universal composability from essentially any trusted setup
play

universal composability from essentially any trusted setup Mike - PowerPoint PPT Presentation

Dec 17, 2022 •386 likes •882 views

universal composability from essentially any trusted setup Mike Rosulek | | CRYPTO 2012 . Example: Set intersection A B ( function evaluation ) Generate a fair coin toss ( randomized ) Online poker without a dealer ( reactive ) secure

  1. universal composability from essentially any trusted setup Mike Rosulek | | CRYPTO 2012 .

  2. Example: Set intersection A B ( function evaluation ) Generate a fair coin toss ( randomized ) Online poker without a dealer ( reactive ) secure computation. . . Several parties wish to carry out an agreed-upon computation. ◮ Parties have individual inputs / output ◮ Security guarantees: ◮ Privacy (learn no more than your prescribed output) ◮ Input independence ◮ Output consistency, etc.. ◮ Parties are mutually distrusting, some possibly malicious .

  3. secure computation. . . Several parties wish to carry out an agreed-upon computation. ◮ Parties have individual inputs / output ◮ Security guarantees: ◮ Privacy (learn no more than your prescribed output) ◮ Input independence ◮ Output consistency, etc.. ◮ Parties are mutually distrusting, some possibly malicious Example: ◮ Set intersection A ∩ B ( function evaluation ) ◮ Generate a fair coin toss ( randomized ) ◮ Online poker without a dealer ( reactive ) .

  4. . Bad news [CanettiFischlin01,CanettiKushilevitzLindell06] . . . UC security is impossible for almost all tasks that we care about . . . . . good news, bad news. . . . Good news [Canetti01] . . . Universal Composition (UC) framework = realistic security model for Internet protocols. . . . . . .

  5. good news, bad news. . . . Good news [Canetti01] . . . Universal Composition (UC) framework = realistic security model for Internet protocols. . . . . . . Bad news [CanettiFischlin01,CanettiKushilevitzLindell06] . . . UC security is impossible for almost all tasks that we care about � . . . . . .

  6. Trusted setup: Protocols can use ideal functionality Bit-commitment [CanettiLindellOstrovskySahai02] Common random string [CanettiLindellOstrovskySahai02,...] Oblivious transfer [IshaiPrabhakaranSahai08] Trusted hardware device [Katz07] the next best thing. . . Slightly relax UC framework: ◮ Assume bounded network latency [KalaiLindellPrabhakaran05] ◮ Uniform adversaries, non-uniform simulators [LinPassVenkitasubramaniam09] ◮ Superpolynomial-time simulators [Pass03, PrabhakaranSahai04, BarakSahai05, MalkinMoriartyYakovenko06, CanettiLinPass10, ...] .

  7. the next best thing. . . Slightly relax UC framework: ◮ Assume bounded network latency [KalaiLindellPrabhakaran05] ◮ Uniform adversaries, non-uniform simulators [LinPassVenkitasubramaniam09] ◮ Superpolynomial-time simulators [Pass03, PrabhakaranSahai04, BarakSahai05, MalkinMoriartyYakovenko06, CanettiLinPass10, ...] ◮ Trusted setup: Protocols can use ideal functionality ◮ Bit-commitment [CanettiLindellOstrovskySahai02] ◮ Common random string [CanettiLindellOstrovskySahai02,...] ◮ Oblivious transfer [IshaiPrabhakaranSahai08] ◮ Trusted hardware device [Katz07] .

  8. the next best thing. . . Slightly relax UC framework: ◮ Assume bounded network latency [KalaiLindellPrabhakaran05] ◮ Uniform adversaries, non-uniform simulators [LinPassVenkitasubramaniam09] ◮ Superpolynomial-time simulators [Pass03, PrabhakaranSahai04, BarakSahai05, MalkinMoriartyYakovenko06, CanettiLinPass10, ...] ◮ Trusted setup: Protocols can use ideal functionality ◮ Bit-commitment [CanettiLindellOstrovskySahai02] ◮ Common random string [CanettiLindellOstrovskySahai02,...] ◮ Oblivious transfer [IshaiPrabhakaranSahai08] ◮ Trusted hardware device [Katz07] .

  9. Intermediate: something between these two extremes Complete : all tasks have UC-secure protocols in presence of . Possible “levels of power” for . . . Useless : access to is equivalent to no trusted setup. already has a UC-secure protocol without setups . . . . . fundamental question. . . . . How useful is F as a trusted setup? ◮ What tasks have UC-secure protocols in the presence of F ? . . . . . .

  10. Intermediate: something between these two extremes Complete : all tasks have UC-secure protocols in presence of fundamental question. . . . . How useful is F as a trusted setup? ◮ What tasks have UC-secure protocols in the presence of F ? . . . . . . Possible “levels of power” for F . . . ◮ Useless : access to F is equivalent to no trusted setup. ⇔ F already has a UC-secure protocol without setups . . . . . .

