Swarming Secrets Shlomi Dolev (BGU), Juan Garay (AT&T Labs), Niv Gilboa (BGU) Vladimir Kolesnikov (Bell Labs) Allerton 2009.

Slides:



Advertisements
Similar presentations
Secret Sharing Protocols [Sha79,Bla79]
Advertisements

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Secure Evaluation of Multivariate Polynomials
Multi-Party Computation Forever for Cloud Computing and Beyond Shlomi Dolev Joint works with Limor Lahiani, Moti Yung, Juan Garay, Niv Gilboa and Vladimir.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Secret Swarm Unit Reactive k-Secret Sharing INDOCRYPT 2007 Shlomi Dolev 1, Limor Lahiani 1, Moti Yung 2 Department of Computer Science 1 Ben-Gurion University,
Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.
Secret Sharing Algorithms
1 Lecture 13 Turing machine model of computation –Sequential access memory (tape) –Limited data types and instructions –Graphical representation –Formal.
Adaptively Secure Broadcast, Revisited
Section 11.4 Language Classes Based On Randomization
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Randomized Turing Machines
Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.
Theory of Computing Lecture 17 MAS 714 Hartmut Klauck.
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.
Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.
DISTRIBUTED CRYPTOSYSTEMS Moti Yung. Distributed Trust-- traditionally  Secret sharing: –Linear sharing over a group (Sum sharing) gives n out of n sharing.
1 More About Turing Machines “Programming Tricks” Restrictions Extensions Closure Properties.
Polynomials. Polynomial a n x n + a n-1 x n-1 +….. + a 2 x 2 + a 1 x + a 0 Where all exponents are whole numbers – Non negative integers.
2.2 Warm Up Find the sum or difference. 1. (2x – 3 + 8x²) + (5x + 3 – 8x²) 2. (x³ - 5x² - 4x) – (4x³ - 3x² + 2x – 8) 3. (x – 4) – (5x³ - 2x² + 3x – 11)
4.1 Introduction to Polynomials. Monomial: 1 term (ax n with n is a non- negative integers, a is a real number) Ex: 3x, -3, or 4xy 2 z Binomial: 2 terms.
4.3 Polynomials. Monomial: 1 term (ax n with n is a non- negative integers) Ex: 3x, -3, or 4y 2 Binomial: 2 terms Ex: 3x - 5, or 4y 2 + 3y Trinomial:
10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.
The Advanced Encryption Standard Part 2: Mathematical Background
8.1 ADDING AND SUBTRACTING POLYNOMIALS To classify, add, and subtract polynomials.
1 Turing Machines and Equivalent Models Section 13.1 Turing Machines.
Starter Simplify (4a -2 b 3 ) -3. Polynomials Polynomial a n x n + a n-1 x n-1 +….. + a 2 x 2 + a 1 x + a 0 Where all exponents are whole numbers –
Turing Machines. The next level of Machine… PDAs improved on FSAs by adding memory. We make the memory more flexible to do more complicated tasks.
More About Turing Machines
CSE202: Introduction to Formal Languages and Automata Theory
COSC160: Data Structures Linked Lists
Multiplication
CSC321 Lecture 18: Hopfield nets and simulated annealing
Adding, Subtracting, and Multiplying Radical Expressions
A Study of Group-Tree Matching in Large Scale Group Communications
Are you ready for the Skills Check??
Advanced Computer Networks
Advanced Protocols.
Multiplication
Secret Sharing (or, more accurately, “Secret Splitting”)
Computational Molecular Biology
Introduction to Polynomials
Cryptography CS 555 Lecture 22
Private and Secure Secret Shared MapReduce
Four-Round Secure Computation without Setup
Linked List Intro CSCE 121 J. Michael Moore.
Adding, Subtracting, and Multiplying Radical Expressions
Warm-up!! 12/9/2018 Day 6.
Deniability an Alibi for Users in P2P Networks
Combine Like Terms 3x – 6 + 2x – 8 3x – x + 10
Round-Optimal and Efficient Verifiable Secret Sharing
Secret Sharing CPS Computer Security Nisarg Raval Sep 24, 2014
Warm-up!! 1/15/2019 Day 6.
Randomized PRF Tree Walking Algorithm for Secure RFID
Recall last lecture and Nondeterministic TMs
Lecture 6: Counting triangles Dynamic graphs & sampling
Our First NP-Complete Problem
Warm-up!! 4/19/2019 Day 6.
Carmen Pasca and John Hey
4.1 Introduction to Polynomials
Computer Networks: Switching and Queuing
Math review - scalars, vectors, and matrices
Linked List Intro CSCE 121.
Adding, Subtracting, and Multiplying Radical Expressions
Lecture 3 – Data collection List ADT
Presentation transcript:

Swarming Secrets Shlomi Dolev (BGU), Juan Garay (AT&T Labs), Niv Gilboa (BGU) Vladimir Kolesnikov (Bell Labs) Allerton 2009

