TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.

Slides:



Advertisements
Similar presentations
Coin Tossing With A Man In The Middle Boaz Barak.
Advertisements

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Secure Evaluation of Multivariate Polynomials
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.
Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.
Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.
Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
How to Use Bitcoin to Design Fair Protocols Iddo Bentov (Technion) Ranjit Kumaresan (Technion) ePrint 2014/129.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.
Oblivious Transfer based on the McEliece Assumptions
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.
Survey: Secure Composition of Multiparty Protocols Yehuda Lindell IBM T.J. Watson.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
Adaptively Secure Broadcast, Revisited
How to play ANY mental game
Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/09/08 CRYP-202 Legally-Enforceable Fairness in Secure Two-Party Computation.
How to Use Bitcoin to Enhance Secure Computation Ranjit Kumaresan (MIT) Based on joint works with Iddo Bentov (Technion), Tal Moran (IDC), Guy Zyskind.
A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.
13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Rate-Limited Secure Function Evaluation 21. Public Key Cryptography, March 1 st, 2013 Özgür.
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.
Cryptography In the Bounded Quantum-Storage Model Christian Schaffner, BRICS University of Århus, Denmark ECRYPT Autumn School, Bertinoro Wednesday, October.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
Rational Cryptography Some Recent Results Jonathan Katz University of Maryland.
Input-Indistinguishable Computation Silvio MicaliMIT Rafael PassCornell Alon RosenHarvard.
Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.
How to Use Bitcoin to Design Fair Protocols Ranjit Kumaresan (MIT) Joint work with Iddo Bentov (Technion), Tal Moran (IDC Herzliya)
Cryptography In the Bounded Quantum-Storage Model
Universally Composable computation with any number of faults Ran Canetti IBM Research Joint works with Marc Fischlin, Yehuda Lindell, Rafi Ostrovsky, Tal.
Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang.
Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/08/08 CRYP-106 Efficient Fully-Simulatable Oblivious Transfer.
Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---
Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.
Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.
Universally Composable Authentication and Key-exchange with Global PKI Ran Canetti (TAU and BU) Daniel Shahaf (TAU) Margarita Vald(TAU) PKC2016 Taipei,
Efficient Leakage Resilient Circuit Compilers
Topic 36: Zero-Knowledge Proofs
The Exact Round Complexity of Secure Computation
The Exact Round Complexity of Secure Computation
Lower Bounds on Assumptions behind Indistinguishability Obfuscation
Carmit Hazay (Bar-Ilan University, Israel)
Adaptively Secure Multi-Party Computation from LWE (via Equivocal FHE)
Committed MPC Multiparty Computation from Homomorphic Commitments
Laconic Oblivious Transfer and its Applications
Outsourced Computation Verification
Course Business I am traveling April 25-May 3rd
A Tamper and Leakage Resilient von Neumann Architecture
Applications of Blockchains - III
Secure Multiparty RAM Computation in Constant Rounds
Four-Round Secure Computation without Setup
Unconditional One Time Programs and Beyond
Cryptography for Quantum Computers
Multi-Party Computation: Second year
Fiat-Shamir for Highly Sound Protocols is Instantiable
Fast Secure Computation for Small Population over the Internet
Limits of Practical Sublinear Secure Computation
Two-Round Adaptively Secure Protocols from Standard Assumptions
Impossibility of SNARGs
Oblivious Transfer.
A Light-weight Oblivious Transfer Protocol Based on Channel Noise
Presentation transcript:

TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania Polychroniadou (Aarhus University, Denmark ) Muthuramakrishnan Venkitasubramaniam (University of Rochester, New York)

Introduction of Secure MPC [Yao82,GMW87,BGW88, CCD88]

Secure Multi-Party Computation UC f(x1, x2, x3, x4) = (y1, y2 ,y3 ,y4 ) x1 x1 x1 y4 y1 x4 Goal: Correctness: Everyone computes f(x1,…,x4) Security: Nothing else but the output is revealed Adversary PPT Malicious Static x2 y3 y2 x3

Bypass Impossibility for UC security Possible: with “trusted help” E.g. Common Reference String (CRS) model [CLOS02] Motivation: Can we “eliminate” trust?