  11. Intermediate: something between these two extremes fundamental question. . . . . How useful is F as a trusted setup? ◮ What tasks have UC-secure protocols in the presence of F ? . . . . . . Possible “levels of power” for F . . . ◮ Useless : access to F is equivalent to no trusted setup. ⇔ F already has a UC-secure protocol without setups ◮ Complete : all tasks have UC-secure protocols in presence of F . . . . . .

  12. fundamental question. . . . . How useful is F as a trusted setup? ◮ What tasks have UC-secure protocols in the presence of F ? . . . . . . Possible “levels of power” for F . . . ◮ Useless : access to F is equivalent to no trusted setup. ⇔ F already has a UC-secure protocol without setups ◮ Intermediate: something between these two extremes ◮ Complete : all tasks have UC-secure protocols in presence of F . . . . . .

  13. Characterize reactive, randomized functionalities, w/ behavior depending on security parameter! [MajiPrabhakaranRosulek10] restricted to deterministic & constant-sized. Complete characterization [PrabhakaranRosulek08] Almost-complete characterization [This talk] Nearly every setup is either useless or complete. . complete . useless . . take-home message. . . 1. Which 2-party setups are useless ? 2. Which 2-party setups are complete ? .

  14. Characterize reactive, randomized functionalities, w/ behavior depending on security parameter! [MajiPrabhakaranRosulek10] restricted to deterministic & constant-sized. Almost-complete characterization [This talk] Nearly every setup is either useless or complete. . complete . useless . . take-home message. . . 1. Which 2-party setups are useless ? ◮ Complete characterization [PrabhakaranRosulek08] 2. Which 2-party setups are complete ? .

  15. Characterize reactive, randomized functionalities, w/ behavior depending on security parameter! [MajiPrabhakaranRosulek10] restricted to deterministic & constant-sized. Nearly every setup is either useless or complete. . complete . useless . . take-home message. . . 1. Which 2-party setups are useless ? ◮ Complete characterization [PrabhakaranRosulek08] 2. Which 2-party setups are complete ? ◮ Almost-complete characterization [This talk] .

  16. Characterize reactive, randomized functionalities, w/ behavior depending on security parameter! [MajiPrabhakaranRosulek10] restricted to deterministic & constant-sized. take-home message. . . 1. Which 2-party setups are useless ? ◮ Complete characterization [PrabhakaranRosulek08] 2. Which 2-party setups are complete ? ◮ Almost-complete characterization [This talk] ⇒ Nearly every setup is either useless or complete. . complete . useless . . .

  17. [MajiPrabhakaranRosulek10] restricted to deterministic & constant-sized. take-home message. . . 1. Which 2-party setups are useless ? ◮ Complete characterization [PrabhakaranRosulek08] 2. Which 2-party setups are complete ? ◮ Almost-complete characterization [This talk] ⇒ Nearly every setup is either useless or complete. Characterize reactive, randomized functionalities, . complete w/ behavior depending on security parameter! . useless . . .

  18. take-home message. . . 1. Which 2-party setups are useless ? ◮ Complete characterization [PrabhakaranRosulek08] 2. Which 2-party setups are complete ? ◮ Almost-complete characterization [This talk] ⇒ Nearly every setup is either useless or complete. Characterize reactive, randomized functionalities, . complete w/ behavior depending on security parameter! [MajiPrabhakaranRosulek10] . restricted to deterministic useless . . & constant-sized. .

  19. . . . Definitions . . . is splittable if has a winning strategy. [PrabhakaranRosulek08] negligible. (“ fools all environments”) is strongly unsplittable if has a winning strategy. 1/poly. (“ detects all splitting strategies”) . . . . . Some (arguably unnatural) admit no winning strategy for or ! Applies to arbitrary (reactive, randomized, etc) functionalities. “splitting game” for F . . . F . F . . . . . . F (a) (b) (a) (b) . T . . (a) (b) Z . . Z . . . . .

  20. . Definitions . . . is splittable if has a winning strategy. [PrabhakaranRosulek08] negligible. (“ fools all environments”) is strongly unsplittable if has a winning strategy. 1/poly. (“ detects all splitting strategies”) . . . . . Some (arguably unnatural) admit no winning strategy for or ! Applies to arbitrary (reactive, randomized, etc) functionalities. “splitting game” for F . . . . F . F . . . . . F (a) (b) (a) (b) − T . ∆ := . . (a) (b) . Z Z . . . . . . . .

