max Howald (Cooper Union and NYU), Siddharth

723 views • 44 slides
Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated Model in the Mediated Model Jol Alwen (NYU) Jonathan Katz (U. Maryland) Yehuda Lindell (Bar-Ilan U.) Giuseppe Persiano (U. Salerno) abhi

519 views • 25 slides
Outline Threshold Homomorphic Cryptosystems (THCs) Basic examples Secure multiparty

Outline Threshold Homomorphic Cryptosystems (THCs) Basic examples Secure multiparty

ECRYPT: Achievements and Perspectives Antwerp / May 27, 2008 PROVILAB Focus 2 Secure Multiparty Computation Based on Threshold Homomorphic Cryptosystems Berry Schoenmakers Coding & Crypto group Dept. Math & CS TU Eindhoven Outline

583 views • 13 slides
MutaGon Calling: Benchmark 4 (call for parGcipaGon) Adam Ewing, UCSC TCGA 2 nd

MutaGon Calling: Benchmark 4 (call for parGcipaGon) Adam Ewing, UCSC TCGA 2 nd

MutaGon Calling: Benchmark 4 (call for parGcipaGon) Adam Ewing, UCSC TCGA 2 nd Annual ScienGfic Symposium MutaGon Calling Benchmark Process GSC sequences and aligns samples Pair of matched Normal and Tumor BAMs MutaGons

498 views • 16 slides
Helium Processing Progress M. Drury SRF Schedule vs. Actual Actual Schedule Zone Baseline

Helium Processing Progress M. Drury SRF Schedule vs. Actual Actual Schedule Zone Baseline

Helium Processing Progress M. Drury SRF Schedule vs. Actual Actual Schedule Zone Baseline Meas He Proc Cryocycle Post Proc Meas Baseline Meas He Proc Cryocycle Post Proc Meas 1L02 2L02 2L03 2L04 75 2L05 2L06 100 100 2L07 100

578 views • 9 slides
Regression Test Selection for TizenRT AHMET CELIK 1 , YOUNG CHUL LEE 2 , AND MILOS GLIGORIC 1 1

Regression Test Selection for TizenRT AHMET CELIK 1 , YOUNG CHUL LEE 2 , AND MILOS GLIGORIC 1 1

Regression Test Selection for TizenRT AHMET CELIK 1 , YOUNG CHUL LEE 2 , AND MILOS GLIGORIC 1 1 2 1 Regression Testing Widely practiced in industry Checks that changes made to the project do not break the existing functionality

403 views • 17 slides
Program 9 January 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator

Program 9 January 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator

Program 9 January 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator string of string of abstract string of characters tokens program integers (source code) (words) (object code) A BL program consists of

1.03k views • 40 slides
Distributed Spectral Decomposition in Networks by Complex Diffusion and Quantum Random Walk

Distributed Spectral Decomposition in Networks by Complex Diffusion and Quantum Random Walk

Distributed Spectral Decomposition in Networks by Complex Diffusion and Quantum Random Walk INFOCOM, 12 April 2016 Jithin K. Sreedharan joint work with Konstantin Avrachenkov and Philippe Jacquet INRIA , France Bell Labs ,

1.11k views • 84 slides
Leptogenesis with small violation of B-L Nuria Rius IFIC, Universidad de Valencia-CSIC with Juan

Leptogenesis with small violation of B-L Nuria Rius IFIC, Universidad de Valencia-CSIC with Juan

Leptogenesis with small violation of B-L Nuria Rius IFIC, Universidad de Valencia-CSIC with Juan Racker and Manuel Pe na, arXiv:1205.1948 to appear in JCAP What is ?, GGI Workshop, Firenze 2012 OUTLINE 1. Introduction 2. Leptogenesis in

511 views • 23 slides
Compute Cache Shaizeen Aga, Supreet Jeloka, Arun Subramaniyan, Satish Narayanasamy, David Blaauw,

Compute Cache Shaizeen Aga, Supreet Jeloka, Arun Subramaniyan, Satish Narayanasamy, David Blaauw,

Compute Cache Shaizeen Aga, Supreet Jeloka, Arun Subramaniyan, Satish Narayanasamy, David Blaauw, and Reetuparna Das Presented by Gefei Zuo and Jiacheng Ma 1 Agenda Motivation Goal Design Evaluation Discussion 2

2.12k views • 19 slides
Walk Modularity: Graph partitioning based on a generalization of modularity David Mehrle 1 Amy

Walk Modularity: Graph partitioning based on a generalization of modularity David Mehrle 1 Amy

Background Walk Modularity Example Graphs Benchmark Test Conclusions Walk Modularity: Graph partitioning based on a generalization of modularity David Mehrle 1 Amy Strosser 1 Carnegie Mellon University Mount St. Marys University

617 views • 24 slides

More recommend