Talk Outline Objectives Adversary Secret sharing Membership and thresholds Private computation in swarms –Perfectly oblivious TM –Computing transitions

Objectives Why swarms Why secrets in a swarm Dynamic membership in swarms Computation in a swarm

Adversary Honest but curious Adaptive Controls swarm members –Up to a threshold of t members What about eavesdropping? –We assume that can eavesdrop on the links (incoming and outgoing) of up to t members

Secret sharing X Y i j P(i,j) Bivariate Polynomial P(x,y) i Share of Player i P(i,y) P(x,i)

Join Hey Guys, can I play with you? I’m J! J B D C A Sure! P A (J,y), P A (x,J) P B (J,y), P B (x,J) P C (J,y), P C (x,J) P A (J,y), P A (x,J)

Leave Problem: –Member retains share after leaving –Adversary could corrupt leaving member and t current members Refreshing (Proactive Secret Sharing) –Each member shares random polynomial with free coefficient 0

Additional Operations Merge Split Clone

Increase Threshold Why do it? How – simple, add random polynomials of higher degree with P(0,0)=0

Decrease Threshold- t to t* J B D C A Choose random, Degree t* Q A (x,y) Share of Q A (x,y) Share of Q A (x,y) Share of Q A (x,y) Share of Q A (x,y) B, C, D, … also share random polynomials

Decrease Threshold- t to t* J B D C A Add local shares Add local shares Add local shares Add local shares Add local shares Interpolate P(x,y) + Q A (x,y) + Q B (x,y) +… Remove high degree terms R(x,y)

Decrease Threshold- t to t* J B D C A High mon. Of P High mon. Of P High mon. Of P High mon. Of P Compute reduced P Compute reduced P Compute reduced P Compute reduced P Compute reduced P

Computation in a Swarm A distributed system –Computational model –Communication between members –Input – we can consider global and non- global input –Changes to “software” –“Output” of computation when computation time is unbounded

What is Hidden Current state Input Software Time What is not Hidden? Space

How is it Hidden? Secret sharing –Input –State Universal TM –Software Perfectly oblivious universal TM –Time

Architecture of a Swarm TM

Perfectly Oblivious TM  Perfectly Oblivious TM Tape head Oblivious TM – Head moves as function of number of steps Perfectly Oblivious TM – Head moves as function of current position

NNYN Perfectly Oblivious TM Perfectly Oblivious TM  Tape Orig. Tape Head Transition: ( st,  )  (st2, ,right)  Transition: ( st,  )  (st1, ,left)  Tape shifts right, copy  that was in previous cell Tape shifts right, head shifts left, Y stays in place, copy  Insert result of “real” transition,  Transition: ( st,  )  (st3, ,left)  

TM Transitions    … Tape Tape head st1 st2 … st … States Transition Table st1 … … 1 …… ns,  st   ns …

Encoding States & Cells    … Tape st1 st2 … st … States 10…0 01…0 0…010…0 index st 0…010…0 index 

Computing a Transition Goal, Compute transition privately in one communication round Method, Construct new state/symbol unit vector, ns/n , from Current state - st Current symbol -  ns[k]=  st[i]  [j], for all i, j such that a transition of (i, j) gives state k Construct new symbol vector in analogous way n  [k]=  st[i]  [j], for all i, j such that a transition of (i, j) gives symbol k

Encoding State Transitions Transition Table st1 … st2  …  ns,  st1,  St1,  St2,  ns,  St2,  st2,  ns,  st  Current Transition 0 … 0 0 … 0 0*0 0* 1 0*0 1 *0 0*0 0* 1 0*0 1*11 1 ns,  ns,  ns,  ns,  1 *0 1*1 0*0 st1,  St1,  0* 1 0*0 St2,  st2,  St2,  0* 1 0*0 1 *0 0*0+0* 1 =0 … 1 *0+0* 1 +0*0=00*0+0*0+ 1*1 + 1 *0 =1 0…010…0New state is ns

Encoding Symbol Transitions Transition Table st1 … st2  …  ns,  st1,  St1,  St2,  ns,  St2,  st2,  ns,  st  Current Transition 0 … 0 0 … 0 0*0 0* 1 0*0 1 *0 0*0 0* 1 0*0 1*1 1 1 st1,  ns,  st2,  0* 1 1*1 0*0 St1,  ns,  St2,  ns,  0*0 1 *0 0*0 ns,  St2,  0*0 0* 1 0*0+0* 1 =0 … 1 *0+0*0+0*0+ 1 *0=00* 1 + 1*1 +0*0 =1 0…01 New symbol is 

What about Privacy? Goal: compute transitions privately Method –Compute new shares using the  st[i]  [j], –Reduce polynomial degree

Sharing States & Symbols Initially Encode 1 by P(x,y), P(0,0)=1 Encode 0 by Q(x,y), Q(0,0)=0 Share bivariate polynomials for state and symbol Step Compute 0*0+ 1*0+ 1*1… by –Multiplying and summing local shares –Running “Decrease” degree protocol

Thank You!!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.