  21. is strongly unsplittable if has a winning strategy. 1/poly. (“ detects all splitting strategies”) Some (arguably unnatural) admit no winning strategy for or ! Applies to arbitrary (reactive, randomized, etc) functionalities. “splitting game” for F . . . F . F . . . . . . F (a) (b) (a) (b) − T . ∆ := . . (a) (b) . Z Z . . . . . . . . Definitions . . . F is splittable if T has a winning strategy. [PrabhakaranRosulek08] ⇔ ∃T : ∀Z : ∆ negligible. (“ T fools all environments”) . . . . . .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran & Amit Sahai Princeton University To appear in STOC04 Defining Security Central Problem in Cryptography Understanding what we want and what we

1.13k views • 34 slides
UNIVERSAL ROBOTS RUC 2018 Universal Robots - Evolving the future UNIVERSAL ROBOTS SET THE

UNIVERSAL ROBOTS RUC 2018 Universal Robots - Evolving the future UNIVERSAL ROBOTS SET THE

UNIVERSAL ROBOTS RUC 2018 Universal Robots - Evolving the future UNIVERSAL ROBOTS SET THE STANDARD Fast Set-up Flexible Deployment Easy Programming Safe UNIVERSAL ROBOTS SET THE STANDARD Fast setup Fast Set-up Flexible

585 views • 24 slides
Online Proposers Day TWO DIFFERENT PROJECT IDEA CONTRIBUTIONS SYSTEMIC SW Universal Trusted

Online Proposers Day TWO DIFFERENT PROJECT IDEA CONTRIBUTIONS SYSTEMIC SW Universal Trusted

CELTIC-NEXT Online Proposers Day TWO DIFFERENT PROJECT IDEA CONTRIBUTIONS SYSTEMIC SW Universal Trusted PROTECTION Execution for cloud and endpoint SW for cloud and endpoint SW security enhancement total security SOLIDSHIELD

163 views • 14 slides
Models for Geometric Composability of Engineered Physical Systems Vijay Srinivasan MBSE

Models for Geometric Composability of Engineered Physical Systems Vijay Srinivasan MBSE

Models for Geometric Composability of Engineered Physical Systems Vijay Srinivasan MBSE Colloquium at the University of Maryland, April 1, 2013 Thesis of this Colloquium Geometric composability is enabled by geometric interchangeability in

669 views • 29 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
The Zonnon Object Model: A Structured Approach to Composability & Concurrency Jrg

The Zonnon Object Model: A Structured Approach to Composability & Concurrency Jrg

The Zonnon Object Model: A Structured Approach to Composability & Concurrency Jrg Gutknecht ETH Zrich September 2005 The Pascal Language Family Guiding Principle: Make it as simple as possible but not simpler Language New

489 views • 32 slides
Universal Credit Universal Credit Universal Credit is for working-age people aged over 18 and

Universal Credit Universal Credit Universal Credit is for working-age people aged over 18 and

Universal Credit Universal Credit Universal Credit is for working-age people aged over 18 and under State Pension age. Universal Credit will replace a number of current benefits: income-based Jobseekers Allowance (JSA);

332 views • 14 slides
On Syntactic Composability and Model Reuse Yong Meng Teo** and Claudia Szabo Department of

On Syntactic Composability and Model Reuse Yong Meng Teo** and Claudia Szabo Department of

On Syntactic Composability and Model Reuse Yong Meng Teo** and Claudia Szabo Department of Computer Science National University of Singapore **Asia-Pacific Science & Technology Centre Sun Microsystems Inc. email: teoym@comp.nus.edu.sg 10

298 views • 8 slides
Universal Acceptance Quick Guide What Does Universal Acceptance Mean? ACCEPT Universal

Universal Acceptance Quick Guide What Does Universal Acceptance Mean? ACCEPT Universal

Universal Acceptance Quick Guide What Does Universal Acceptance Mean? ACCEPT Universal Acceptance (UA) is the state where all valid domain names and email addresses are accepted, validated, stored, processed and displayed correctly and

122 views • 8 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
TOTAROL TM Organic & Natural Ingredient from New Zealand Totarol Essentially New

TOTAROL TM Organic & Natural Ingredient from New Zealand Totarol Essentially New

Essentially New Zealand TOTAROL TM Organic & Natural Ingredient from New Zealand Totarol Essentially New Zealand Marketed by Mende Biotech Manufactured by Business Description We have excelled in innovation and science to produce

308 views • 30 slides
Updatable and Universal Common Reference Strings with Applications to zk-SNARKs Jens Groth,

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs Jens Groth,

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs Jens Groth, Markulf Kohlweiss, Mary Maller, Sarah Meiklejohn, Ian Miers. Crypto - 23/08/2018 Our Goal Find a better method than trusted setups for generating the

889 views • 59 slides
Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and affordable caregivers to families on demand. Why create RestUp? Americans provide $470 Billion in unpaid care in 2015. Emergency Staffing

324 views • 8 slides
Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &

Chinas Dietary Supplement Industry Market Insights Natural Products Expo West March 11, 2017 Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey & Company Your Trusted Partner in China Consumer