Quality of UC Composition Round Efficient Assumptions Usability Model 5 Usability Model 4 3 4 2 1

Tamper Proof Hardware Tokens Quality of UC Composition Round Efficient Our result in a nutshell: 2-round 2PC using stateless tokens from OWFs with GUC-security UC Assumptions 2 rounds Semi-honest OT G (this work) Usability UC Model 2 rounds (this work) 5 Central Trust OWFs (this work) Common Reference String (CRS) 4 Decentralized “SGX”? 3 Tamper Proof Hardware Tokens 4 2 1

Hardware Token Model GOOD NOT SO GOOD Stateless Tokens Stateful Tokens 1 Stateless Tokens Stateful Tokens x c f b0,b1 f(x) bc GOOD NOT SO GOOD Requires non-volatile memory

Hardware Token Model Attacker capability x f(x) f Transfer Tokens 1 Attacker capability x f f(x) Transfer Tokens Inject malicious code

Prior Works G OWFs 2 YES MPC [K07] [CGS09] [GISVW10] This Work 3 [K07] [CGS09] [GISVW10] [CKSYZ14] This Work Model Stateful Stateless Stateful Stateless Stateless DDH ETDP ------- CRHF OWFs Assumption Rounds O(1) O(n) O(dF) O(1) 2 G Composition UC UC UC UC UC MPC no no no no YES (ETDP & 3rnd)

Composibility in[Katz07] Framework 4 Does not provide adequate composability guarantees. Does not allow for transferability of tokens Does not implement multi-versions* of UC Do not achieve UC-MPC This Work: A new way to model Tamper-Proof Model as a Global Functionality Fglobal Prove security in the Global Universal Composability (GUC [CDPW07]) Framework Concurrent work [MMN16]: model token-based protocols in GUC.

UC GUC 𝝅 𝝅 𝝅 𝝅 Z TS Z P1 P2 P1 P2 A S P3 P4 P3 P4 F Z GS Z GS P1 P2 P1 REAL WORLD IDEAL WORLD Z GS Z GS P1 P2 P1 P2 GUC A S 𝝅 𝝅 P3 P4 P3 P4 F

Our Results Theorem 1 [2PC] Assuming OWFs, realize any (well-formed) two-party f via two-rnd blackbox cons. with GUC-security f in the Fglobal-hybrid. Corollary 1 [Thm1+IPS08]: Assuming OWFs, realize any (well-formed) multiparty f via O(1)-round blackbox cons. with GUC-security f in the Fglobal-hybrid. Theorem 2 [MPC] Assuming OWFs and ETDPs, realize any (well-formed) multiparty f via three-rnd construction with GUC-security f in the Fglobal-hybrid.

Tamper Proof hardware as Global Functionality§ Fglobal functionality Transfer* Create Retrieve: Execute

Issue with Transfers Malleability Lose extractability Transfer to honest parties Transfer to dishonest parties Malleability Honest party encodes sid into tokens Answer only if session id = sid Lose extractability Track illegitimate queries [CJS15]

Product Piece 1 – Do not delete this text box - used for hyperlinks Tamper Proof hardware as Global Functionality Create: Every party can create a token and send to another party Encode sid and answer only if prefix of query = sid sid Execute: If a party owns a token it can execute it on any input. If an ``illegal query’’ is made then record in Qsid Transfer: Adversary can transfer token from one session to another Retrieve: Every legitimate query for the current session can be retrieved. Return Qsid

Extractable Commitment from Tokens [GoyalIshaiShaiVenkatesanWadia10] P R Extract by observing query P P USE RETRIEVE !

UC Oblivious Transfer from Tokens FB B A FA Vulnerable to input-dependent abort Token aborts based on b*

UC Oblivious Transfer from Tokens FB B A FA Solve input-dependent abort: use verification checks to ensure that B’s inputs can be verified [ORS15].

MPC with tamper proof tokens Two ingredients: Embed next message function in token [a la GGHR14] Design a commit-and-prove protocol using tokens Easy Issues: Commit and prove needs to be black-box in the commitment scheme Next-message token cannot issue token-based commitments (tokens cannot invoke tokens) Design special-purpose 3-round input-delayed black-box commit and prove protocol ([HV16] gave a 6-round protocol)

Summary Designed two party protocols with stateless tokens OWFs (minimal [GISVW10]) Two rounds (minimal) Black-box GUC security Designed three-round MPC protocols with stateless tokens Used OWFs and ETDPs Better alternative to CRS based constructions (LWE/IO)? [HPV16]: Constant-round Adaptive GUC in the tamper-proof model from OWFs

Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.