Second Price Auctions A Case Study of Secure Distributed Computing Bart De Decker Gregory Neven Frank Piessens Erik Van Hoeymissen.

Slides:

Advertisements

Similar presentations

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Advertisements

Secure Computation of Linear Algebraic Functions

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Secure Evaluation of Multivariate Polynomials

Secure Multiparty Computations on Bitcoin

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

Privacy Preserving Auctions and Mechanism Design Moni Naor Benny Pinkas Reuben Sumner Presented by: Raffi Margaliot.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

What Crypto Can Do for You: Solutions in Search of Problems Anna Lysyanskaya Brown University.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

Environmental Key Generation towards Clueless Agents James Riordan School of Mathematics University of Minnesota. Bruce Schneier Counterpane Systems. Published:

1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.

Privacy Preserving K-means Clustering on Vertically Partitioned Data Presented by: Jaideep Vaidya Joint work: Prof. Chris Clifton.

Oblivious Comparator and its application to Auction Hiroaki Kikuchi Tokai University - Japan.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (

Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科教授 (Prof. Jinn-Ke Jan) 陳育毅.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

Public Key Encryption that Allows PIR Queries Dan Boneh 、 Eyal Kushilevitz 、 Rafail Ostrovsky and William E. Skeith Crypto 2007.

How to play ANY mental game

Computer Networks Ivan Marsic Rutgers University Chapter 7 – Network Security Chapter 8 – Network Monitoring Chapter 9 – Internet Protocols APPENDIX: Probability.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

Implementing e-Auctions with Sharemind Md. Sadek Ferdous 12th November 2008.

Insert presenter logo here on slide master. See hidden slide 4 for directions  Session ID: Session Classification: SEUNG GEOL CHOI UNIVERSITY OF MARYLAND.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.

Ahmed Osama Research Assistant. Presentation Outline Winc- Nile University- Privacy Preserving Over Network Coding 2  Introduction  Network coding 

Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.

FHE Introduction Nigel Smart Avoncrypt 2015.

Authenticated Key Exchange I. Definitions I. MAP I. matching conversations II. oracles II. (I)KA II. AKEP2 III. AKEP2 Security I. Session Keys II. Perfect.

Encryption. What is encryption? Encryption is conversion of original data to another data that can be converted back to original data by authorized persons.

Encryption CS110: Computer Science and the Internet.

Lecture 5.1: Message Authentication Codes, and Key Distribution

Privacy Issues in Smart Grid R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.

Intro to Cryptography ICS 6D Sandy Irani. Cryptography Intro Alice wants to send a message to Bob so that even if Eve can see the transmitted information,

Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.

1 Managing Security Additional notes. 2 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server.

Software Security Seminar - 1 Chapter 2. Protocol Building Blocks 발표자 : 최두호 Applied Cryptography.

Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.

Cryptography Lecture 13 Arpita Patra

Security Outline Encryption Algorithms Authentication Protocols

Advanced Computer Networks

A Verified DSL for MPC in

Helger Lipmaa University of Tartu, Estonia

Security through Encryption

Introduction to Symmetric-key and Public-key Cryptography

Security of Wireless Sensor Networks

Helen: Maliciously Secure Coopetitive Learning for Linear Models

Cryptography Lecture 8 Arpita Patra © Arpita Patra.

Presentation transcript:

Second Price Auctions A Case Study of Secure Distributed Computing Bart De Decker Gregory Neven Frank Piessens Erik Van Hoeymissen

2 Secure Distributed Computing  Given  n different participants P i with secrets x i  a function f  How to  compute f(x 1,..., x n )  Such that  everybody learns result  no further information about x i is leaked

3 Second price auction  Properties  Closed auction (i.e. bids kept secret)  Winner: highest bidder (draw  no winner)  Clearing price: second highest bid  Only information revealed  ID of winner  Clearing price  (draw  no information at all)

4 Overview  Secure Distributed Computing (SDC)  Trivial solution using Trusted Third Party (TTP)  Cryptographic solution [FraHa96]  Implementation using SDC  Circuit design  Assessment  Trade-off using mobile agents  Conclusion

5 Trivial solution using TTP... x1x1 x2x2 x3x3 xnxn y = f(x 1,..., x n ) y y y y n TTP

6 Trivial solution using TTP n TTP

7 Overview  Secure Distributed Computing (SDC)  Trivial solution using Trusted Third Party (TTP)  Cryptographic solution [FraHa96]  Implementation using SDC  Circuit design  Assessment  Trade-off using mobile agents  Conclusion

8 x 1 = x 1 (0) x 1 (1) E(x 1 (0) ), E(x 1 (1) ),... E(x i (j) )  i,j evaluation E(y (j) )  j D i (E(y (0) )), D i (E(y (1) )),... y = y (0) y (1)... Protocol outline

9 Overview  Secure Distributed Computing (SDC)  Trivial solution using Trusted Third Party (TTP)  Cryptographic solution [FraHa96]  Implementation using SDC  Circuit design  Assessment  Trade-off using mobile agents  Conclusion

10 Implementation using SDC  Inputs  encoding of n bids (32b)  Outputs  index of winner (or “draw”)  encoding of second highest bid  Assessment  O(n 2 ) gates = O(n 3 ) broadcasts = O(n 4 ) packets n41632 Overhead (MB)

11 Overview  Secure Distributed Computing (SDC)  Trivial solution using Trusted Third Party (TTP)  Cryptographic solution [FraHa96]  Implementation using SDC  Circuit design  Assessment  Trade-off using mobile agents  Conclusion

12 Two extreme implementations  Using globally TTP  Very efficient  High level of trust in TTP needed  Using SDC  High communication overhead  No trust in other parties needed  Trade-off between these two extremes: using  mobile agents running on  semi-trusted execution sites

13 Trade-off using mobile agents  P i trusts E j to offer secure execution platform  High-bandwidth connections between execution sites  P i sends agent A i to E j  contains private data x i  implements SDC protocol  Generic: useful for wide variety of protocols 1 E2E A1A1 A4A4 A3A3 A5A5 A6A6 A2A2 E3E3 E1E1

14 Overview  Secure Distributed Computing (SDC)  Trivial solution using Trusted Third Party (TTP)  Cryptographic solution [FraHa96]  Implementation using SDC  Circuit design  Assessment  Trade-off using mobile agents  Conclusion

15 Conclusion  Globally Trusted Third Party  Powerful and efficient  High level of trust needed  Secure Distributed Computing protocols  Avoids need of TTP  Overwhelming communication overhead  Trade-off: trust  communication overhead  Semi-trusted sites on high-bandwidth connections  Mobile agents executing SDC protocol

16 Properties of encryption scheme  “Joint”  anyone can encrypt  “decryption witness” of each player needed to decrypt  Probabilistic  one plaintext  many ciphertexts  secure for small message spaces  disadvantage: data blowup  XOR-homomorphic  Given E(b) and E(b’), anyone can compute E(b  b’)