409 views • 29 slides
Composability of Regret Minimizers Gabriele Farina 1 Christian Kroer 2 Tuomas Sandholm 1,3,4,5 1

Composability of Regret Minimizers Gabriele Farina 1 Christian Kroer 2 Tuomas Sandholm 1,3,4,5 1

Regret Circuits: Composability of Regret Minimizers Gabriele Farina 1 Christian Kroer 2 Tuomas Sandholm 1,3,4,5 1 Computer Science Department, Carnegie Mellon University 2 IEOR Department, Columbia University 3 Strategic Machine, Inc. 4 Strategy

219 views • 19 slides
WMATA MATOC DEFINITION Essentially, a MATOC contract is not necessarily for one job, but

WMATA MATOC DEFINITION Essentially, a MATOC contract is not necessarily for one job, but

WMATA MATOC DEFINITION Essentially, a MATOC contract is not necessarily for one job, but rather a collection of jobs across a period of time. Essentially receiving a MATOC contract ensures a steady stream of jobs for anywhere between three to

473 views • 21 slides
for General Purpose Processors Zhengrong Wang Prof. Tony Nowatzki 1 Computation & Memory

for General Purpose Processors Zhengrong Wang Prof. Tony Nowatzki 1 Computation & Memory

Stream-based Memory Specialization for General Purpose Processors Zhengrong Wang Prof. Tony Nowatzki 1 Computation & Memory Specialization SIMD Dataflow + + + + + + New ISA abstraction for / certain computation pattern. Core

774 views • 32 slides
Buffer Pools Lecture # 05 Database Systems Andy Pavlo AP AP Computer Science 15-445/15-645

Buffer Pools Lecture # 05 Database Systems Andy Pavlo AP AP Computer Science 15-445/15-645

Buffer Pools Lecture # 05 Database Systems Andy Pavlo AP AP Computer Science 15-445/15-645 Carnegie Mellon Univ. Fall 2018 2 UPCO M IN G DATABASE EVEN TS Relational AI Talk Wednesday Sep 12 th @ 4:00pm GHC 8102 MapD Talk

770 views • 76 slides
Using RDMA Efficiently for Key-Value Services Anuj Kalia (CMU) Michael Kaminsky (Intel Labs),

Using RDMA Efficiently for Key-Value Services Anuj Kalia (CMU) Michael Kaminsky (Intel Labs),

Using RDMA Efficiently for Key-Value Services Anuj Kalia (CMU) Michael Kaminsky (Intel Labs), David Andersen (CMU) 1 RDMA Remote Direct Memory Access: A network feature that allows direct access to the memory of a remote computer. 2 HERD

1.13k views • 34 slides
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO

Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO

Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly a decade From PC to Mobile

693 views • 54 slides
Ticagrelor vs Aspirin in Patients undergoing Coronary- Artery Bypass Grafting Herib eribert

Ticagrelor vs Aspirin in Patients undergoing Coronary- Artery Bypass Grafting Herib eribert

The TiCAB Trial Ticagrelor vs Aspirin in Patients undergoing Coronary- Artery Bypass Grafting Herib eribert Schun unker ert, M , MD on behalf of the e TiCAB Investigators TiCAB an investigator initiated trial Sponsor Deutsches

822 views • 26 slides
WEN ETA JB? A 2 million dollars problem Date: 05/06/2019 For: SSTIC Presenters: Eloi

WEN ETA JB? A 2 million dollars problem Date: 05/06/2019 For: SSTIC Presenters: Eloi

WEN ETA JB? A 2 million dollars problem Date: 05/06/2019 For: SSTIC Presenters: Eloi Benoist-Vanderbeken, Fabien Perigaud Who are we Eloi Benoist-Vanderbeken Fabien Perigaud @elvanderb @0xf4b Working for Synacktiv: Offensive

883 views • 40 slides
BIOS in 2015 Oleksandr Bazhaniuk, Yuriy Bulygin (presenting) , Andrew Furtak , Mikhail Gorobets,

BIOS in 2015 Oleksandr Bazhaniuk, Yuriy Bulygin (presenting) , Andrew Furtak , Mikhail Gorobets,

Attacking and Defending BIOS in 2015 Oleksandr Bazhaniuk, Yuriy Bulygin (presenting) , Andrew Furtak , Mikhail Gorobets, John Loucaides , Alex Matrosov, Mickey Shkatov Advanced Threat Research Agenda State of BIOS/EFI Firmware Security Recent

1.21k views • 98 slides
:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2

:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2

:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2 Nick Sullivan 3 George Tankersley 4 Filippo Valsorda 4 1 Royal Holloway, University of London 2 University of Waterloo 3 Cloudflare 4 Independent PETS

591 views • 55 slides

More recommend